versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2025-12-06 16:38:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(api): 🚑 Fix using an incorrect email or password giving weird errors

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-04-28 13:47:14 -10:00
parent 48f2fa1b94
commit aee47e6df4
No known key found for this signature in database
7 changed files with 2156 additions and 2373 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3776
drizzle/meta/0021_snapshot.json
View file

File diff suppressed because it is too large Load diff

318
drizzle/meta/_journal.json
View file

@ -1,160 +1,160 @@
{
"version": "5",
"dialect": "pg",
"entries": [
{
"idx": 0,
"version": "5",
"when": 1712805159664,
"tag": "0000_illegal_living_lightning",
"breakpoints": true
},
{
"idx": 1,
"version": "5",
"when": 1713055774123,
"tag": "0001_salty_night_thrasher",
"breakpoints": true
},
{
"idx": 2,
"version": "5",
"when": 1713056370431,
"tag": "0002_stiff_ares",
"breakpoints": true
},
{
"idx": 3,
"version": "5",
"when": 1713056528340,
"tag": "0003_spicy_arachne",
"breakpoints": true
},
{
"idx": 4,
"version": "5",
"when": 1713056712218,
"tag": "0004_burly_lockjaw",
"breakpoints": true
},
{
"idx": 5,
"version": "5",
"when": 1713056917973,
"tag": "0005_sleepy_puma",
"breakpoints": true
},
{
"idx": 6,
"version": "5",
"when": 1713057159867,
"tag": "0006_messy_network",
"breakpoints": true
},
{
"idx": 7,
"version": "5",
"when": 1713227918208,
"tag": "0007_naive_sleeper",
"breakpoints": true
},
{
"idx": 8,
"version": "5",
"when": 1713246700119,
"tag": "0008_flawless_brother_voodoo",
"breakpoints": true
},
{
"idx": 9,
"version": "5",
"when": 1713327832438,
"tag": "0009_easy_slyde",
"breakpoints": true
},
{
"idx": 10,
"version": "5",
"when": 1713327880929,
"tag": "0010_daffy_frightful_four",
"breakpoints": true
},
{
"idx": 11,
"version": "5",
"when": 1713333611707,
"tag": "0011_special_the_fury",
"breakpoints": true
},
{
"idx": 12,
"version": "5",
"when": 1713336108114,
"tag": "0012_certain_thor_girl",
"breakpoints": true
},
{
"idx": 13,
"version": "5",
"when": 1713336611301,
"tag": "0013_wandering_celestials",
"breakpoints": true
},
{
"idx": 14,
"version": "5",
"when": 1713389937821,
"tag": "0014_wonderful_sandman",
"breakpoints": true
},
{
"idx": 15,
"version": "5",
"when": 1713399438164,
"tag": "0015_easy_mojo",
"breakpoints": true
},
{
"idx": 16,
"version": "5",
"when": 1713413369623,
"tag": "0016_keen_mindworm",
"breakpoints": true
},
{
"idx": 17,
"version": "5",
"when": 1713417089150,
"tag": "0017_dusty_black_knight",
"breakpoints": true
},
{
"idx": 18,
"version": "5",
"when": 1713418575392,
"tag": "0018_rapid_hairball",
"breakpoints": true
},
{
"idx": 19,
"version": "5",
"when": 1713421706451,
"tag": "0019_mushy_lorna_dane",
"breakpoints": true
},
{
"idx": 20,
"version": "5",
"when": 1714017186457,
"tag": "0020_giant_the_stranger",
"breakpoints": true
},
{
"idx": 21,
"version": "5",
"when": 1714165180389,
"tag": "0021_wise_stephen_strange",
"breakpoints": true
}
]
}
"version": "5",
"dialect": "pg",
"entries": [
{
"idx": 0,
"version": "5",
"when": 1712805159664,
"tag": "0000_illegal_living_lightning",
"breakpoints": true
},
{
"idx": 1,
"version": "5",
"when": 1713055774123,
"tag": "0001_salty_night_thrasher",
"breakpoints": true
},
{
"idx": 2,
"version": "5",
"when": 1713056370431,
"tag": "0002_stiff_ares",
"breakpoints": true
},
{
"idx": 3,
"version": "5",
"when": 1713056528340,
"tag": "0003_spicy_arachne",
"breakpoints": true
},
{
"idx": 4,
"version": "5",
"when": 1713056712218,
"tag": "0004_burly_lockjaw",
"breakpoints": true
},
{
"idx": 5,
"version": "5",
"when": 1713056917973,
"tag": "0005_sleepy_puma",
"breakpoints": true
},
{
"idx": 6,
"version": "5",
"when": 1713057159867,
"tag": "0006_messy_network",
"breakpoints": true
},
{
"idx": 7,
"version": "5",
"when": 1713227918208,
"tag": "0007_naive_sleeper",
"breakpoints": true
},
{
"idx": 8,
"version": "5",
"when": 1713246700119,
"tag": "0008_flawless_brother_voodoo",
"breakpoints": true
},
{
"idx": 9,
"version": "5",
"when": 1713327832438,
"tag": "0009_easy_slyde",
"breakpoints": true
},
{
"idx": 10,
"version": "5",
"when": 1713327880929,
"tag": "0010_daffy_frightful_four",
"breakpoints": true
},
{
"idx": 11,
"version": "5",
"when": 1713333611707,
"tag": "0011_special_the_fury",
"breakpoints": true
},
{
"idx": 12,
"version": "5",
"when": 1713336108114,
"tag": "0012_certain_thor_girl",
"breakpoints": true
},
{
"idx": 13,
"version": "5",
"when": 1713336611301,
"tag": "0013_wandering_celestials",
"breakpoints": true
},
{
"idx": 14,
"version": "5",
"when": 1713389937821,
"tag": "0014_wonderful_sandman",
"breakpoints": true
},
{
"idx": 15,
"version": "5",
"when": 1713399438164,
"tag": "0015_easy_mojo",
"breakpoints": true
},
{
"idx": 16,
"version": "5",
"when": 1713413369623,
"tag": "0016_keen_mindworm",
"breakpoints": true
},
{
"idx": 17,
"version": "5",
"when": 1713417089150,
"tag": "0017_dusty_black_knight",
"breakpoints": true
},
{
"idx": 18,
"version": "5",
"when": 1713418575392,
"tag": "0018_rapid_hairball",
"breakpoints": true
},
{
"idx": 19,
"version": "5",
"when": 1713421706451,
"tag": "0019_mushy_lorna_dane",
"breakpoints": true
},
{
"idx": 20,
"version": "5",
"when": 1714017186457,
"tag": "0020_giant_the_stranger",
"breakpoints": true
},
{
"idx": 21,
"version": "5",
"when": 1714165180389,
"tag": "0021_wise_stephen_strange",
"breakpoints": true
}
]
}

2
drizzle/schema.ts
View file

@ -1,5 +1,6 @@
import { relations, sql } from "drizzle-orm";
import {
type AnyPgColumn,
boolean,
foreignKey,
index,
@ -10,7 +11,6 @@ import {
timestamp,
uniqueIndex,
uuid,
type AnyPgColumn,
} from "drizzle-orm/pg-core";
import type * as Lysand from "lysand-types";
import type { Source as APISource } from "~types/mastodon/source";

212
package.json
View file

@ -1,109 +1,109 @@
{
"name": "lysand",
"module": "index.ts",
"type": "module",
"version": "0.5.0",
"description": "A project to build a federated social network",
"author": {
"email": "contact@cpluspatch.com",
"name": "CPlusPatch",
"url": "https://cpluspatch.com"
},
"bugs": {
"url": "https://github.com/lysand-org/lysand/issues"
},
"icon": "https://github.com/lysand-org/lysand",
"license": "AGPL-3.0",
"keywords": ["federated", "activitypub", "bun"],
"workspaces": ["packages/*"],
"maintainers": [
{
"email": "contact@cpluspatch.com",
"name": "CPlusPatch",
"url": "https://cpluspatch.com"
"name": "lysand",
"module": "index.ts",
"type": "module",
"version": "0.5.0",
"description": "A project to build a federated social network",
"author": {
"email": "contact@cpluspatch.com",
"name": "CPlusPatch",
"url": "https://cpluspatch.com"
},
"bugs": {
"url": "https://github.com/lysand-org/lysand/issues"
},
"icon": "https://github.com/lysand-org/lysand",
"license": "AGPL-3.0",
"keywords": ["federated", "activitypub", "bun"],
"workspaces": ["packages/*"],
"maintainers": [
{
"email": "contact@cpluspatch.com",
"name": "CPlusPatch",
"url": "https://cpluspatch.com"
}
],
"repository": {
"type": "git",
"url": "git+https://github.com/lysand-org/lysand.git"
},
"private": true,
"scripts": {
"dev": "bun run --watch index.ts",
"start": "NODE_ENV=production bun run dist/index.js --prod",
"lint": "bunx @biomejs/biome check .",
"prod-build": "bun run build.ts",
"benchmark:timeline": "bun run benchmarks/timelines.ts",
"cloc": "cloc . --exclude-dir node_modules,dist,.output,.nuxt,meta,logs,glitch,glitch-dev --exclude-ext sql,log,pem",
"cli": "bun run cli.ts"
},
"trustedDependencies": [
"@biomejs/biome",
"@fortawesome/fontawesome-common-types",
"@fortawesome/free-regular-svg-icons",
"@fortawesome/free-solid-svg-icons",
"es5-ext",
"esbuild",
"json-editor-vue",
"msgpackr-extract",
"nuxt-app",
"sharp",
"vue-demi"
],
"devDependencies": {
"@biomejs/biome": "^1.7.0",
"@types/cli-table": "^0.3.4",
"@types/html-to-text": "^9.0.4",
"@types/ioredis": "^5.0.0",
"@types/jsonld": "^1.5.13",
"@types/markdown-it-container": "^2.0.10",
"@types/mime-types": "^2.1.4",
"@types/pg": "^8.11.5",
"bun-types": "latest",
"drizzle-kit": "^0.20.14",
"typescript": "latest"
},
"peerDependencies": {
"typescript": "^5.3.2"
},
"dependencies": {
"@hackmd/markdown-it-task-lists": "^2.1.4",
"@json2csv/plainjs": "^7.0.6",
"@shikijs/markdown-it": "^1.3.0",
"@tufjs/canonical-json": "^2.0.0",
"blurhash": "^2.0.5",
"bullmq": "^5.7.1",
"chalk": "^5.3.0",
"cli-parser": "workspace:*",
"cli-table": "^0.3.11",
"config-manager": "workspace:*",
"drizzle-orm": "^0.30.7",
"extract-zip": "^2.0.1",
"html-to-text": "^9.0.5",
"ioredis": "^5.3.2",
"ip-matching": "^2.1.2",
"iso-639-1": "^3.1.0",
"isomorphic-dompurify": "latest",
"jose": "^5.2.4",
"linkify-html": "^4.1.3",
"linkify-string": "^4.1.3",
"linkifyjs": "^4.1.3",
"log-manager": "workspace:*",
"magic-regexp": "^0.8.0",
"markdown-it": "^14.1.0",
"markdown-it-anchor": "^8.6.7",
"markdown-it-container": "^4.0.0",
"markdown-it-toc-done-right": "^4.2.0",
"media-manager": "workspace:*",
"megalodon": "^10.0.0",
"meilisearch": "^0.38.0",
"mime-types": "^2.1.35",
"oauth4webapi": "^2.4.0",
"pg": "^8.11.5",
"request-parser": "workspace:*",
"sharp": "^0.33.3",
"string-comparison": "^1.3.0",
"zod": "^3.22.4",
"zod-validation-error": "^3.2.0"
}
],
"repository": {
"type": "git",
"url": "git+https://github.com/lysand-org/lysand.git"
},
"private": true,
"scripts": {
"dev": "bun run --watch index.ts",
"start": "NODE_ENV=production bun run dist/index.js --prod",
"lint": "bunx @biomejs/biome check .",
"prod-build": "bun run build.ts",
"benchmark:timeline": "bun run benchmarks/timelines.ts",
"cloc": "cloc . --exclude-dir node_modules,dist,.output,.nuxt,meta,logs,glitch,glitch-dev --exclude-ext sql,log,pem",
"cli": "bun run cli.ts"
},
"trustedDependencies": [
"@biomejs/biome",
"@fortawesome/fontawesome-common-types",
"@fortawesome/free-regular-svg-icons",
"@fortawesome/free-solid-svg-icons",
"es5-ext",
"esbuild",
"json-editor-vue",
"msgpackr-extract",
"nuxt-app",
"sharp",
"vue-demi"
],
"devDependencies": {
"@biomejs/biome": "^1.7.0",
"@types/cli-table": "^0.3.4",
"@types/html-to-text": "^9.0.4",
"@types/ioredis": "^5.0.0",
"@types/jsonld": "^1.5.13",
"@types/markdown-it-container": "^2.0.10",
"@types/mime-types": "^2.1.4",
"@types/pg": "^8.11.5",
"bun-types": "latest",
"drizzle-kit": "^0.20.14",
"typescript": "latest"
},
"peerDependencies": {
"typescript": "^5.3.2"
},
"dependencies": {
"@hackmd/markdown-it-task-lists": "^2.1.4",
"@json2csv/plainjs": "^7.0.6",
"@shikijs/markdown-it": "^1.3.0",
"@tufjs/canonical-json": "^2.0.0",
"blurhash": "^2.0.5",
"bullmq": "^5.7.1",
"chalk": "^5.3.0",
"cli-parser": "workspace:*",
"cli-table": "^0.3.11",
"config-manager": "workspace:*",
"drizzle-orm": "^0.30.7",
"extract-zip": "^2.0.1",
"html-to-text": "^9.0.5",
"ioredis": "^5.3.2",
"ip-matching": "^2.1.2",
"iso-639-1": "^3.1.0",
"isomorphic-dompurify": "latest",
"jose": "^5.2.4",
"linkify-html": "^4.1.3",
"linkify-string": "^4.1.3",
"linkifyjs": "^4.1.3",
"log-manager": "workspace:*",
"magic-regexp": "^0.8.0",
"markdown-it": "^14.1.0",
"markdown-it-anchor": "^8.6.7",
"markdown-it-container": "^4.0.0",
"markdown-it-toc-done-right": "^4.2.0",
"media-manager": "workspace:*",
"megalodon": "^10.0.0",
"meilisearch": "^0.38.0",
"mime-types": "^2.1.35",
"oauth4webapi": "^2.4.0",
"pg": "^8.11.5",
"request-parser": "workspace:*",
"sharp": "^0.33.3",
"string-comparison": "^1.3.0",
"zod": "^3.22.4",
"zod-validation-error": "^3.2.0"
}
}

8
packages/lysand-utils/package.json
View file

@ -1,6 +1,6 @@
{
"name": "lysand-utils",
"version": "0.0.0",
"main": "index.ts",
"dependencies": { "zod": "^3.22.4", "zod-validation-error": "^3.2.0" }
"name": "lysand-utils",
"version": "0.0.0",
"main": "index.ts",
"dependencies": { "zod": "^3.22.4", "zod-validation-error": "^3.2.0" }
}

211
server/api/api/auth/login/index.ts
View file

@ -2,14 +2,11 @@ import { apiRoute, applyConfig } from "@api";
import { errorResponse, response } from "@response";
import { eq } from "drizzle-orm";
import { SignJWT } from "jose";
import { stringify } from "qs";
import { z } from "zod";
import { fromZodError } from "zod-validation-error";
import { db } from "~drizzle/db";
import { Users } from "~drizzle/schema";
import { config } from "~packages/config-manager";
import { User } from "~packages/database-interface/user";
import { RequestParser } from "~packages/request-parser";
export const meta = applyConfig({
allowedMethods: ["POST"],
@ -53,123 +50,107 @@ export const schema = z.object({
.default(60 * 60 * 24 * 7),
});
export const querySchema = z.object({
scope: z.string().optional(),
redirect_uri: z.string().url().optional(),
response_type: z.enum([
"code",
"token",
"none",
"id_token",
"code id_token",
"code token",
"token id_token",
"code token id_token",
]),
client_id: z.string(),
state: z.string().optional(),
code_challenge: z.string().optional(),
code_challenge_method: z.enum(["plain", "S256"]).optional(),
prompt: z
.enum(["none", "login", "consent", "select_account"])
.optional()
.default("none"),
max_age: z
.number()
.int()
.optional()
.default(60 * 60 * 24 * 7),
});
const returnError = (query: object, error: string, description: string) =>
response(null, 302, {
Location: `/oauth/authorize?${stringify({
...query,
error,
error_description: description,
})}`,
});
/**
* Login flow
*/
export default apiRoute(async (req, matchedRoute, extraData) => {
const { email, password } = extraData.parsedRequest;
if (!email || !password)
return returnError(
extraData.parsedRequest,
"invalid_request",
"Missing email or password",
);
// Find user
const user = await User.fromSql(eq(Users.email, email));
if (
!user ||
!(await Bun.password.verify(password, user.getUser().password || ""))
)
return returnError(
extraData.parsedRequest,
"invalid_request",
"Invalid email or password",
);
const { client_id } = extraData.parsedRequest;
// Try and import the key
const privateKey = await crypto.subtle.importKey(
"pkcs8",
Buffer.from(config.oidc.jwt_key.split(";")[0], "base64"),
"Ed25519",
false,
["sign"],
);
// Generate JWT
const jwt = await new SignJWT({
sub: user.id,
iss: new URL(config.http.base_url).origin,
aud: client_id,
exp: Math.floor(Date.now() / 1000) + 60 * 60,
iat: Math.floor(Date.now() / 1000),
nbf: Math.floor(Date.now() / 1000),
})
.setProtectedHeader({ alg: "EdDSA" })
.sign(privateKey);
const application = await db.query.Applications.findFirst({
where: (app, { eq }) => eq(app.clientId, client_id),
});
if (!application) {
return errorResponse("Invalid application", 400);
}
const searchParams = new URLSearchParams({
application: application.name,
client_secret: application.secret,
});
if (application.website)
searchParams.append("website", application.website);
const returnError = (query: object, error: string, description: string) => {
const searchParams = new URLSearchParams();
// Add all data that is not undefined except email and password
for (const [key, value] of Object.entries(extraData.parsedRequest)) {
for (const [key, value] of Object.entries(query)) {
if (key !== "email" && key !== "password" && value !== undefined)
searchParams.append(key, value);
}
// Redirect to OAuth authorize with JWT
searchParams.append("error", error);
searchParams.append("error_description", description);
return response(null, 302, {
Location: new URL(
`/oauth/consent?${searchParams.toString()}`,
config.http.base_url,
).toString(),
// Set cookie with JWT
"Set-Cookie": `jwt=${jwt}; HttpOnly; Secure; SameSite=Strict; Path=/; Max-Age=${
60 * 60
}`,
Location: `/oauth/authorize?${searchParams.toString()}`,
});
});
};
/**
* Login flow
*/
export default apiRoute<typeof meta, typeof schema>(
async (req, matchedRoute, extraData) => {
const { email, password } = extraData.parsedRequest;
if (!email || !password)
return returnError(
extraData.parsedRequest,
"invalid_request",
"Missing email or password",
);
// Find user
const user = await User.fromSql(eq(Users.email, email.toLowerCase()));
if (
!user ||
!(await Bun.password.verify(
password,
user.getUser().password || "",
))
)
return returnError(
extraData.parsedRequest,
"invalid_request",
"Invalid email or password",
);
const { client_id } = extraData.parsedRequest;
// Try and import the key
const privateKey = await crypto.subtle.importKey(
"pkcs8",
Buffer.from(config.oidc.jwt_key.split(";")[0], "base64"),
"Ed25519",
false,
["sign"],
);
// Generate JWT
const jwt = await new SignJWT({
sub: user.id,
iss: new URL(config.http.base_url).origin,
aud: client_id,
exp: Math.floor(Date.now() / 1000) + 60 * 60,
iat: Math.floor(Date.now() / 1000),
nbf: Math.floor(Date.now() / 1000),
})
.setProtectedHeader({ alg: "EdDSA" })
.sign(privateKey);
const application = await db.query.Applications.findFirst({
where: (app, { eq }) => eq(app.clientId, client_id),
});
if (!application) {
return errorResponse("Invalid application", 400);
}
const searchParams = new URLSearchParams({
application: application.name,
client_secret: application.secret,
});
if (application.website)
searchParams.append("website", application.website);
// Add all data that is not undefined except email and password
for (const [key, value] of Object.entries(extraData.parsedRequest)) {
if (key !== "email" && key !== "password" && value !== undefined)
searchParams.append(key, String(value));
}
// Redirect to OAuth authorize with JWT
return response(null, 302, {
Location: new URL(
`/oauth/consent?${searchParams.toString()}`,
config.http.base_url,
).toString(),
// Set cookie with JWT
"Set-Cookie": `jwt=${jwt}; HttpOnly; Secure; SameSite=Strict; Path=/; Max-Age=${
60 * 60
}`,
});
},
);

2
server/api/api/v1/accounts/index.ts
View file

@ -22,7 +22,7 @@ export const meta = applyConfig({
// No validation on the Zod side as we need to do custom validation
export const schema = z.object({
username: z.string(),
username: z.string().toLowerCase(),
email: z.string(),
password: z.string(),
agreement: z.boolean(),