initial commit

!! NOT DONE

package-lock.json

@@ -23,6 +23,7 @@
         "express": "^4.18.1",
         "formidable": "^3.5.1",
         "hono": "^4.0.10",
+        "jose": "^5.2.4",
         "multer": "^1.4.5-lts.1",
         "node-fetch": "^3.3.2",
         "nodemailer": "^6.9.3",
@@ -1083,6 +1084,14 @@
       "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
       "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ=="
     },
+    "node_modules/jose": {
+      "version": "5.2.4",
+      "resolved": "https://registry.npmjs.org/jose/-/jose-5.2.4.tgz",
+      "integrity": "sha512-6ScbIk2WWCeXkmzF6bRPmEuaqy1m8SbsRFMa/FLrSCkGIhj8OLVG/IH+XHVmNMx/KUo8cVWEE6oKR4dJ+S0Rkg==",
+      "funding": {
+        "url": "https://github.com/sponsors/panva"
+      }
+    },
     "node_modules/kleur": {
       "version": "4.1.5",
       "resolved": "https://registry.npmjs.org/kleur/-/kleur-4.1.5.tgz",

package.json

@@ -32,6 +32,7 @@
     "express": "^4.18.1",
     "formidable": "^3.5.1",
     "hono": "^4.0.10",
+    "jose": "^5.2.4",
     "multer": "^1.4.5-lts.1",
     "node-fetch": "^3.3.2",
     "nodemailer": "^6.9.3",

src/server/lib/auth.ts

@@ -2,22 +2,14 @@ import crypto from "crypto"
 import { getCookie } from "hono/cookie"
 import type { Context } from "hono"
 import { readFile, writeFile } from "fs/promises"
+import { z } from "zod"
+import * as jose from "jose"
+import { AuthSchemas } from "./schemas/index.js"
 export let AuthTokens: AuthToken[] = []
 export let AuthTokenTO: { [key: string]: NodeJS.Timeout } = {}
 
-export const ValidTokenPermissions = [
+export type TokenType = z.infer<typeof AuthSchemas.TokenType>
-    "user", // permissions to /auth/me, with email docked
+export type TokenPermission = z.infer<typeof AuthSchemas.TokenPermission>
-    "email", // adds email back to /auth/me
-    "private", // allows app to read private files
-    "upload", // allows an app to upload under an account
-    "manage", // allows an app to manage an account's files
-    "customize", // allows an app to change customization settings
-    "admin", // only available for accounts with admin
-    // gives an app access to all admin tools
-] as const
-
-export type TokenType = "User" | "App"
-export type TokenPermission = (typeof ValidTokenPermissions)[number]
 
 export interface AuthToken {
     account: string

src/server/lib/schemas/auth.ts

@@ -0,0 +1,24 @@
+import {z} from "zod"
+
+export const TokenType = z.enum(["App", "User"])
+export const TokenPermission = z.enum([
+    "user", // permissions to /auth/me, with email docked
+    "email", // adds email back to /auth/me
+    "private", // allows app to read private files
+    "upload", // allows an app to upload under an account
+    "manage", // allows an app to manage an account's files
+    "customize", // allows an app to change customization settings
+    "admin", // only available for accounts with admin
+    // gives an app access to all admin tools
+])
+const BaseToken = z.object({
+    sub: z.string(),
+    purpose: TokenType
+})
+export const JwtPayload = z.discriminatedUnion(
+    "purpose",
+    [
+        BaseToken.extend({purpose: z.literal("User")}),
+        BaseToken.extend({purpose: z.literal("App"), permissions: z.array(TokenPermission).default(['user'])})
+    ]
+)

src/server/lib/schemas/index.ts

@@ -1,2 +1,3 @@
 export * as AccountSchemas from "./accounts.js"
-export * as FileSchemas from "./files.js"
+export * as FileSchemas from "./files.js"
+export * as AuthSchemas from "./auth.js"