106 lines
3.4 KiB
TypeScript
106 lines
3.4 KiB
TypeScript
/*
|
|
* Copyright (C) 2026 Fluxer Contributors
|
|
*
|
|
* This file is part of Fluxer.
|
|
*
|
|
* Fluxer is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Fluxer is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
/** @jsxRuntime automatic */
|
|
/** @jsxImportSource hono/jsx */
|
|
|
|
import * as usersApi from '@fluxer/admin/src/api/Users';
|
|
import {createAdminOAuth2Client} from '@fluxer/admin/src/Oauth2';
|
|
import {parseSession} from '@fluxer/admin/src/Session';
|
|
import type {AppContext, Session} from '@fluxer/admin/src/types/App';
|
|
import type {AdminConfig as Config} from '@fluxer/admin/src/types/Config';
|
|
import {type Flash, serializeFlash} from '@fluxer/hono/src/Flash';
|
|
import {parseFlashFromCookie} from '@fluxer/ui/src/components/Flash';
|
|
import type {Next} from 'hono';
|
|
import {deleteCookie, getCookie, setCookie} from 'hono/cookie';
|
|
|
|
export async function getValidSession(c: AppContext, configOverride?: Config): Promise<Session | null> {
|
|
const config = configOverride ?? c.get('config');
|
|
const sessionCookie = getCookie(c, 'session');
|
|
if (!sessionCookie) return null;
|
|
|
|
const session = parseSession(sessionCookie, config.secretKeyBase);
|
|
if (!session) return null;
|
|
|
|
return session;
|
|
}
|
|
|
|
export function redirectToAuthorize(c: AppContext, config: Config): Response {
|
|
const oauth2Client = createAdminOAuth2Client(config);
|
|
const state = oauth2Client.generateState();
|
|
setCookie(c, 'oauth_state', state, {
|
|
httpOnly: true,
|
|
secure: config.env === 'production',
|
|
sameSite: 'Lax',
|
|
maxAge: 300,
|
|
path: '/',
|
|
});
|
|
return c.redirect(oauth2Client.createAuthorizationUrl(state));
|
|
}
|
|
|
|
export function redirectToLoginAndClearSession(c: AppContext, config: Config): Response {
|
|
deleteCookie(c, 'session', {path: '/'});
|
|
return c.redirect(`${config.basePath}/login`);
|
|
}
|
|
|
|
export function getFlash(c: AppContext): Flash | undefined {
|
|
const flashCookie = getCookie(c, 'flash');
|
|
if (flashCookie) {
|
|
deleteCookie(c, 'flash', {path: '/'});
|
|
return parseFlashFromCookie(flashCookie);
|
|
}
|
|
return undefined;
|
|
}
|
|
|
|
export function redirectWithFlash(c: AppContext, url: string, flash: Flash): Response {
|
|
setCookie(c, 'flash', serializeFlash(flash), {
|
|
httpOnly: true,
|
|
secure: c.get('config').env === 'production',
|
|
sameSite: 'Lax',
|
|
maxAge: 60,
|
|
path: '/',
|
|
});
|
|
return c.redirect(url);
|
|
}
|
|
|
|
export function createRequireAuth(config: Config, assetVersion: string) {
|
|
return async (c: AppContext, next: Next): Promise<Response | undefined> => {
|
|
const session = await getValidSession(c, config);
|
|
|
|
if (!session) {
|
|
return redirectToAuthorize(c, config);
|
|
}
|
|
|
|
const adminResult = await usersApi.getCurrentAdmin(config, session);
|
|
if (!adminResult.ok) {
|
|
if (adminResult.error.type === 'unauthorized') {
|
|
return redirectToLoginAndClearSession(c, config);
|
|
}
|
|
}
|
|
|
|
c.set('config', config);
|
|
c.set('session', session);
|
|
c.set('currentAdmin', adminResult.ok ? (adminResult.data ?? undefined) : undefined);
|
|
c.set('assetVersion', assetVersion);
|
|
|
|
await next();
|
|
return;
|
|
};
|
|
}
|