refactor progress

2026-02-17 12:22:36 +00:00
parent cb31608523
commit d5abd1a7e4
8257 changed files with 1190207 additions and 761040 deletions
--- a/packages/admin/src/middleware/Auth.tsx
+++ b/packages/admin/src/middleware/Auth.tsx
@@ -0,0 +1,105 @@
+/*
+ * Copyright (C) 2026 Fluxer Contributors
+ *
+ * This file is part of Fluxer.
+ *
+ * Fluxer is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Fluxer is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+/** @jsxRuntime automatic */
+/** @jsxImportSource hono/jsx */
+
+import * as usersApi from '@fluxer/admin/src/api/Users';
+import {createAdminOAuth2Client} from '@fluxer/admin/src/Oauth2';
+import {parseSession} from '@fluxer/admin/src/Session';
+import type {AppContext, Session} from '@fluxer/admin/src/types/App';
+import type {AdminConfig as Config} from '@fluxer/admin/src/types/Config';
+import {type Flash, serializeFlash} from '@fluxer/hono/src/Flash';
+import {parseFlashFromCookie} from '@fluxer/ui/src/components/Flash';
+import type {Next} from 'hono';
+import {deleteCookie, getCookie, setCookie} from 'hono/cookie';
+
+export async function getValidSession(c: AppContext, configOverride?: Config): Promise<Session | null> {
+	const config = configOverride ?? c.get('config');
+	const sessionCookie = getCookie(c, 'session');
+	if (!sessionCookie) return null;
+
+	const session = parseSession(sessionCookie, config.secretKeyBase);
+	if (!session) return null;
+
+	return session;
+}
+
+export function redirectToAuthorize(c: AppContext, config: Config): Response {
+	const oauth2Client = createAdminOAuth2Client(config);
+	const state = oauth2Client.generateState();
+	setCookie(c, 'oauth_state', state, {
+		httpOnly: true,
+		secure: config.env === 'production',
+		sameSite: 'Lax',
+		maxAge: 300,
+		path: '/',
+	});
+	return c.redirect(oauth2Client.createAuthorizationUrl(state));
+}
+
+export function redirectToLoginAndClearSession(c: AppContext, config: Config): Response {
+	deleteCookie(c, 'session', {path: '/'});
+	return c.redirect(`${config.basePath}/login`);
+}
+
+export function getFlash(c: AppContext): Flash | undefined {
+	const flashCookie = getCookie(c, 'flash');
+	if (flashCookie) {
+		deleteCookie(c, 'flash', {path: '/'});
+		return parseFlashFromCookie(flashCookie);
+	}
+	return undefined;
+}
+
+export function redirectWithFlash(c: AppContext, url: string, flash: Flash): Response {
+	setCookie(c, 'flash', serializeFlash(flash), {
+		httpOnly: true,
+		secure: c.get('config').env === 'production',
+		sameSite: 'Lax',
+		maxAge: 60,
+		path: '/',
+	});
+	return c.redirect(url);
+}
+
+export function createRequireAuth(config: Config, assetVersion: string) {
+	return async (c: AppContext, next: Next): Promise<Response | undefined> => {
+		const session = await getValidSession(c, config);
+
+		if (!session) {
+			return redirectToAuthorize(c, config);
+		}
+
+		const adminResult = await usersApi.getCurrentAdmin(config, session);
+		if (!adminResult.ok) {
+			if (adminResult.error.type === 'unauthorized') {
+				return redirectToLoginAndClearSession(c, config);
+			}
+		}
+
+		c.set('config', config);
+		c.set('session', session);
+		c.set('currentAdmin', adminResult.ok ? (adminResult.data ?? undefined) : undefined);
+		c.set('assetVersion', assetVersion);
+
+		await next();
+		return;
+	};
+}
--- a/packages/admin/src/middleware/Csrf.tsx
+++ b/packages/admin/src/middleware/Csrf.tsx
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2026 Fluxer Contributors
+ *
+ * This file is part of Fluxer.
+ *
+ * Fluxer is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Fluxer is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+/** @jsxRuntime automatic */
+/** @jsxImportSource hono/jsx */
+
+import type {AppContext} from '@fluxer/admin/src/types/App';
+import {CSRF_FORM_FIELD} from '@fluxer/constants/src/Cookies';
+import {type CsrfProtection, createCsrfProtection} from '@fluxer/hono/src/security/CsrfProtection';
+import type {Next} from 'hono';
+
+let csrfProtection: CsrfProtection | null = null;
+
+export function initializeCsrf(secretKeyBase: string, secureCookie: boolean): void {
+	csrfProtection = createCsrfProtection({
+		secretKeyBase,
+		secureCookie,
+		ignoredPathSuffixes: ['/oauth2_callback', '/auth/start'],
+	});
+}
+
+function getCsrfProtectionOrThrow(): CsrfProtection {
+	if (!csrfProtection) {
+		throw new Error('CSRF not initialized');
+	}
+	return csrfProtection;
+}
+
+export function getCsrfToken(c: AppContext): string {
+	return getCsrfProtectionOrThrow().getToken(c);
+}
+
+export async function csrfMiddleware(c: AppContext, next: Next): Promise<Response | undefined> {
+	const response = await getCsrfProtectionOrThrow().middleware(c, next);
+	return response ?? undefined;
+}
+
+export const CSRF_FORM_FIELD_NAME = CSRF_FORM_FIELD;
--- a/packages/admin/src/middleware/ErrorHandler.tsx
+++ b/packages/admin/src/middleware/ErrorHandler.tsx
@@ -0,0 +1,106 @@
+/*
+ * Copyright (C) 2026 Fluxer Contributors
+ *
+ * This file is part of Fluxer.
+ *
+ * Fluxer is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Fluxer is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+/** @jsxRuntime automatic */
+/** @jsxImportSource hono/jsx */
+
+import {CdnEndpoints} from '@fluxer/constants/src/CdnEndpoints';
+import type {HttpStatusCode} from '@fluxer/constants/src/HttpConstants';
+import {HttpStatus} from '@fluxer/constants/src/HttpConstants';
+import {createErrorHandler} from '@fluxer/errors/src/ErrorHandler';
+import {FluxerError} from '@fluxer/errors/src/FluxerError';
+import type {LoggerInterface} from '@fluxer/logger/src/LoggerInterface';
+import {captureException} from '@fluxer/sentry/src/Sentry';
+import {ErrorPage} from '@fluxer/ui/src/pages/ErrorPage';
+import type {Context, ErrorHandler} from 'hono';
+
+const KNOWN_HTTP_STATUS_CODES: Array<HttpStatusCode> = Object.values(HttpStatus);
+
+export function createAdminErrorHandler(logger: LoggerInterface, includeStack: boolean): ErrorHandler {
+	return createErrorHandler({
+		includeStack,
+		logError: (error, c) => {
+			const isExpectedError = error instanceof Error && 'isExpected' in error && error.isExpected;
+
+			if (!(error instanceof FluxerError || isExpectedError)) {
+				captureException(error);
+			}
+
+			logger.error(
+				{
+					error: error.message,
+					stack: error.stack,
+					path: c.req.path,
+					method: c.req.method,
+				},
+				'Request error',
+			);
+		},
+		customHandler: (error, c) => {
+			const status = getStatus(error) ?? 500;
+			if (status === 404) {
+				return renderNotFound(c);
+			}
+			return renderError(c, status);
+		},
+	});
+}
+
+function getStatus(error: Error): number | null {
+	const statusValue = Reflect.get(error, 'status');
+	return typeof statusValue === 'number' ? statusValue : null;
+}
+
+function renderNotFound(c: Context): Response | Promise<Response> {
+	c.status(404);
+	return c.html(
+		<ErrorPage
+			statusCode={404}
+			title="Page not found"
+			description="The page you are looking for does not exist or has been moved."
+			staticCdnEndpoint={CdnEndpoints.STATIC}
+			homeUrl="/admin"
+			homeLabel="Go to admin"
+		/>,
+	);
+}
+
+function renderError(c: Context, status: number): Response | Promise<Response> {
+	const statusCode = isHttpStatusCode(status) ? status : HttpStatus.INTERNAL_SERVER_ERROR;
+	c.status(statusCode);
+	return c.html(
+		<ErrorPage
+			statusCode={statusCode}
+			title="Something went wrong"
+			description="An unexpected error occurred. Please try again later."
+			staticCdnEndpoint={CdnEndpoints.STATIC}
+			homeUrl="/admin"
+			homeLabel="Go to admin"
+		/>,
+	);
+}
+
+function isHttpStatusCode(value: number): value is HttpStatusCode {
+	for (const statusCode of KNOWN_HTTP_STATUS_CODES) {
+		if (statusCode === value) {
+			return true;
+		}
+	}
+	return false;
+}