versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2026-03-13 22:09:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor(database): ♻️ Move Applications to our custom ORM

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-10-23 17:56:47 +02:00
parent e8827bccfa
commit 9e96eca032
No known key found for this signature in database
23 changed files with 424 additions and 381 deletions
Download patch file Download diff file Expand all files Collapse all files

43
api/api/auth/login/index.test.ts
View file

@ -1,31 +1,24 @@
import { afterAll, describe, expect, test } from "bun:test";
import { randomString } from "@/math";
import { eq } from "drizzle-orm";
import { db } from "~/drizzle/db";
import { Applications } from "~/drizzle/schema";
import { config } from "~/packages/config-manager";
import { Application } from "~/packages/database-interface/application.ts";
import { fakeRequest, getTestUsers } from "~/tests/utils";
import { meta } from "./index.ts";
const { users, deleteUsers, passwords } = await getTestUsers(1);
// Create application
const application = (
await db
.insert(Applications)
.values({
name: "Test Application",
clientId: randomString(32, "hex"),
secret: "test",
redirectUri: "https://example.com",
scopes: "read write",
})
.returning()
)[0];
const application = await Application.insert({
name: "Test Application",
clientId: randomString(32, "hex"),
secret: "test",
redirectUri: "https://example.com",
scopes: "read write",
});
afterAll(async () => {
await deleteUsers();
await db.delete(Applications).where(eq(Applications.id, application.id));
await application.delete();
});
// /api/auth/login
@ -37,7 +30,7 @@ describe(meta.route, () => {
formData.append("password", passwords[0]);
const response = await fakeRequest(
`/api/auth/login?client_id=${application.clientId}&redirect_uri=https://example.com&response_type=code&scope=read+write`,
`/api/auth/login?client_id=${application.data.clientId}&redirect_uri=https://example.com&response_type=code&scope=read+write`,
{
method: "POST",
body: formData,
@ -53,7 +46,7 @@ describe(meta.route, () => {
expect(locationHeader.pathname).toBe("/oauth/consent");
expect(locationHeader.searchParams.get("client_id")).toBe(
application.clientId,
application.data.clientId,
);
expect(locationHeader.searchParams.get("redirect_uri")).toBe(
"https://example.com",
@ -71,7 +64,7 @@ describe(meta.route, () => {
formData.append("password", passwords[0]);
const response = await fakeRequest(
`/api/auth/login?client_id=${application.clientId}&redirect_uri=https://example.com&response_type=code&scope=read+write`,
`/api/auth/login?client_id=${application.data.clientId}&redirect_uri=https://example.com&response_type=code&scope=read+write`,
{
method: "POST",
body: formData,
@ -87,7 +80,7 @@ describe(meta.route, () => {
expect(locationHeader.pathname).toBe("/oauth/consent");
expect(locationHeader.searchParams.get("client_id")).toBe(
application.clientId,
application.data.clientId,
);
expect(locationHeader.searchParams.get("redirect_uri")).toBe(
"https://example.com",
@ -105,7 +98,7 @@ describe(meta.route, () => {
formData.append("password", passwords[0]);
const response = await fakeRequest(
`/api/auth/login?client_id=${application.clientId}&redirect_uri=https://example.com&response_type=code&scope=read+write&state=abc`,
`/api/auth/login?client_id=${application.data.clientId}&redirect_uri=https://example.com&response_type=code&scope=read+write&state=abc`,
{
method: "POST",
body: formData,
@ -121,7 +114,7 @@ describe(meta.route, () => {
expect(locationHeader.pathname).toBe("/oauth/consent");
expect(locationHeader.searchParams.get("client_id")).toBe(
application.clientId,
application.data.clientId,
);
expect(locationHeader.searchParams.get("redirect_uri")).toBe(
"https://example.com",
@ -142,7 +135,7 @@ describe(meta.route, () => {
formData.append("password", "password");
const response = await fakeRequest(
`/api/auth/login?client_id=${application.clientId}&redirect_uri=https://example.com&response_type=code&scope=read+write`,
`/api/auth/login?client_id=${application.data.clientId}&redirect_uri=https://example.com&response_type=code&scope=read+write`,
{
method: "POST",
@ -175,7 +168,7 @@ describe(meta.route, () => {
formData.append("password", "password");
const response = await fakeRequest(
`/api/auth/login?client_id=${application.clientId}&redirect_uri=https://example.com&response_type=code&scope=read+write`,
`/api/auth/login?client_id=${application.data.clientId}&redirect_uri=https://example.com&response_type=code&scope=read+write`,
{
method: "POST",
body: formData,
@ -207,7 +200,7 @@ describe(meta.route, () => {
formData.append("password", "password");
const response = await fakeRequest(
`/api/auth/login?client_id=${application.clientId}&redirect_uri=https://example.com&response_type=code&scope=read+write`,
`/api/auth/login?client_id=${application.data.clientId}&redirect_uri=https://example.com&response_type=code&scope=read+write`,
{
method: "POST",
body: formData,

12
api/api/auth/login/index.ts
View file

@ -5,9 +5,9 @@ import { createRoute } from "@hono/zod-openapi";
import { eq, or } from "drizzle-orm";
import { SignJWT } from "jose";
import { z } from "zod";
import { db } from "~/drizzle/db";
import { Users } from "~/drizzle/schema";
import { config } from "~/packages/config-manager";
import { Application } from "~/packages/database-interface/application";
import { User } from "~/packages/database-interface/user";
export const meta = applyConfig({
@ -197,20 +197,18 @@ export default apiRoute((app) =>
.setProtectedHeader({ alg: "EdDSA" })
.sign(privateKey);
const application = await db.query.Applications.findFirst({
where: (app, { eq }) => eq(app.clientId, client_id),
});
const application = await Application.fromClientId(client_id);
if (!application) {
return context.json({ error: "Invalid application" }, 400);
}
const searchParams = new URLSearchParams({
application: application.name,
application: application.data.name,
});
if (application.website) {
searchParams.append("website", application.website);
if (application.data.website) {
searchParams.append("website", application.data.website);
}
// Add all data that is not undefined except email and password

33
api/api/auth/reset/index.test.ts
View file

@ -1,9 +1,7 @@
import { afterAll, describe, expect, test } from "bun:test";
import { randomString } from "@/math";
import { eq } from "drizzle-orm";
import { db } from "~/drizzle/db";
import { Applications } from "~/drizzle/schema";
import { config } from "~/packages/config-manager";
import { Application } from "~/packages/database-interface/application.ts";
import { fakeRequest, getTestUsers } from "~/tests/utils";
import { meta } from "./index.ts";
@ -12,22 +10,17 @@ const token = randomString(32, "hex");
const newPassword = randomString(16, "hex");
// Create application
const application = (
await db
.insert(Applications)
.values({
name: "Test Application",
clientId: randomString(32, "hex"),
secret: "test",
redirectUri: "https://example.com",
scopes: "read write",
})
.returning()
)[0];
const application = await Application.insert({
name: "Test Application",
clientId: randomString(32, "hex"),
secret: "test",
redirectUri: "https://example.com",
scopes: "read write",
});
afterAll(async () => {
await deleteUsers();
await db.delete(Applications).where(eq(Applications.id, application.id));
await application.delete();
});
// /api/auth/reset
@ -39,7 +32,7 @@ describe(meta.route, () => {
formData.append("password", passwords[0]);
const response = await fakeRequest(
`/api/auth/login?client_id=${application.clientId}&redirect_uri=https://example.com&response_type=code&scope=read+write`,
`/api/auth/login?client_id=${application.data.clientId}&redirect_uri=https://example.com&response_type=code&scope=read+write`,
{
method: "POST",
@ -62,7 +55,7 @@ describe(meta.route, () => {
formData.append("password", passwords[0]);
const response = await fakeRequest(
`/api/auth/login?client_id=${application.clientId}&redirect_uri=https://example.com&response_type=code&scope=read+write`,
`/api/auth/login?client_id=${application.data.clientId}&redirect_uri=https://example.com&response_type=code&scope=read+write`,
{
method: "POST",
body: formData,
@ -101,7 +94,7 @@ describe(meta.route, () => {
loginFormData.append("password", newPassword);
const loginResponse = await fakeRequest(
`/api/auth/login?client_id=${application.clientId}&redirect_uri=https://example.com&response_type=code&scope=read+write`,
`/api/auth/login?client_id=${application.data.clientId}&redirect_uri=https://example.com&response_type=code&scope=read+write`,
{
method: "POST",
body: loginFormData,
@ -117,7 +110,7 @@ describe(meta.route, () => {
expect(locationHeader.pathname).toBe("/oauth/consent");
expect(locationHeader.searchParams.get("client_id")).toBe(
application.clientId,
application.data.clientId,
);
expect(locationHeader.searchParams.get("redirect_uri")).toBe(
"https://example.com",

37
api/api/v1/apps/index.ts
View file

@ -2,8 +2,8 @@ import { apiRoute, applyConfig, jsonOrForm } from "@/api";
import { randomString } from "@/math";
import { createRoute } from "@hono/zod-openapi";
import { z } from "zod";
import { db } from "~/drizzle/db";
import { Applications, RolePermissions } from "~/drizzle/schema";
import { RolePermissions } from "~/drizzle/schema";
import { Application } from "~/packages/database-interface/application";
export const meta = applyConfig({
route: "/api/v1/apps",
@ -81,29 +81,24 @@ export default apiRoute((app) =>
const { client_name, redirect_uris, scopes, website } =
context.req.valid("json");
const app = (
await db
.insert(Applications)
.values({
name: client_name || "",
redirectUri: decodeURI(redirect_uris) || "",
scopes: scopes || "read",
website: website || null,
clientId: randomString(32, "base64url"),
secret: randomString(64, "base64url"),
})
.returning()
)[0];
const app = await Application.insert({
name: client_name || "",
redirectUri: decodeURI(redirect_uris) || "",
scopes: scopes || "read",
website: website || null,
clientId: randomString(32, "base64url"),
secret: randomString(64, "base64url"),
});
return context.json(
{
id: app.id,
name: app.name,
website: app.website,
client_id: app.clientId,
client_secret: app.secret,
redirect_uri: app.redirectUri,
vapid_link: app.vapidKey,
name: app.data.name,
website: app.data.website,
client_id: app.data.clientId,
client_secret: app.data.secret,
redirect_uri: app.data.redirectUri,
vapid_link: app.data.vapidKey,
},
200,
);

22
api/api/v1/apps/verify_credentials/index.ts
View file

@ -1,7 +1,7 @@
import { apiRoute, applyConfig, auth } from "@/api";
import { createRoute, z } from "@hono/zod-openapi";
import { getFromToken } from "~/classes/functions/application";
import { createRoute } from "@hono/zod-openapi";
import { RolePermissions } from "~/drizzle/schema";
import { Application } from "~/packages/database-interface/application";
import { ErrorSchema } from "~/types/api";
export const meta = applyConfig({
@ -29,13 +29,7 @@ const route = createRoute({
description: "Application",
content: {
"application/json": {
schema: z.object({
name: z.string(),
website: z.string().nullable(),
vapid_key: z.string().nullable(),
redirect_uris: z.string(),
scopes: z.string(),
}),
schema: Application.schema,
},
},
},
@ -61,7 +55,7 @@ export default apiRoute((app) =>
return context.json({ error: "Unauthorized" }, 401);
}
const application = await getFromToken(token);
const application = await Application.getFromToken(token);
if (!application) {
return context.json({ error: "Unauthorized" }, 401);
@ -69,11 +63,9 @@ export default apiRoute((app) =>
return context.json(
{
name: application.name,
website: application.website,
vapid_key: application.vapidKey,
redirect_uris: application.redirectUri,
scopes: application.scopes,
...application.toApi(),
redirect_uris: application.data.redirectUri,
scopes: application.data.scopes,
},
200,
);