mirror /api/v1/session to /api/v1/account/me/access/:jti

2024-11-24 22:56:26 -08:00 · 2024-05-25 22:14:00 -07:00 · 2024-05-25 22:14:00 -07:00 · 04a34665f9
parent ebcdd0c603
commit 04a34665f9
4 changed files with 18 additions and 21 deletions
--- a/src/server/lib/auth.ts
+++ b/src/server/lib/auth.ts
@ -6,7 +6,7 @@ import { z } from "zod"
 import { AuthSchemas } from "./schemas/index.js"
 import DbFile from "./dbfile.js"
 import * as jose from "jose"
-import { AccountResolvable } from "./accounts.js"
+import { AccountResolvable, resolve as resolveAccount } from "./accounts.js"
 import config from "./config.js"
 export let AuthTokenTO: { [key: string]: NodeJS.Timeout } = {}

@ -30,7 +30,7 @@ export function create(
    scopes?: Scope[]
 ) {
    let token = AuthSchemas.AuthToken.parse({
-        account,
+        account: resolveAccount(account)?.id,
        id: crypto.randomUUID(),
        expire: typeof expire == "number" ? Date.now() + expire : null,
        type,
--- a/src/server/lib/middleware.ts
+++ b/src/server/lib/middleware.ts
@ -81,9 +81,8 @@ export const accountMgmtRoute: RequestHandler = async (ctx,next) => {
 * @description Middleware which blocks requests which do not have ctx.get("account") set
 */
 export const requiresAccount: RequestHandler = function (ctx, next) {
-    if (!ctx.get("account")) {
+    if (!ctx.get("account"))
        return ServeError(ctx, 401, "not logged in")
-    }
    return next()
 }

@ -213,10 +212,7 @@ export const verifyPoi = (user: string, poi?: string, wantsMfaPoi: boolean = fal
 export const mirror = (apiRoot: Hono, ctx: Context, url: string, init: Partial<RequestInit>) => apiRoot.fetch(
    new Request(
        (new URL(url, ctx.req.raw.url)).href, 
-            {
-                ...ctx.req.raw,
-                ...init
-            }
+            Object.assign(ctx.req.raw,init)
    ), 
    ctx.env
 )
--- a/src/server/routes/api/v1/account/access.ts
+++ b/src/server/routes/api/v1/account/access.ts
@ -45,12 +45,15 @@ function getTargetToken(ctx: Context<HonoEnv, "/:token", BlankInput>) {
    )
 }

-router.use(getAccount, requiresAccount, noAPIAccess)
-router.all("/", getTarget) // idk if this is redundant but just in case
-router.all("/:token", (ctx,next) => {
+router.use(getAccount, requiresAccount, getTarget)
+router.use("/", noAPIAccess) // idk if this is redundant but just in case
+router.use("/:token", async (ctx,next) => {
    let tok = getTargetToken(ctx)
+    let actingTok = auth.resolve((await auth.tokenFor(ctx))!)!
    if (!tok)
        return ServeError(ctx, 404, "token not found")
+    if (auth.getType(actingTok) != "User" && tok != actingTok)
+        return ServeError(ctx, 403, "cannot manage this token")
    ctx.set("targetToken", tok)
    return next()
 })
@ -91,7 +94,7 @@ export default function (files: Files) {

    router.delete("/:token", async (ctx) => {
        auth.invalidate(ctx.get("targetToken"))
-        return ctx.text(`deleted token ${ctx.req.param("token")}`)
+        return ctx.text(`deleted token ${ctx.get("targetToken").id}`)
    })

    const CreateTokenScheme = 
--- a/src/server/routes/api/v1/session.ts
+++ b/src/server/routes/api/v1/session.ts
@ -59,14 +59,12 @@ export default function (files: Files, apiRoot: Hono) {
        return ctx.text("logged in")
    })

-    router.get("/", requiresAccount, async ctx => {
-        return ctx.json(auth.resolve((await auth.tokenFor(ctx))!)!)
-    })
-
-    router.delete("/", requiresAccount, async ctx => {
-        auth.invalidate((await auth.tokenFor(ctx))!)
-        return ctx.text("logged out")
-    })
-
+    router.on(
+        ["GET","DELETE"],
+        "/",
+        requiresAccount,
+        async ctx =>
+            mirror(apiRoot, ctx, `/api/v1/account/me/access/${await auth.tokenFor(ctx)!}`, {})
+    )
    return router
 }