mirror of
https://github.com/mollersuite/monofile.git
synced 2024-11-21 13:36:25 -08:00
initial commit
!! NOT DONE
This commit is contained in:
parent
459c40bece
commit
3fbb481b6f
9
package-lock.json
generated
9
package-lock.json
generated
|
@ -23,6 +23,7 @@
|
|||
"express": "^4.18.1",
|
||||
"formidable": "^3.5.1",
|
||||
"hono": "^4.0.10",
|
||||
"jose": "^5.2.4",
|
||||
"multer": "^1.4.5-lts.1",
|
||||
"node-fetch": "^3.3.2",
|
||||
"nodemailer": "^6.9.3",
|
||||
|
@ -1083,6 +1084,14 @@
|
|||
"resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
|
||||
"integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ=="
|
||||
},
|
||||
"node_modules/jose": {
|
||||
"version": "5.2.4",
|
||||
"resolved": "https://registry.npmjs.org/jose/-/jose-5.2.4.tgz",
|
||||
"integrity": "sha512-6ScbIk2WWCeXkmzF6bRPmEuaqy1m8SbsRFMa/FLrSCkGIhj8OLVG/IH+XHVmNMx/KUo8cVWEE6oKR4dJ+S0Rkg==",
|
||||
"funding": {
|
||||
"url": "https://github.com/sponsors/panva"
|
||||
}
|
||||
},
|
||||
"node_modules/kleur": {
|
||||
"version": "4.1.5",
|
||||
"resolved": "https://registry.npmjs.org/kleur/-/kleur-4.1.5.tgz",
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
"express": "^4.18.1",
|
||||
"formidable": "^3.5.1",
|
||||
"hono": "^4.0.10",
|
||||
"jose": "^5.2.4",
|
||||
"multer": "^1.4.5-lts.1",
|
||||
"node-fetch": "^3.3.2",
|
||||
"nodemailer": "^6.9.3",
|
||||
|
|
|
@ -2,22 +2,14 @@ import crypto from "crypto"
|
|||
import { getCookie } from "hono/cookie"
|
||||
import type { Context } from "hono"
|
||||
import { readFile, writeFile } from "fs/promises"
|
||||
import { z } from "zod"
|
||||
import * as jose from "jose"
|
||||
import { AuthSchemas } from "./schemas/index.js"
|
||||
export let AuthTokens: AuthToken[] = []
|
||||
export let AuthTokenTO: { [key: string]: NodeJS.Timeout } = {}
|
||||
|
||||
export const ValidTokenPermissions = [
|
||||
"user", // permissions to /auth/me, with email docked
|
||||
"email", // adds email back to /auth/me
|
||||
"private", // allows app to read private files
|
||||
"upload", // allows an app to upload under an account
|
||||
"manage", // allows an app to manage an account's files
|
||||
"customize", // allows an app to change customization settings
|
||||
"admin", // only available for accounts with admin
|
||||
// gives an app access to all admin tools
|
||||
] as const
|
||||
|
||||
export type TokenType = "User" | "App"
|
||||
export type TokenPermission = (typeof ValidTokenPermissions)[number]
|
||||
export type TokenType = z.infer<typeof AuthSchemas.TokenType>
|
||||
export type TokenPermission = z.infer<typeof AuthSchemas.TokenPermission>
|
||||
|
||||
export interface AuthToken {
|
||||
account: string
|
||||
|
|
24
src/server/lib/schemas/auth.ts
Normal file
24
src/server/lib/schemas/auth.ts
Normal file
|
@ -0,0 +1,24 @@
|
|||
import {z} from "zod"
|
||||
|
||||
export const TokenType = z.enum(["App", "User"])
|
||||
export const TokenPermission = z.enum([
|
||||
"user", // permissions to /auth/me, with email docked
|
||||
"email", // adds email back to /auth/me
|
||||
"private", // allows app to read private files
|
||||
"upload", // allows an app to upload under an account
|
||||
"manage", // allows an app to manage an account's files
|
||||
"customize", // allows an app to change customization settings
|
||||
"admin", // only available for accounts with admin
|
||||
// gives an app access to all admin tools
|
||||
])
|
||||
const BaseToken = z.object({
|
||||
sub: z.string(),
|
||||
purpose: TokenType
|
||||
})
|
||||
export const JwtPayload = z.discriminatedUnion(
|
||||
"purpose",
|
||||
[
|
||||
BaseToken.extend({purpose: z.literal("User")}),
|
||||
BaseToken.extend({purpose: z.literal("App"), permissions: z.array(TokenPermission).default(['user'])})
|
||||
]
|
||||
)
|
|
@ -1,2 +1,3 @@
|
|||
export * as AccountSchemas from "./accounts.js"
|
||||
export * as FileSchemas from "./files.js"
|
||||
export * as FileSchemas from "./files.js"
|
||||
export * as AuthSchemas from "./auth.js"
|
Loading…
Reference in a new issue