fluxerapp/fluxer
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
d5abd1a7e4bbb6a389b7ecdf7b24c573bf71fc88
fluxer/packages/admin/src/routes/Auth.tsx
Hampus Kraft d5abd1a7e4 refactor progress
2026-02-17 12:22:36 +00:00

164 lines
5.0 KiB
TypeScript
Raw Blame History

/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
/** @jsxRuntime automatic */
/** @jsxImportSource hono/jsx */
import * as usersApi from '@fluxer/admin/src/api/Users';
import {getValidSession, redirectToAuthorize} from '@fluxer/admin/src/middleware/Auth';
import {LoginPage} from '@fluxer/admin/src/pages/LoginPage';
import type {RouteFactoryDeps} from '@fluxer/admin/src/routes/RouteTypes';
import {createSession} from '@fluxer/admin/src/Session';
import type {AppVariables} from '@fluxer/admin/src/types/App';
import {base64EncodeString} from '@fluxer/oauth2/src/OAuth2';
import {Hono} from 'hono';
import {deleteCookie, getCookie, setCookie} from 'hono/cookie';
export function createAuthRoutes({config}: RouteFactoryDeps) {
const router = new Hono<{Variables: AppVariables}>();
router.get('/login', async (c) => {
const error = c.req.query('error');
let errorMsg: string | undefined;
if (error === 'oauth_failed') {
errorMsg = 'Authentication failed. Please try again.';
} else if (error === 'missing_admin_acl') {
errorMsg = 'Access denied: missing admin:authenticate permission. Ask an administrator to grant access.';
} else if (error) {
errorMsg = 'Login error. Please try again.';
}
const session = await getValidSession(c, config);
if (session) {
return c.redirect(`${config.basePath}/dashboard`);
}
return c.html(<LoginPage config={config} errorMessage={errorMsg} />);
});
router.get('/auth/start', (c) => {
return redirectToAuthorize(c, config);
});
router.get('/oauth2_callback', async (c) => {
const code = c.req.query('code');
const state = c.req.query('state');
const storedState = getCookie(c, 'oauth_state');
deleteCookie(c, 'oauth_state', {path: '/'});
if (!code || !state || state !== storedState) {
return c.redirect(`${config.basePath}/login?error=oauth_failed`);
}
try {
const tokenResponse = await fetch(`${config.apiEndpoint}/oauth2/token`, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: new URLSearchParams({
grant_type: 'authorization_code',
code,
redirect_uri: config.oauthRedirectUri,
client_id: config.oauthClientId,
client_secret: config.oauthClientSecret,
}),
});
if (!tokenResponse.ok) {
return c.redirect(`${config.basePath}/login?error=oauth_failed`);
}
const tokenData = (await tokenResponse.json()) as {access_token: string; token_type: string};
const accessToken = tokenData.access_token;
const userResponse = await fetch(`${config.apiEndpoint}/users/@me`, {
headers: {
Authorization: `Bearer ${accessToken}`,
},
});
if (!userResponse.ok) {
return c.redirect(`${config.basePath}/login?error=oauth_failed`);
}
const userData = (await userResponse.json()) as {id: string};
const userId = userData.id;
const adminResult = await usersApi.getCurrentAdmin(config, {
userId,
accessToken,
createdAt: Math.floor(Date.now() / 1000),
});
if (!adminResult.ok || !adminResult.data) {
return c.redirect(`${config.basePath}/login?error=missing_admin_acl`);
}
const sessionData = createSession(userId, accessToken, config.secretKeyBase);
setCookie(c, 'session', sessionData, {
httpOnly: true,
secure: config.env === 'production',
sameSite: 'Lax',
maxAge: 60 * 60 * 24 * 7,
path: '/',
});
return c.redirect(`${config.basePath}/dashboard`);
} catch {
return c.redirect(`${config.basePath}/login?error=oauth_failed`);
}
});
router.post('/logout', async (c) => {
const session = await getValidSession(c, config);
if (session) {
try {
const basic = `Basic ${base64EncodeString(`${config.oauthClientId}:${config.oauthClientSecret}`)}`;
await fetch(`${config.apiEndpoint}/oauth2/revoke`, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
Authorization: basic,
},
body: new URLSearchParams({
token: session.accessToken,
token_type_hint: 'access_token',
}),
});
} catch {}
}
deleteCookie(c, 'session', {path: '/'});
return c.redirect(`${config.basePath}/login`);
});
router.get('/logout', async (c) => {
const session = await getValidSession(c, config);
if (session) {
return c.redirect(`${config.basePath}/dashboard`);
}
return c.redirect(`${config.basePath}/login`);
});
return router;
}
Reference in New Issue View Git Blame Copy Permalink