mirror of
https://github.com/mollersuite/monofile.git
synced 2024-11-25 07:06:25 -08:00
initial commit
!! NOT DONE
This commit is contained in:
parent
459c40bece
commit
3fbb481b6f
9
package-lock.json
generated
9
package-lock.json
generated
|
@ -23,6 +23,7 @@
|
||||||
"express": "^4.18.1",
|
"express": "^4.18.1",
|
||||||
"formidable": "^3.5.1",
|
"formidable": "^3.5.1",
|
||||||
"hono": "^4.0.10",
|
"hono": "^4.0.10",
|
||||||
|
"jose": "^5.2.4",
|
||||||
"multer": "^1.4.5-lts.1",
|
"multer": "^1.4.5-lts.1",
|
||||||
"node-fetch": "^3.3.2",
|
"node-fetch": "^3.3.2",
|
||||||
"nodemailer": "^6.9.3",
|
"nodemailer": "^6.9.3",
|
||||||
|
@ -1083,6 +1084,14 @@
|
||||||
"resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
|
"resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
|
||||||
"integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ=="
|
"integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ=="
|
||||||
},
|
},
|
||||||
|
"node_modules/jose": {
|
||||||
|
"version": "5.2.4",
|
||||||
|
"resolved": "https://registry.npmjs.org/jose/-/jose-5.2.4.tgz",
|
||||||
|
"integrity": "sha512-6ScbIk2WWCeXkmzF6bRPmEuaqy1m8SbsRFMa/FLrSCkGIhj8OLVG/IH+XHVmNMx/KUo8cVWEE6oKR4dJ+S0Rkg==",
|
||||||
|
"funding": {
|
||||||
|
"url": "https://github.com/sponsors/panva"
|
||||||
|
}
|
||||||
|
},
|
||||||
"node_modules/kleur": {
|
"node_modules/kleur": {
|
||||||
"version": "4.1.5",
|
"version": "4.1.5",
|
||||||
"resolved": "https://registry.npmjs.org/kleur/-/kleur-4.1.5.tgz",
|
"resolved": "https://registry.npmjs.org/kleur/-/kleur-4.1.5.tgz",
|
||||||
|
|
|
@ -32,6 +32,7 @@
|
||||||
"express": "^4.18.1",
|
"express": "^4.18.1",
|
||||||
"formidable": "^3.5.1",
|
"formidable": "^3.5.1",
|
||||||
"hono": "^4.0.10",
|
"hono": "^4.0.10",
|
||||||
|
"jose": "^5.2.4",
|
||||||
"multer": "^1.4.5-lts.1",
|
"multer": "^1.4.5-lts.1",
|
||||||
"node-fetch": "^3.3.2",
|
"node-fetch": "^3.3.2",
|
||||||
"nodemailer": "^6.9.3",
|
"nodemailer": "^6.9.3",
|
||||||
|
|
|
@ -2,22 +2,14 @@ import crypto from "crypto"
|
||||||
import { getCookie } from "hono/cookie"
|
import { getCookie } from "hono/cookie"
|
||||||
import type { Context } from "hono"
|
import type { Context } from "hono"
|
||||||
import { readFile, writeFile } from "fs/promises"
|
import { readFile, writeFile } from "fs/promises"
|
||||||
|
import { z } from "zod"
|
||||||
|
import * as jose from "jose"
|
||||||
|
import { AuthSchemas } from "./schemas/index.js"
|
||||||
export let AuthTokens: AuthToken[] = []
|
export let AuthTokens: AuthToken[] = []
|
||||||
export let AuthTokenTO: { [key: string]: NodeJS.Timeout } = {}
|
export let AuthTokenTO: { [key: string]: NodeJS.Timeout } = {}
|
||||||
|
|
||||||
export const ValidTokenPermissions = [
|
export type TokenType = z.infer<typeof AuthSchemas.TokenType>
|
||||||
"user", // permissions to /auth/me, with email docked
|
export type TokenPermission = z.infer<typeof AuthSchemas.TokenPermission>
|
||||||
"email", // adds email back to /auth/me
|
|
||||||
"private", // allows app to read private files
|
|
||||||
"upload", // allows an app to upload under an account
|
|
||||||
"manage", // allows an app to manage an account's files
|
|
||||||
"customize", // allows an app to change customization settings
|
|
||||||
"admin", // only available for accounts with admin
|
|
||||||
// gives an app access to all admin tools
|
|
||||||
] as const
|
|
||||||
|
|
||||||
export type TokenType = "User" | "App"
|
|
||||||
export type TokenPermission = (typeof ValidTokenPermissions)[number]
|
|
||||||
|
|
||||||
export interface AuthToken {
|
export interface AuthToken {
|
||||||
account: string
|
account: string
|
||||||
|
|
24
src/server/lib/schemas/auth.ts
Normal file
24
src/server/lib/schemas/auth.ts
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
import {z} from "zod"
|
||||||
|
|
||||||
|
export const TokenType = z.enum(["App", "User"])
|
||||||
|
export const TokenPermission = z.enum([
|
||||||
|
"user", // permissions to /auth/me, with email docked
|
||||||
|
"email", // adds email back to /auth/me
|
||||||
|
"private", // allows app to read private files
|
||||||
|
"upload", // allows an app to upload under an account
|
||||||
|
"manage", // allows an app to manage an account's files
|
||||||
|
"customize", // allows an app to change customization settings
|
||||||
|
"admin", // only available for accounts with admin
|
||||||
|
// gives an app access to all admin tools
|
||||||
|
])
|
||||||
|
const BaseToken = z.object({
|
||||||
|
sub: z.string(),
|
||||||
|
purpose: TokenType
|
||||||
|
})
|
||||||
|
export const JwtPayload = z.discriminatedUnion(
|
||||||
|
"purpose",
|
||||||
|
[
|
||||||
|
BaseToken.extend({purpose: z.literal("User")}),
|
||||||
|
BaseToken.extend({purpose: z.literal("App"), permissions: z.array(TokenPermission).default(['user'])})
|
||||||
|
]
|
||||||
|
)
|
|
@ -1,2 +1,3 @@
|
||||||
export * as AccountSchemas from "./accounts.js"
|
export * as AccountSchemas from "./accounts.js"
|
||||||
export * as FileSchemas from "./files.js"
|
export * as FileSchemas from "./files.js"
|
||||||
|
export * as AuthSchemas from "./auth.js"
|
Loading…
Reference in a new issue