versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2026-03-13 22:09:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Switch all routes to use Zod for strict validation

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-04-14 00:36:25 -10:00
parent 53fa9ca545
commit 0b1c1ba128
No known key found for this signature in database
67 changed files with 2459 additions and 2600 deletions
Download patch file Download diff file Expand all files Collapse all files

106
server/api/oauth/token/index.ts
View file

@ -1,5 +1,6 @@
import { apiRoute, applyConfig } from "@api";
import { errorResponse, jsonResponse } from "@response";
import { z } from "zod";
import { db } from "~drizzle/db";
export const meta = applyConfig({
@ -14,61 +15,68 @@ export const meta = applyConfig({
route: "/oauth/token",
});
export const schema = z.object({
grant_type: z.string(),
code: z.string(),
redirect_uri: z.string().url(),
client_id: z.string(),
client_secret: z.string(),
scope: z.string(),
});
/**
* Allows getting token from OAuth code
*/
export default apiRoute<{
grant_type: string;
code: string;
redirect_uri: string;
client_id: string;
client_secret: string;
scope: string;
}>(async (req, matchedRoute, extraData) => {
const { grant_type, code, redirect_uri, client_id, client_secret, scope } =
extraData.parsedRequest;
export default apiRoute<typeof meta, typeof schema>(
async (req, matchedRoute, extraData) => {
const {
grant_type,
code,
redirect_uri,
client_id,
client_secret,
scope,
} = extraData.parsedRequest;
if (grant_type !== "authorization_code")
return errorResponse(
"Invalid grant type (try 'authorization_code')",
400,
);
if (grant_type !== "authorization_code")
return errorResponse(
"Invalid grant type (try 'authorization_code')",
422,
);
if (!code || !redirect_uri || !client_id || !client_secret || !scope)
return errorResponse(
"Missing required parameters code, redirect_uri, client_id, client_secret, scope",
400,
);
// Get associated token
const application = await db.query.application.findFirst({
where: (application, { eq, and }) =>
and(
eq(application.clientId, client_id),
eq(application.secret, client_secret),
eq(application.redirectUris, redirect_uri),
eq(application.scopes, scope?.replaceAll("+", " ")),
),
});
// Get associated token
const application = await db.query.application.findFirst({
where: (application, { eq, and }) =>
and(
eq(application.clientId, client_id),
eq(application.secret, client_secret),
eq(application.redirectUris, redirect_uri),
eq(application.scopes, scope?.replaceAll("+", " ")),
),
});
if (!application)
return errorResponse(
"Invalid client credentials (missing application)",
401,
);
if (!application)
return errorResponse(
"Invalid client credentials (missing applicaiton)",
401,
);
const token = await db.query.token.findFirst({
where: (token, { eq }) =>
eq(token.code, code) && eq(token.applicationId, application.id),
});
const token = await db.query.token.findFirst({
where: (token, { eq }) =>
eq(token.code, code) && eq(token.applicationId, application.id),
});
if (!token)
return errorResponse(
"Invalid access token or client credentials",
401,
);
if (!token)
return errorResponse("Invalid access token or client credentials", 401);
return jsonResponse({
access_token: token.accessToken,
token_type: token.tokenType,
scope: token.scope,
created_at: new Date(token.createdAt).getTime(),
});
});
return jsonResponse({
access_token: token.accessToken,
token_type: token.tokenType,
scope: token.scope,
created_at: new Date(token.createdAt).getTime(),
});
},
);