initial commit

!! NOT DONE
2024-11-21 21:36:26 -08:00 · 2024-05-01 19:48:27 +00:00 · 2024-05-01 19:48:27 +00:00 · 3fbb481b6f
parent 459c40bece
commit 3fbb481b6f
5 changed files with 41 additions and 14 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -23,6 +23,7 @@
        "express": "^4.18.1",
        "formidable": "^3.5.1",
        "hono": "^4.0.10",
+        "jose": "^5.2.4",
        "multer": "^1.4.5-lts.1",
        "node-fetch": "^3.3.2",
        "nodemailer": "^6.9.3",
@ -1083,6 +1084,14 @@
      "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
      "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ=="
    },
+    "node_modules/jose": {
+      "version": "5.2.4",
+      "resolved": "https://registry.npmjs.org/jose/-/jose-5.2.4.tgz",
+      "integrity": "sha512-6ScbIk2WWCeXkmzF6bRPmEuaqy1m8SbsRFMa/FLrSCkGIhj8OLVG/IH+XHVmNMx/KUo8cVWEE6oKR4dJ+S0Rkg==",
+      "funding": {
+        "url": "https://github.com/sponsors/panva"
+      }
+    },
    "node_modules/kleur": {
      "version": "4.1.5",
      "resolved": "https://registry.npmjs.org/kleur/-/kleur-4.1.5.tgz",
--- a/package.json
+++ b/package.json
@ -32,6 +32,7 @@
    "express": "^4.18.1",
    "formidable": "^3.5.1",
    "hono": "^4.0.10",
+    "jose": "^5.2.4",
    "multer": "^1.4.5-lts.1",
    "node-fetch": "^3.3.2",
    "nodemailer": "^6.9.3",
--- a/src/server/lib/auth.ts
+++ b/src/server/lib/auth.ts
@ -2,22 +2,14 @@ import crypto from "crypto"
 import { getCookie } from "hono/cookie"
 import type { Context } from "hono"
 import { readFile, writeFile } from "fs/promises"
+import { z } from "zod"
+import * as jose from "jose"
+import { AuthSchemas } from "./schemas/index.js"
 export let AuthTokens: AuthToken[] = []
 export let AuthTokenTO: { [key: string]: NodeJS.Timeout } = {}

-export const ValidTokenPermissions = [
-    "user", // permissions to /auth/me, with email docked
-    "email", // adds email back to /auth/me
-    "private", // allows app to read private files
-    "upload", // allows an app to upload under an account
-    "manage", // allows an app to manage an account's files
-    "customize", // allows an app to change customization settings
-    "admin", // only available for accounts with admin
-    // gives an app access to all admin tools
-] as const
-
-export type TokenType = "User" | "App"
-export type TokenPermission = (typeof ValidTokenPermissions)[number]
+export type TokenType = z.infer<typeof AuthSchemas.TokenType>
+export type TokenPermission = z.infer<typeof AuthSchemas.TokenPermission>

 export interface AuthToken {
    account: string
--- a/src/server/lib/schemas/auth.ts
+++ b/src/server/lib/schemas/auth.ts
@ -0,0 +1,24 @@
+import {z} from "zod"
+
+export const TokenType = z.enum(["App", "User"])
+export const TokenPermission = z.enum([
+    "user", // permissions to /auth/me, with email docked
+    "email", // adds email back to /auth/me
+    "private", // allows app to read private files
+    "upload", // allows an app to upload under an account
+    "manage", // allows an app to manage an account's files
+    "customize", // allows an app to change customization settings
+    "admin", // only available for accounts with admin
+    // gives an app access to all admin tools
+])
+const BaseToken = z.object({
+    sub: z.string(),
+    purpose: TokenType
+})
+export const JwtPayload = z.discriminatedUnion(
+    "purpose",
+    [
+        BaseToken.extend({purpose: z.literal("User")}),
+        BaseToken.extend({purpose: z.literal("App"), permissions: z.array(TokenPermission).default(['user'])})
+    ]
+)
--- a/src/server/lib/schemas/index.ts
+++ b/src/server/lib/schemas/index.ts
@ -1,2 +1,3 @@
 export * as AccountSchemas from "./accounts.js"
 export * as FileSchemas from "./files.js"
+export * as AuthSchemas from "./auth.js"