versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2025-12-06 16:38:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
server/plugins/openid/routes/oauth/token.ts

207 lines
8.3 KiB
TypeScript
Raw Normal View History

refactor(database): :recycle: Move Token to its own ORM abstraction, optimize familiar_followers route
2024-11-03 17:45:21 +01:00
import { Application, Token } from "@versia/kit/db";
refactor(plugin): :recycle: Add more exports to @versia/kit for database behaviour
2024-09-30 14:34:43 +02:00
import { Tokens } from "@versia/kit/tables";
refactor: :truck: Organize code into sub-packages, instead of a single large package
2025-06-15 04:38:20 +02:00
import { and, eq } from "drizzle-orm";
refactor(api): :recycle: Move from @hono/zod-openapi to hono-openapi hono-openapi is easier to work with and generates better OpenAPI definitions
2025-03-29 03:30:06 +01:00
import { describeRoute } from "hono-openapi";
import { resolver, validator } from "hono-openapi/zod";
import { z } from "zod";
chore: :arrow_up: Upgrade to Biome 2.0
2025-04-10 19:15:31 +02:00
import { handleZodError, jsonOrForm } from "@/api";
refactor: :truck: Explicitely add extensions to all imports
2024-10-04 15:22:48 +02:00
import type { PluginType } from "../../index.ts";
refactor(api): :recycle: Move token endpoint to OpenID plugin, add revoke endpoint
2024-09-30 13:42:12 +02:00
refactor: :recycle: Always use explicit types in every function
2024-11-02 00:43:33 +01:00
export default (plugin: PluginType): void => {
refactor(api): :recycle: Move token endpoint to OpenID plugin, add revoke endpoint
2024-09-30 13:42:12 +02:00
plugin.registerRoute("/oauth/token", (app) => {
refactor(api): :recycle: Move from @hono/zod-openapi to hono-openapi hono-openapi is easier to work with and generates better OpenAPI definitions
2025-03-29 03:30:06 +01:00
app.post(
"/oauth/token",
describeRoute({
refactor(api): :recycle: Move token endpoint to OpenID plugin, add revoke endpoint
2024-09-30 13:42:12 +02:00
summary: "Get token",
fix(api): :bug: Add tags to all API routes that were missing one
2025-03-28 22:12:07 +01:00
tags: ["OpenID"],
refactor(api): :recycle: Move token endpoint to OpenID plugin, add revoke endpoint
2024-09-30 13:42:12 +02:00
responses: {
200: {
description: "Token",
content: {
"application/json": {
refactor(api): :recycle: Move from @hono/zod-openapi to hono-openapi hono-openapi is easier to work with and generates better OpenAPI definitions
2025-03-29 03:30:06 +01:00
schema: resolver(
z.object({
access_token: z.string(),
token_type: z.string(),
expires_in: z
.number()
.optional()
.nullable(),
id_token: z
.string()
.optional()
.nullable(),
refresh_token: z
.string()
.optional()
.nullable(),
scope: z.string().optional(),
created_at: z.number(),
}),
),
refactor(api): :recycle: Move token endpoint to OpenID plugin, add revoke endpoint
2024-09-30 13:42:12 +02:00
},
},
},
401: {
description: "Authorization error",
content: {
"application/json": {
refactor(api): :recycle: Move from @hono/zod-openapi to hono-openapi hono-openapi is easier to work with and generates better OpenAPI definitions
2025-03-29 03:30:06 +01:00
schema: resolver(
z.object({
error: z.string(),
error_description: z.string(),
}),
),
refactor(api): :recycle: Move token endpoint to OpenID plugin, add revoke endpoint
2024-09-30 13:42:12 +02:00
},
},
},
},
}),
refactor(api): :recycle: Move from @hono/zod-openapi to hono-openapi hono-openapi is easier to work with and generates better OpenAPI definitions
2025-03-29 03:30:06 +01:00
jsonOrForm(),
plugin.middleware,
validator(
"json",
z.object({
code: z.string().optional(),
code_verifier: z.string().optional(),
grant_type: z
.enum([
"authorization_code",
"refresh_token",
"client_credentials",
"password",
"urn:ietf:params:oauth:grant-type:device_code",
"urn:ietf:params:oauth:grant-type:token-exchange",
"urn:ietf:params:oauth:grant-type:saml2-bearer",
"urn:openid:params:grant-type:ciba",
])
.default("authorization_code"),
client_id: z.string().optional(),
client_secret: z.string().optional(),
username: z.string().trim().optional(),
password: z.string().trim().optional(),
redirect_uri: z.string().url().optional(),
refresh_token: z.string().optional(),
scope: z.string().optional(),
assertion: z.string().optional(),
audience: z.string().optional(),
subject_token_type: z.string().optional(),
subject_token: z.string().optional(),
actor_token_type: z.string().optional(),
actor_token: z.string().optional(),
auth_req_id: z.string().optional(),
}),
handleZodError,
),
refactor(api): :recycle: Move token endpoint to OpenID plugin, add revoke endpoint
2024-09-30 13:42:12 +02:00
async (context) => {
const {
grant_type,
code,
redirect_uri,
client_id,
client_secret,
} = context.req.valid("json");
switch (grant_type) {
case "authorization_code": {
if (!code) {
return context.json(
{
error: "invalid_request",
error_description: "Code is required",
},
401,
);
}
if (!redirect_uri) {
return context.json(
{
error: "invalid_request",
error_description:
"Redirect URI is required",
},
401,
);
}
if (!client_id) {
return context.json(
{
error: "invalid_request",
error_description: "Client ID is required",
},
401,
);
}
// Verify the client_secret
refactor(database): :recycle: Move Applications to our custom ORM
2024-10-23 17:56:47 +02:00
const client =
await Application.fromClientId(client_id);
refactor(api): :recycle: Move token endpoint to OpenID plugin, add revoke endpoint
2024-09-30 13:42:12 +02:00
refactor(database): :recycle: Move Applications to our custom ORM
2024-10-23 17:56:47 +02:00
if (!client || client.data.secret !== client_secret) {
refactor(api): :recycle: Move token endpoint to OpenID plugin, add revoke endpoint
2024-09-30 13:42:12 +02:00
return context.json(
{
error: "invalid_client",
error_description:
"Invalid client credentials",
},
401,
);
}
refactor(database): :recycle: Move Token to its own ORM abstraction, optimize familiar_followers route
2024-11-03 17:45:21 +01:00
const token = await Token.fromSql(
and(
eq(Tokens.code, code),
eq(Tokens.redirectUri, decodeURI(redirect_uri)),
eq(Tokens.clientId, client_id),
),
);
refactor(api): :recycle: Move token endpoint to OpenID plugin, add revoke endpoint
2024-09-30 13:42:12 +02:00
if (!token) {
return context.json(
{
error: "invalid_grant",
error_description: "Code not found",
},
401,
);
}
// Invalidate the code
refactor(database): :recycle: Move Token to its own ORM abstraction, optimize familiar_followers route
2024-11-03 17:45:21 +01:00
await token.update({ code: null });
refactor(api): :recycle: Move token endpoint to OpenID plugin, add revoke endpoint
2024-09-30 13:42:12 +02:00
return context.json(
{
refactor(database): :recycle: Move Token to its own ORM abstraction, optimize familiar_followers route
2024-11-03 17:45:21 +01:00
...token.toApi(),
expires_in: token.data.expiresAt
refactor(api): :recycle: Move token endpoint to OpenID plugin, add revoke endpoint
2024-09-30 13:42:12 +02:00
? Math.floor(
refactor(database): :recycle: Move Token to its own ORM abstraction, optimize familiar_followers route
2024-11-03 17:45:21 +01:00
(new Date(
token.data.expiresAt,
).getTime() -
refactor(api): :recycle: Move token endpoint to OpenID plugin, add revoke endpoint
2024-09-30 13:42:12 +02:00
Date.now()) /
1000,
)
: null,
refactor(database): :recycle: Move Token to its own ORM abstraction, optimize familiar_followers route
2024-11-03 17:45:21 +01:00
id_token: token.data.idToken,
refactor(api): :recycle: Move token endpoint to OpenID plugin, add revoke endpoint
2024-09-30 13:42:12 +02:00
refresh_token: null,
},
200,
);
}
refactor: :rotating_light: Add empty default case to OpenID grant_type handler
2024-10-03 19:06:24 +02:00
default:
refactor(api): :recycle: Move token endpoint to OpenID plugin, add revoke endpoint
2024-09-30 13:42:12 +02:00
}
return context.json(
{
error: "unsupported_grant_type",
error_description: "Unsupported grant type",
},
401,
);
},
);
});
};
Reference in a new issue Copy permalink