versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2026-03-13 05:49:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor(api): ♻️ Rewrite full authentication code to go OpenID-only

Browse source
This commit is contained in:
Jesse Wierzbinski 2025-08-21 00:45:58 +02:00
parent 4eae4cd062
commit 1bfc5fb013
No known key found for this signature in database
39 changed files with 3076 additions and 2009 deletions
Download patch file Download diff file Expand all files Collapse all files

31
utils/bull-board.ts
View file

@ -14,8 +14,7 @@ import { relationshipQueue } from "@versia-server/kit/queues/relationships";
import type { Hono } from "hono";
import { serveStatic } from "hono/bun";
import { getCookie } from "hono/cookie";
import { jwtVerify } from "jose";
import { JOSEError, JWTExpired } from "jose/errors";
import { verify } from "hono/jwt";
import type { HonoEnv } from "~/types/api";
import pkg from "../package.json" with { type: "json" };
@ -58,38 +57,18 @@ export const applyToHono = (app: Hono<HonoEnv>): void => {
throw new ApiError(401, "Missing JWT cookie");
}
const result = await jwtVerify(
const result = await verify(
jwtCookie,
config.authentication.keys.public,
{
algorithms: ["EdDSA"],
issuer: new URL(context.get("config").http.base_url).origin,
},
).catch((error) => {
if (error instanceof JOSEError) {
return error;
}
);
throw error;
});
if (result instanceof JOSEError) {
if (result instanceof JWTExpired) {
throw new ApiError(401, "JWT has expired");
}
throw new ApiError(401, "Invalid JWT");
}
const {
payload: { sub },
} = result;
const { sub } = result;
if (!sub) {
throw new ApiError(401, "Invalid JWT (no sub)");
}
const user = await User.fromId(sub);
const user = await User.fromId(sub as string);
if (!user?.hasPermission(RolePermission.ManageInstanceFederation)) {
throw new ApiError(

3
utils/lib.ts
View file

@ -9,3 +9,6 @@ export const mergeAndDeduplicate = <T extends ElementWithId>(
(element, index, self) =>
index === self.findIndex((t) => t.id === element.id),
);
export const oauthRedirectUri = (baseUrl: URL, issuer: string): URL =>
new URL(`/oauth/sso/${issuer}/callback`, baseUrl);