2024-09-25 12:31:35 +02:00
|
|
|
import { auth } from "@/api";
|
|
|
|
|
import { proxyUrl } from "@/response";
|
|
|
|
|
import { createRoute, z } from "@hono/zod-openapi";
|
2024-09-30 14:34:43 +02:00
|
|
|
import { db } from "@versia/kit/db";
|
2024-11-02 00:43:33 +01:00
|
|
|
import { type SQL, eq } from "@versia/kit/drizzle";
|
2024-09-30 14:34:43 +02:00
|
|
|
import { OpenIdAccounts, RolePermissions } from "@versia/kit/tables";
|
2024-09-25 12:31:35 +02:00
|
|
|
import type { PluginType } from "~/plugins/openid";
|
|
|
|
|
import { ErrorSchema } from "~/types/api";
|
|
|
|
|
|
2024-11-02 00:43:33 +01:00
|
|
|
export default (plugin: PluginType): void => {
|
2024-09-25 12:31:35 +02:00
|
|
|
plugin.registerRoute("/api/v1/sso", (app) => {
|
|
|
|
|
app.openapi(
|
|
|
|
|
createRoute({
|
|
|
|
|
method: "get",
|
|
|
|
|
path: "/api/v1/sso/{id}",
|
|
|
|
|
summary: "Get linked account",
|
|
|
|
|
middleware: [
|
|
|
|
|
auth(
|
|
|
|
|
{
|
|
|
|
|
required: true,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
required: [RolePermissions.OAuth],
|
|
|
|
|
},
|
|
|
|
|
),
|
|
|
|
|
plugin.middleware,
|
|
|
|
|
],
|
|
|
|
|
request: {
|
|
|
|
|
params: z.object({
|
|
|
|
|
id: z.string(),
|
|
|
|
|
}),
|
|
|
|
|
},
|
|
|
|
|
responses: {
|
|
|
|
|
200: {
|
|
|
|
|
description: "Linked account",
|
|
|
|
|
content: {
|
|
|
|
|
"application/json": {
|
|
|
|
|
schema: z.object({
|
|
|
|
|
id: z.string(),
|
|
|
|
|
name: z.string(),
|
|
|
|
|
icon: z.string().optional(),
|
|
|
|
|
}),
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
401: {
|
|
|
|
|
description: "Unauthorized",
|
|
|
|
|
content: {
|
|
|
|
|
"application/json": {
|
|
|
|
|
schema: ErrorSchema,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
404: {
|
|
|
|
|
description: "Account not found",
|
|
|
|
|
content: {
|
|
|
|
|
"application/json": {
|
|
|
|
|
schema: ErrorSchema,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}),
|
|
|
|
|
async (context) => {
|
|
|
|
|
const { id: issuerId } = context.req.valid("param");
|
|
|
|
|
const { user } = context.get("auth");
|
|
|
|
|
|
|
|
|
|
if (!user) {
|
|
|
|
|
return context.json(
|
|
|
|
|
{
|
|
|
|
|
error: "Unauthorized",
|
|
|
|
|
},
|
|
|
|
|
401,
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const issuer = context
|
|
|
|
|
.get("pluginConfig")
|
|
|
|
|
.providers.find((provider) => provider.id === issuerId);
|
|
|
|
|
|
|
|
|
|
if (!issuer) {
|
|
|
|
|
return context.json(
|
|
|
|
|
{
|
|
|
|
|
error: `Issuer with ID ${issuerId} not found in instance's OpenID configuration`,
|
|
|
|
|
},
|
|
|
|
|
404,
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const account = await db.query.OpenIdAccounts.findFirst({
|
2024-11-02 00:43:33 +01:00
|
|
|
where: (account, { eq, and }): SQL | undefined =>
|
2024-09-25 12:31:35 +02:00
|
|
|
and(
|
|
|
|
|
eq(account.userId, user.id),
|
|
|
|
|
eq(account.issuerId, issuerId),
|
|
|
|
|
),
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
if (!account) {
|
|
|
|
|
return context.json(
|
|
|
|
|
{
|
|
|
|
|
error: "Account not found or is not linked to this issuer",
|
|
|
|
|
},
|
|
|
|
|
404,
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return context.json(
|
|
|
|
|
{
|
|
|
|
|
id: issuer.id,
|
|
|
|
|
name: issuer.name,
|
|
|
|
|
icon: proxyUrl(issuer.icon) ?? undefined,
|
|
|
|
|
},
|
|
|
|
|
200,
|
|
|
|
|
);
|
|
|
|
|
},
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
app.openapi(
|
|
|
|
|
createRoute({
|
|
|
|
|
method: "delete",
|
|
|
|
|
path: "/api/v1/sso/{id}",
|
|
|
|
|
summary: "Unlink account",
|
|
|
|
|
middleware: [
|
|
|
|
|
auth(
|
|
|
|
|
{
|
|
|
|
|
required: true,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
required: [RolePermissions.OAuth],
|
|
|
|
|
},
|
|
|
|
|
),
|
|
|
|
|
plugin.middleware,
|
|
|
|
|
],
|
|
|
|
|
request: {
|
|
|
|
|
params: z.object({
|
|
|
|
|
id: z.string(),
|
|
|
|
|
}),
|
|
|
|
|
},
|
|
|
|
|
responses: {
|
|
|
|
|
204: {
|
|
|
|
|
description: "Account unlinked",
|
|
|
|
|
},
|
|
|
|
|
401: {
|
|
|
|
|
description: "Unauthorized",
|
|
|
|
|
content: {
|
|
|
|
|
"application/json": {
|
|
|
|
|
schema: ErrorSchema,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
404: {
|
|
|
|
|
description: "Account not found",
|
|
|
|
|
content: {
|
|
|
|
|
"application/json": {
|
|
|
|
|
schema: ErrorSchema,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}),
|
|
|
|
|
async (context) => {
|
|
|
|
|
const { id: issuerId } = context.req.valid("param");
|
|
|
|
|
const { user } = context.get("auth");
|
|
|
|
|
|
|
|
|
|
if (!user) {
|
|
|
|
|
return context.json({ error: "Unauthorized" }, 401);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check if issuer exists
|
|
|
|
|
const issuer = context
|
|
|
|
|
.get("pluginConfig")
|
|
|
|
|
.providers.find((provider) => provider.id === issuerId);
|
|
|
|
|
|
|
|
|
|
if (!issuer) {
|
|
|
|
|
return context.json(
|
|
|
|
|
{
|
|
|
|
|
error: `Issuer with ID ${issuerId} not found in instance's OpenID configuration`,
|
|
|
|
|
},
|
|
|
|
|
404,
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const account = await db.query.OpenIdAccounts.findFirst({
|
2024-11-02 00:43:33 +01:00
|
|
|
where: (account, { eq, and }): SQL | undefined =>
|
2024-09-25 12:31:35 +02:00
|
|
|
and(
|
|
|
|
|
eq(account.userId, user.id),
|
|
|
|
|
eq(account.issuerId, issuerId),
|
|
|
|
|
),
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
if (!account) {
|
|
|
|
|
return context.json(
|
|
|
|
|
{
|
|
|
|
|
error: "Account not found or is not linked to this issuer",
|
|
|
|
|
},
|
|
|
|
|
404,
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
await db
|
|
|
|
|
.delete(OpenIdAccounts)
|
|
|
|
|
.where(eq(OpenIdAccounts.id, account.id));
|
|
|
|
|
|
|
|
|
|
return context.newResponse(null, 204);
|
|
|
|
|
},
|
|
|
|
|
);
|
|
|
|
|
});
|
|
|
|
|
};
|
