versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2025-12-06 08:28:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

refactor(api): 🔥 Remove old mastodon-compatible login endpoints

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-08-27 16:47:58 +02:00
parent 184dae75ba
commit edf5edca9f
No known key found for this signature in database
2 changed files with 0 additions and 138 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

107
api/api/auth/mastodon-login/index.ts
View file

@ -1,107 +0,0 @@
import { apiRoute, applyConfig, handleZodError } from "@/api";
import { randomString } from "@/math";
import { response } from "@/response";
import { zValidator } from "@hono/zod-validator";
import { eq } from "drizzle-orm";
import { z } from "zod";
import { TokenType } from "~/classes/functions/token";
import { db } from "~/drizzle/db";
import { Tokens, Users } from "~/drizzle/schema";
import { config } from "~/packages/config-manager";
import { User } from "~/packages/database-interface/user";
export const meta = applyConfig({
allowedMethods: ["POST"],
ratelimits: {
max: 4,
duration: 60,
},
route: "/api/auth/mastodon-logout",
auth: {
required: false,
},
});
export const schemas = {
form: z.object({
user: z.object({
email: z.string().email().toLowerCase(),
password: z.string().min(2).max(100),
}),
}),
};
/**
* Mastodon-FE login route
*/
export default apiRoute((app) =>
app.on(
meta.allowedMethods,
meta.route,
zValidator("form", schemas.form, handleZodError),
async (context) => {
const {
user: { email, password },
} = context.req.valid("form");
const redirectToLogin = (error: string) =>
response(null, 302, {
Location: `/auth/sign_in?${new URLSearchParams({
...context.req.query,
error: encodeURIComponent(error),
}).toString()}`,
});
const user = await User.fromSql(eq(Users.email, email));
if (
!(
user &&
(await Bun.password.verify(
password,
user.data.password || "",
))
)
) {
return redirectToLogin("Invalid email or password");
}
if (user.data.passwordResetToken) {
return response(null, 302, {
Location: new URL(
`${
config.frontend.routes.password_reset
}?${new URLSearchParams({
token: user.data.passwordResetToken ?? "",
login_reset: "true",
}).toString()}`,
config.http.base_url,
).toString(),
});
}
const code = randomString(32, "hex");
const accessToken = randomString(64, "base64url");
await db.insert(Tokens).values({
accessToken,
code: code,
scope: "read write follow push",
tokenType: TokenType.Bearer,
applicationId: null,
userId: user.id,
});
// One week from now
const maxAge = String(60 * 60 * 24 * 7);
// Redirect to home
return response(null, 303, {
Location: "/",
"Set-Cookie": `_session_id=${accessToken}; Domain=${
new URL(config.http.base_url).hostname
}; SameSite=Lax; Path=/; HttpOnly; Max-Age=${maxAge}`,
});
},
),
);

31
api/api/auth/mastodon-logout/index.ts
View file

@ -1,31 +0,0 @@
import { apiRoute, applyConfig } from "@/api";
import { config } from "~/packages/config-manager";
export const meta = applyConfig({
allowedMethods: ["POST"],
ratelimits: {
max: 4,
duration: 60,
},
route: "/api/auth/mastodon-logout",
auth: {
required: false,
},
});
/**
* Mastodon-FE logout route
*/
export default apiRoute((app) =>
app.on(meta.allowedMethods, meta.route, () => {
return new Response(null, {
headers: {
Location: "/",
"Set-Cookie": `_session_id=; Domain=${
new URL(config.http.base_url).hostname
}; SameSite=Lax; Path=/; HttpOnly; Max-Age=0; Expires=${new Date().toUTCString()}`,
},
status: 303,
});
}),
);