forked from hplush/slowreader
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauth.ts
More file actions
111 lines (100 loc) · 3.21 KB
/
auth.ts
File metadata and controls
111 lines (100 loc) · 3.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
import type { BaseServer } from '@logux/server'
import {
IS_PASSWORD,
IS_USER_ID,
setPassword,
SIGN_IN_ERRORS,
SIGN_UP_ERRORS,
signInEndpoint,
signOutEndpoint,
signUpEndpoint
} from '@slowreader/api'
import { verify } from 'argon2'
import cookieJs from 'cookie'
import { and, eq, sql } from 'drizzle-orm'
import { nanoid } from 'nanoid'
import type { ServerResponse } from 'node:http'
import { db, sessions, users } from '../db/index.ts'
import { ErrorResponse, jsonApi } from '../lib/http.ts'
function setSession(res: ServerResponse, value: string): void {
res.setHeader(
'Set-Cookie',
`session=${value}; HttpOnly; Path=/; SameSite=None; Secure`
)
}
async function setNewSession(
res: ServerResponse,
userId: string
): Promise<string> {
let token = nanoid()
await db.insert(sessions).values({ token, usedAt: sql`now()`, userId })
setSession(res, token)
return token
}
export default (server: BaseServer): void => {
server.auth(async ({ client, cookie, token, userId }) => {
let sessionToken = token || cookie.session
if (!sessionToken) return false
let session = await db.query.sessions.findFirst({
columns: { id: true },
where: and(eq(sessions.token, sessionToken), eq(sessions.userId, userId))
})
if (session) {
await db
.update(sessions)
.set({ clientId: client.clientId, usedAt: sql`now()` })
.where(eq(sessions.id, session.id))
/* node:coverage ignore next 3 */
.catch((error: unknown) => {
server.logger.error(error)
})
return true
} else {
return false
}
})
jsonApi(server, signInEndpoint, async (params, res) => {
let user = await db.query.users.findFirst({
where: eq(users.id, params.userId)
})
if (user?.passwordHash) {
if (await verify(user.passwordHash, params.password)) {
let token = await setNewSession(res, params.userId)
return { session: token }
}
}
return new ErrorResponse(SIGN_IN_ERRORS.INVALID_CREDENTIALS)
})
jsonApi(server, signOutEndpoint, async (params, res, req) => {
let token = params.session
if (!token) {
token = cookieJs.parse(req.headers.cookie ?? '').session
setSession(res, '')
}
if (!token) return false
let session = await db.query.sessions.findFirst({
where: eq(sessions.token, token)
})
if (session) {
for (let client of server.connected.values()) {
if (client.clientId === session.clientId) client.destroy()
}
await db.delete(sessions).where(eq(sessions.token, token))
}
return {}
})
jsonApi(server, signUpEndpoint, async (params, res) => {
let userId = params.userId
let password = params.password
if (!IS_USER_ID.test(userId) || !IS_PASSWORD.test(password)) return false
let already: object | undefined
await db.transaction(async tx => {
already = await tx.query.users.findFirst({ where: eq(users.id, userId) })
if (!already) await tx.insert(users).values({ id: userId })
})
if (already) return new ErrorResponse(SIGN_UP_ERRORS.USER_ID_TAKEN)
await server.process(setPassword({ password, userId }))
let session = await setNewSession(res, userId)
return { session, userId }
})
}