From 04a34665f9d52196871b92cd3e81f95eb44eb1d9 Mon Sep 17 00:00:00 2001 From: stringsplit <77242831+nbitzz@users.noreply.github.com> Date: Sat, 25 May 2024 22:14:00 -0700 Subject: [PATCH] mirror /api/v1/session to /api/v1/account/me/access/:jti --- src/server/lib/auth.ts | 4 ++-- src/server/lib/middleware.ts | 8 ++------ src/server/routes/api/v1/account/access.ts | 11 +++++++---- src/server/routes/api/v1/session.ts | 16 +++++++--------- 4 files changed, 18 insertions(+), 21 deletions(-) diff --git a/src/server/lib/auth.ts b/src/server/lib/auth.ts index dbb24a9..eb62d61 100644 --- a/src/server/lib/auth.ts +++ b/src/server/lib/auth.ts @@ -6,7 +6,7 @@ import { z } from "zod" import { AuthSchemas } from "./schemas/index.js" import DbFile from "./dbfile.js" import * as jose from "jose" -import { AccountResolvable } from "./accounts.js" +import { AccountResolvable, resolve as resolveAccount } from "./accounts.js" import config from "./config.js" export let AuthTokenTO: { [key: string]: NodeJS.Timeout } = {} @@ -30,7 +30,7 @@ export function create( scopes?: Scope[] ) { let token = AuthSchemas.AuthToken.parse({ - account, + account: resolveAccount(account)?.id, id: crypto.randomUUID(), expire: typeof expire == "number" ? Date.now() + expire : null, type, diff --git a/src/server/lib/middleware.ts b/src/server/lib/middleware.ts index 596645e..af2a49f 100644 --- a/src/server/lib/middleware.ts +++ b/src/server/lib/middleware.ts @@ -81,9 +81,8 @@ export const accountMgmtRoute: RequestHandler = async (ctx,next) => { * @description Middleware which blocks requests which do not have ctx.get("account") set */ export const requiresAccount: RequestHandler = function (ctx, next) { - if (!ctx.get("account")) { + if (!ctx.get("account")) return ServeError(ctx, 401, "not logged in") - } return next() } @@ -213,10 +212,7 @@ export const verifyPoi = (user: string, poi?: string, wantsMfaPoi: boolean = fal export const mirror = (apiRoot: Hono, ctx: Context, url: string, init: Partial) => apiRoot.fetch( new Request( (new URL(url, ctx.req.raw.url)).href, - { - ...ctx.req.raw, - ...init - } + Object.assign(ctx.req.raw,init) ), ctx.env ) \ No newline at end of file diff --git a/src/server/routes/api/v1/account/access.ts b/src/server/routes/api/v1/account/access.ts index 7f6614c..441d711 100644 --- a/src/server/routes/api/v1/account/access.ts +++ b/src/server/routes/api/v1/account/access.ts @@ -45,12 +45,15 @@ function getTargetToken(ctx: Context) { ) } -router.use(getAccount, requiresAccount, noAPIAccess) -router.all("/", getTarget) // idk if this is redundant but just in case -router.all("/:token", (ctx,next) => { +router.use(getAccount, requiresAccount, getTarget) +router.use("/", noAPIAccess) // idk if this is redundant but just in case +router.use("/:token", async (ctx,next) => { let tok = getTargetToken(ctx) + let actingTok = auth.resolve((await auth.tokenFor(ctx))!)! if (!tok) return ServeError(ctx, 404, "token not found") + if (auth.getType(actingTok) != "User" && tok != actingTok) + return ServeError(ctx, 403, "cannot manage this token") ctx.set("targetToken", tok) return next() }) @@ -91,7 +94,7 @@ export default function (files: Files) { router.delete("/:token", async (ctx) => { auth.invalidate(ctx.get("targetToken")) - return ctx.text(`deleted token ${ctx.req.param("token")}`) + return ctx.text(`deleted token ${ctx.get("targetToken").id}`) }) const CreateTokenScheme = diff --git a/src/server/routes/api/v1/session.ts b/src/server/routes/api/v1/session.ts index 4aa368d..95976d2 100644 --- a/src/server/routes/api/v1/session.ts +++ b/src/server/routes/api/v1/session.ts @@ -59,14 +59,12 @@ export default function (files: Files, apiRoot: Hono) { return ctx.text("logged in") }) - router.get("/", requiresAccount, async ctx => { - return ctx.json(auth.resolve((await auth.tokenFor(ctx))!)!) - }) - - router.delete("/", requiresAccount, async ctx => { - auth.invalidate((await auth.tokenFor(ctx))!) - return ctx.text("logged out") - }) - + router.on( + ["GET","DELETE"], + "/", + requiresAccount, + async ctx => + mirror(apiRoot, ctx, `/api/v1/account/me/access/${await auth.tokenFor(ctx)!}`, {}) + ) return router }