diff --git a/api/api/auth/mastodon-login/index.ts b/api/api/auth/mastodon-login/index.ts deleted file mode 100644 index 8a8fcf72..00000000 --- a/api/api/auth/mastodon-login/index.ts +++ /dev/null @@ -1,107 +0,0 @@ -import { apiRoute, applyConfig, handleZodError } from "@/api"; -import { randomString } from "@/math"; -import { response } from "@/response"; -import { zValidator } from "@hono/zod-validator"; -import { eq } from "drizzle-orm"; -import { z } from "zod"; -import { TokenType } from "~/classes/functions/token"; -import { db } from "~/drizzle/db"; -import { Tokens, Users } from "~/drizzle/schema"; -import { config } from "~/packages/config-manager"; -import { User } from "~/packages/database-interface/user"; - -export const meta = applyConfig({ - allowedMethods: ["POST"], - ratelimits: { - max: 4, - duration: 60, - }, - route: "/api/auth/mastodon-logout", - auth: { - required: false, - }, -}); - -export const schemas = { - form: z.object({ - user: z.object({ - email: z.string().email().toLowerCase(), - password: z.string().min(2).max(100), - }), - }), -}; - -/** - * Mastodon-FE login route - */ -export default apiRoute((app) => - app.on( - meta.allowedMethods, - meta.route, - zValidator("form", schemas.form, handleZodError), - async (context) => { - const { - user: { email, password }, - } = context.req.valid("form"); - - const redirectToLogin = (error: string) => - response(null, 302, { - Location: `/auth/sign_in?${new URLSearchParams({ - ...context.req.query, - error: encodeURIComponent(error), - }).toString()}`, - }); - - const user = await User.fromSql(eq(Users.email, email)); - - if ( - !( - user && - (await Bun.password.verify( - password, - user.data.password || "", - )) - ) - ) { - return redirectToLogin("Invalid email or password"); - } - - if (user.data.passwordResetToken) { - return response(null, 302, { - Location: new URL( - `${ - config.frontend.routes.password_reset - }?${new URLSearchParams({ - token: user.data.passwordResetToken ?? "", - login_reset: "true", - }).toString()}`, - config.http.base_url, - ).toString(), - }); - } - - const code = randomString(32, "hex"); - const accessToken = randomString(64, "base64url"); - - await db.insert(Tokens).values({ - accessToken, - code: code, - scope: "read write follow push", - tokenType: TokenType.Bearer, - applicationId: null, - userId: user.id, - }); - - // One week from now - const maxAge = String(60 * 60 * 24 * 7); - - // Redirect to home - return response(null, 303, { - Location: "/", - "Set-Cookie": `_session_id=${accessToken}; Domain=${ - new URL(config.http.base_url).hostname - }; SameSite=Lax; Path=/; HttpOnly; Max-Age=${maxAge}`, - }); - }, - ), -); diff --git a/api/api/auth/mastodon-logout/index.ts b/api/api/auth/mastodon-logout/index.ts deleted file mode 100644 index f82c9ca4..00000000 --- a/api/api/auth/mastodon-logout/index.ts +++ /dev/null @@ -1,31 +0,0 @@ -import { apiRoute, applyConfig } from "@/api"; -import { config } from "~/packages/config-manager"; - -export const meta = applyConfig({ - allowedMethods: ["POST"], - ratelimits: { - max: 4, - duration: 60, - }, - route: "/api/auth/mastodon-logout", - auth: { - required: false, - }, -}); - -/** - * Mastodon-FE logout route - */ -export default apiRoute((app) => - app.on(meta.allowedMethods, meta.route, () => { - return new Response(null, { - headers: { - Location: "/", - "Set-Cookie": `_session_id=; Domain=${ - new URL(config.http.base_url).hostname - }; SameSite=Lax; Path=/; HttpOnly; Max-Age=0; Expires=${new Date().toUTCString()}`, - }, - status: 303, - }); - }), -);