mirror of
https://github.com/mollersuite/monofile.git
synced 2024-11-28 16:36:27 -08:00
mirror /api/v1/session to /api/v1/account/me/access/:jti
This commit is contained in:
parent
ebcdd0c603
commit
04a34665f9
|
@ -6,7 +6,7 @@ import { z } from "zod"
|
||||||
import { AuthSchemas } from "./schemas/index.js"
|
import { AuthSchemas } from "./schemas/index.js"
|
||||||
import DbFile from "./dbfile.js"
|
import DbFile from "./dbfile.js"
|
||||||
import * as jose from "jose"
|
import * as jose from "jose"
|
||||||
import { AccountResolvable } from "./accounts.js"
|
import { AccountResolvable, resolve as resolveAccount } from "./accounts.js"
|
||||||
import config from "./config.js"
|
import config from "./config.js"
|
||||||
export let AuthTokenTO: { [key: string]: NodeJS.Timeout } = {}
|
export let AuthTokenTO: { [key: string]: NodeJS.Timeout } = {}
|
||||||
|
|
||||||
|
@ -30,7 +30,7 @@ export function create(
|
||||||
scopes?: Scope[]
|
scopes?: Scope[]
|
||||||
) {
|
) {
|
||||||
let token = AuthSchemas.AuthToken.parse({
|
let token = AuthSchemas.AuthToken.parse({
|
||||||
account,
|
account: resolveAccount(account)?.id,
|
||||||
id: crypto.randomUUID(),
|
id: crypto.randomUUID(),
|
||||||
expire: typeof expire == "number" ? Date.now() + expire : null,
|
expire: typeof expire == "number" ? Date.now() + expire : null,
|
||||||
type,
|
type,
|
||||||
|
|
|
@ -81,9 +81,8 @@ export const accountMgmtRoute: RequestHandler = async (ctx,next) => {
|
||||||
* @description Middleware which blocks requests which do not have ctx.get("account") set
|
* @description Middleware which blocks requests which do not have ctx.get("account") set
|
||||||
*/
|
*/
|
||||||
export const requiresAccount: RequestHandler = function (ctx, next) {
|
export const requiresAccount: RequestHandler = function (ctx, next) {
|
||||||
if (!ctx.get("account")) {
|
if (!ctx.get("account"))
|
||||||
return ServeError(ctx, 401, "not logged in")
|
return ServeError(ctx, 401, "not logged in")
|
||||||
}
|
|
||||||
return next()
|
return next()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -213,10 +212,7 @@ export const verifyPoi = (user: string, poi?: string, wantsMfaPoi: boolean = fal
|
||||||
export const mirror = (apiRoot: Hono, ctx: Context, url: string, init: Partial<RequestInit>) => apiRoot.fetch(
|
export const mirror = (apiRoot: Hono, ctx: Context, url: string, init: Partial<RequestInit>) => apiRoot.fetch(
|
||||||
new Request(
|
new Request(
|
||||||
(new URL(url, ctx.req.raw.url)).href,
|
(new URL(url, ctx.req.raw.url)).href,
|
||||||
{
|
Object.assign(ctx.req.raw,init)
|
||||||
...ctx.req.raw,
|
|
||||||
...init
|
|
||||||
}
|
|
||||||
),
|
),
|
||||||
ctx.env
|
ctx.env
|
||||||
)
|
)
|
|
@ -45,12 +45,15 @@ function getTargetToken(ctx: Context<HonoEnv, "/:token", BlankInput>) {
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
router.use(getAccount, requiresAccount, noAPIAccess)
|
router.use(getAccount, requiresAccount, getTarget)
|
||||||
router.all("/", getTarget) // idk if this is redundant but just in case
|
router.use("/", noAPIAccess) // idk if this is redundant but just in case
|
||||||
router.all("/:token", (ctx,next) => {
|
router.use("/:token", async (ctx,next) => {
|
||||||
let tok = getTargetToken(ctx)
|
let tok = getTargetToken(ctx)
|
||||||
|
let actingTok = auth.resolve((await auth.tokenFor(ctx))!)!
|
||||||
if (!tok)
|
if (!tok)
|
||||||
return ServeError(ctx, 404, "token not found")
|
return ServeError(ctx, 404, "token not found")
|
||||||
|
if (auth.getType(actingTok) != "User" && tok != actingTok)
|
||||||
|
return ServeError(ctx, 403, "cannot manage this token")
|
||||||
ctx.set("targetToken", tok)
|
ctx.set("targetToken", tok)
|
||||||
return next()
|
return next()
|
||||||
})
|
})
|
||||||
|
@ -91,7 +94,7 @@ export default function (files: Files) {
|
||||||
|
|
||||||
router.delete("/:token", async (ctx) => {
|
router.delete("/:token", async (ctx) => {
|
||||||
auth.invalidate(ctx.get("targetToken"))
|
auth.invalidate(ctx.get("targetToken"))
|
||||||
return ctx.text(`deleted token ${ctx.req.param("token")}`)
|
return ctx.text(`deleted token ${ctx.get("targetToken").id}`)
|
||||||
})
|
})
|
||||||
|
|
||||||
const CreateTokenScheme =
|
const CreateTokenScheme =
|
||||||
|
|
|
@ -59,14 +59,12 @@ export default function (files: Files, apiRoot: Hono) {
|
||||||
return ctx.text("logged in")
|
return ctx.text("logged in")
|
||||||
})
|
})
|
||||||
|
|
||||||
router.get("/", requiresAccount, async ctx => {
|
router.on(
|
||||||
return ctx.json(auth.resolve((await auth.tokenFor(ctx))!)!)
|
["GET","DELETE"],
|
||||||
})
|
"/",
|
||||||
|
requiresAccount,
|
||||||
router.delete("/", requiresAccount, async ctx => {
|
async ctx =>
|
||||||
auth.invalidate((await auth.tokenFor(ctx))!)
|
mirror(apiRoot, ctx, `/api/v1/account/me/access/${await auth.tokenFor(ctx)!}`, {})
|
||||||
return ctx.text("logged out")
|
)
|
||||||
})
|
|
||||||
|
|
||||||
return router
|
return router
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue