diff --git a/package-lock.json b/package-lock.json index c21765a..91eb762 100644 --- a/package-lock.json +++ b/package-lock.json @@ -23,6 +23,7 @@ "express": "^4.18.1", "formidable": "^3.5.1", "hono": "^4.0.10", + "jose": "^5.2.4", "multer": "^1.4.5-lts.1", "node-fetch": "^3.3.2", "nodemailer": "^6.9.3", @@ -1083,6 +1084,14 @@ "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==" }, + "node_modules/jose": { + "version": "5.2.4", + "resolved": "https://registry.npmjs.org/jose/-/jose-5.2.4.tgz", + "integrity": "sha512-6ScbIk2WWCeXkmzF6bRPmEuaqy1m8SbsRFMa/FLrSCkGIhj8OLVG/IH+XHVmNMx/KUo8cVWEE6oKR4dJ+S0Rkg==", + "funding": { + "url": "https://github.com/sponsors/panva" + } + }, "node_modules/kleur": { "version": "4.1.5", "resolved": "https://registry.npmjs.org/kleur/-/kleur-4.1.5.tgz", diff --git a/package.json b/package.json index af8bc38..a91293d 100644 --- a/package.json +++ b/package.json @@ -32,6 +32,7 @@ "express": "^4.18.1", "formidable": "^3.5.1", "hono": "^4.0.10", + "jose": "^5.2.4", "multer": "^1.4.5-lts.1", "node-fetch": "^3.3.2", "nodemailer": "^6.9.3", diff --git a/src/server/lib/auth.ts b/src/server/lib/auth.ts index 783144e..fa3d572 100644 --- a/src/server/lib/auth.ts +++ b/src/server/lib/auth.ts @@ -2,22 +2,14 @@ import crypto from "crypto" import { getCookie } from "hono/cookie" import type { Context } from "hono" import { readFile, writeFile } from "fs/promises" +import { z } from "zod" +import * as jose from "jose" +import { AuthSchemas } from "./schemas/index.js" export let AuthTokens: AuthToken[] = [] export let AuthTokenTO: { [key: string]: NodeJS.Timeout } = {} -export const ValidTokenPermissions = [ - "user", // permissions to /auth/me, with email docked - "email", // adds email back to /auth/me - "private", // allows app to read private files - "upload", // allows an app to upload under an account - "manage", // allows an app to manage an account's files - "customize", // allows an app to change customization settings - "admin", // only available for accounts with admin - // gives an app access to all admin tools -] as const - -export type TokenType = "User" | "App" -export type TokenPermission = (typeof ValidTokenPermissions)[number] +export type TokenType = z.infer +export type TokenPermission = z.infer export interface AuthToken { account: string diff --git a/src/server/lib/schemas/auth.ts b/src/server/lib/schemas/auth.ts new file mode 100644 index 0000000..05d4c03 --- /dev/null +++ b/src/server/lib/schemas/auth.ts @@ -0,0 +1,24 @@ +import {z} from "zod" + +export const TokenType = z.enum(["App", "User"]) +export const TokenPermission = z.enum([ + "user", // permissions to /auth/me, with email docked + "email", // adds email back to /auth/me + "private", // allows app to read private files + "upload", // allows an app to upload under an account + "manage", // allows an app to manage an account's files + "customize", // allows an app to change customization settings + "admin", // only available for accounts with admin + // gives an app access to all admin tools +]) +const BaseToken = z.object({ + sub: z.string(), + purpose: TokenType +}) +export const JwtPayload = z.discriminatedUnion( + "purpose", + [ + BaseToken.extend({purpose: z.literal("User")}), + BaseToken.extend({purpose: z.literal("App"), permissions: z.array(TokenPermission).default(['user'])}) + ] +) \ No newline at end of file diff --git a/src/server/lib/schemas/index.ts b/src/server/lib/schemas/index.ts index 4d030ab..5689486 100644 --- a/src/server/lib/schemas/index.ts +++ b/src/server/lib/schemas/index.ts @@ -1,2 +1,3 @@ export * as AccountSchemas from "./accounts.js" -export * as FileSchemas from "./files.js" \ No newline at end of file +export * as FileSchemas from "./files.js" +export * as AuthSchemas from "./auth.js" \ No newline at end of file