another stage of client authentication

This commit is contained in:
DecDuck
2024-10-08 16:13:46 +11:00
parent 909432a6ce
commit 7523e536b5
10 changed files with 345 additions and 82 deletions
+26 -2
View File
@@ -1,3 +1,27 @@
export default defineEventHandler((h3) => {
import clientHandler from "~/server/internal/clients/handler";
});
export default defineEventHandler(async (h3) => {
const userId = await h3.context.session.getUserId(h3);
if (!userId) throw createError({ statusCode: 403 });
const query = getQuery(h3);
const providedClientId = query.id?.toString();
if (!providedClientId)
throw createError({
statusCode: 400,
statusMessage: "Provide client ID in request params as 'id'",
});
const data = await clientHandler.fetchInitiateClientMetadata(
providedClientId
);
if (!data)
throw createError({
statusCode: 404,
statusMessage: "Request not found.",
});
await clientHandler.attachUserId(providedClientId, userId);
return data;
});
+19 -2
View File
@@ -1,3 +1,20 @@
export default defineEventHandler((h3) => {
import clientHandler from "~/server/internal/clients/handler";
});
export default defineEventHandler(async (h3) => {
const userId = await h3.context.session.getUserId(h3);
if (!userId) throw createError({ statusCode: 403 });
const body = await readBody(h3);
const clientId = await body.id;
const data = await clientHandler.fetchInitiateClientMetadata(clientId);
if (!data)
throw createError({
statusCode: 400,
statusMessage: "Invalid or expired client ID.",
});
const token = await clientHandler.generateAuthToken(clientId);
return `drop://handshake/${clientId}/${token}`;
});
+1 -1
View File
@@ -10,7 +10,7 @@ Server responds with a URL to send the user to. It generates a device ID, which
## 2. User signs in
Client sends user to the provided URL (in external browser). User signs in using the existing authentication stack.
Server sends redirect to drop://handshake/[id]/[token], where the token is an authentication token to generate the necessary certificates, and the ID is the client ID as generated by the server.
Server sends redirect to `drop://handshake/[id]/[token]`, where the token is an authentication token to generate the necessary certificates, and the ID is the client ID as generated by the server.
## 3. Client requests certificates
Client makes request: `POST /api/v1/client/handshake` with the token recieved in the previous step.
+28 -1
View File
@@ -7,7 +7,12 @@ export interface ClientMetadata {
export class ClientHandler {
private temporaryClientTable: {
[key: string]: { timeout: NodeJS.Timeout; data: ClientMetadata };
[key: string]: {
timeout: NodeJS.Timeout;
data: ClientMetadata;
userId?: string;
authToken?: string;
};
} = {};
async initiate(metadata: ClientMetadata) {
@@ -23,6 +28,28 @@ export class ClientHandler {
return clientId;
}
async fetchInitiateClientMetadata(clientId: string) {
const entry = this.temporaryClientTable[clientId];
if (!entry) return undefined;
return entry.data;
}
async attachUserId(clientId: string, userId: string) {
if (!this.temporaryClientTable[clientId])
throw new Error("Invalid clientId for attaching userId");
this.temporaryClientTable[clientId].userId = userId;
}
async generateAuthToken(clientId: string) {
const entry = this.temporaryClientTable[clientId];
if (!entry) throw new Error("Invalid clientId to generate token");
const token = uuidv4();
this.temporaryClientTable[clientId].authToken = token;
return token;
}
}
export const clientHandler = new ClientHandler();