refactor progress

packages/admin/src/middleware/Auth.tsx

@@ -0,0 +1,105 @@
+/*
+ * Copyright (C) 2026 Fluxer Contributors
+ *
+ * This file is part of Fluxer.
+ *
+ * Fluxer is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Fluxer is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+/** @jsxRuntime automatic */
+/** @jsxImportSource hono/jsx */
+
+import * as usersApi from '@fluxer/admin/src/api/Users';
+import {createAdminOAuth2Client} from '@fluxer/admin/src/Oauth2';
+import {parseSession} from '@fluxer/admin/src/Session';
+import type {AppContext, Session} from '@fluxer/admin/src/types/App';
+import type {AdminConfig as Config} from '@fluxer/admin/src/types/Config';
+import {type Flash, serializeFlash} from '@fluxer/hono/src/Flash';
+import {parseFlashFromCookie} from '@fluxer/ui/src/components/Flash';
+import type {Next} from 'hono';
+import {deleteCookie, getCookie, setCookie} from 'hono/cookie';
+
+export async function getValidSession(c: AppContext, configOverride?: Config): Promise<Session | null> {
+	const config = configOverride ?? c.get('config');
+	const sessionCookie = getCookie(c, 'session');
+	if (!sessionCookie) return null;
+
+	const session = parseSession(sessionCookie, config.secretKeyBase);
+	if (!session) return null;
+
+	return session;
+}
+
+export function redirectToAuthorize(c: AppContext, config: Config): Response {
+	const oauth2Client = createAdminOAuth2Client(config);
+	const state = oauth2Client.generateState();
+	setCookie(c, 'oauth_state', state, {
+		httpOnly: true,
+		secure: config.env === 'production',
+		sameSite: 'Lax',
+		maxAge: 300,
+		path: '/',
+	});
+	return c.redirect(oauth2Client.createAuthorizationUrl(state));
+}
+
+export function redirectToLoginAndClearSession(c: AppContext, config: Config): Response {
+	deleteCookie(c, 'session', {path: '/'});
+	return c.redirect(`${config.basePath}/login`);
+}
+
+export function getFlash(c: AppContext): Flash | undefined {
+	const flashCookie = getCookie(c, 'flash');
+	if (flashCookie) {
+		deleteCookie(c, 'flash', {path: '/'});
+		return parseFlashFromCookie(flashCookie);
+	}
+	return undefined;
+}
+
+export function redirectWithFlash(c: AppContext, url: string, flash: Flash): Response {
+	setCookie(c, 'flash', serializeFlash(flash), {
+		httpOnly: true,
+		secure: c.get('config').env === 'production',
+		sameSite: 'Lax',
+		maxAge: 60,
+		path: '/',
+	});
+	return c.redirect(url);
+}
+
+export function createRequireAuth(config: Config, assetVersion: string) {
+	return async (c: AppContext, next: Next): Promise<Response | undefined> => {
+		const session = await getValidSession(c, config);
+
+		if (!session) {
+			return redirectToAuthorize(c, config);
+		}
+
+		const adminResult = await usersApi.getCurrentAdmin(config, session);
+		if (!adminResult.ok) {
+			if (adminResult.error.type === 'unauthorized') {
+				return redirectToLoginAndClearSession(c, config);
+			}
+		}
+
+		c.set('config', config);
+		c.set('session', session);
+		c.set('currentAdmin', adminResult.ok ? (adminResult.data ?? undefined) : undefined);
+		c.set('assetVersion', assetVersion);
+
+		await next();
+		return;
+	};
+}