mirror of
https://github.com/Drop-OSS/drop.git
synced 2026-07-13 22:26:43 +10:00
another stage of client authentication
This commit is contained in:
@@ -1,3 +1,27 @@
|
||||
export default defineEventHandler((h3) => {
|
||||
import clientHandler from "~/server/internal/clients/handler";
|
||||
|
||||
});
|
||||
export default defineEventHandler(async (h3) => {
|
||||
const userId = await h3.context.session.getUserId(h3);
|
||||
if (!userId) throw createError({ statusCode: 403 });
|
||||
|
||||
const query = getQuery(h3);
|
||||
const providedClientId = query.id?.toString();
|
||||
if (!providedClientId)
|
||||
throw createError({
|
||||
statusCode: 400,
|
||||
statusMessage: "Provide client ID in request params as 'id'",
|
||||
});
|
||||
|
||||
const data = await clientHandler.fetchInitiateClientMetadata(
|
||||
providedClientId
|
||||
);
|
||||
if (!data)
|
||||
throw createError({
|
||||
statusCode: 404,
|
||||
statusMessage: "Request not found.",
|
||||
});
|
||||
|
||||
await clientHandler.attachUserId(providedClientId, userId);
|
||||
|
||||
return data;
|
||||
});
|
||||
|
||||
@@ -1,3 +1,20 @@
|
||||
export default defineEventHandler((h3) => {
|
||||
import clientHandler from "~/server/internal/clients/handler";
|
||||
|
||||
});
|
||||
export default defineEventHandler(async (h3) => {
|
||||
const userId = await h3.context.session.getUserId(h3);
|
||||
if (!userId) throw createError({ statusCode: 403 });
|
||||
|
||||
const body = await readBody(h3);
|
||||
const clientId = await body.id;
|
||||
|
||||
const data = await clientHandler.fetchInitiateClientMetadata(clientId);
|
||||
if (!data)
|
||||
throw createError({
|
||||
statusCode: 400,
|
||||
statusMessage: "Invalid or expired client ID.",
|
||||
});
|
||||
|
||||
const token = await clientHandler.generateAuthToken(clientId);
|
||||
|
||||
return `drop://handshake/${clientId}/${token}`;
|
||||
});
|
||||
|
||||
@@ -10,7 +10,7 @@ Server responds with a URL to send the user to. It generates a device ID, which
|
||||
## 2. User signs in
|
||||
Client sends user to the provided URL (in external browser). User signs in using the existing authentication stack.
|
||||
|
||||
Server sends redirect to drop://handshake/[id]/[token], where the token is an authentication token to generate the necessary certificates, and the ID is the client ID as generated by the server.
|
||||
Server sends redirect to `drop://handshake/[id]/[token]`, where the token is an authentication token to generate the necessary certificates, and the ID is the client ID as generated by the server.
|
||||
|
||||
## 3. Client requests certificates
|
||||
Client makes request: `POST /api/v1/client/handshake` with the token recieved in the previous step.
|
||||
|
||||
@@ -7,7 +7,12 @@ export interface ClientMetadata {
|
||||
|
||||
export class ClientHandler {
|
||||
private temporaryClientTable: {
|
||||
[key: string]: { timeout: NodeJS.Timeout; data: ClientMetadata };
|
||||
[key: string]: {
|
||||
timeout: NodeJS.Timeout;
|
||||
data: ClientMetadata;
|
||||
userId?: string;
|
||||
authToken?: string;
|
||||
};
|
||||
} = {};
|
||||
|
||||
async initiate(metadata: ClientMetadata) {
|
||||
@@ -23,6 +28,28 @@ export class ClientHandler {
|
||||
|
||||
return clientId;
|
||||
}
|
||||
|
||||
async fetchInitiateClientMetadata(clientId: string) {
|
||||
const entry = this.temporaryClientTable[clientId];
|
||||
if (!entry) return undefined;
|
||||
return entry.data;
|
||||
}
|
||||
|
||||
async attachUserId(clientId: string, userId: string) {
|
||||
if (!this.temporaryClientTable[clientId])
|
||||
throw new Error("Invalid clientId for attaching userId");
|
||||
this.temporaryClientTable[clientId].userId = userId;
|
||||
}
|
||||
|
||||
async generateAuthToken(clientId: string) {
|
||||
const entry = this.temporaryClientTable[clientId];
|
||||
if (!entry) throw new Error("Invalid clientId to generate token");
|
||||
|
||||
const token = uuidv4();
|
||||
this.temporaryClientTable[clientId].authToken = token;
|
||||
|
||||
return token;
|
||||
}
|
||||
}
|
||||
|
||||
export const clientHandler = new ClientHandler();
|
||||
|
||||
Reference in New Issue
Block a user