feat: annotated client routes

server/api/v1/client/auth/callback/index.post.ts

@@ -1,30 +1,41 @@
+import { type } from "arktype";
+import { readDropValidatedBody, throwingArktype } from "~/server/arktype";
+import aclManager from "~/server/internal/acls";
 import clientHandler from "~/server/internal/clients/handler";
-import sessionHandler from "~/server/internal/session";
 
-export default defineEventHandler(async (h3) => {
-  const user = await sessionHandler.getSession(h3);
-  if (!user) throw createError({ statusCode: 403 });
+const AuthorizeBody = type({
+  id: "string",
+}).configure(throwingArktype);
 
-  const body = await readBody(h3);
-  const clientId = await body.id;
+/**
+ * Finalize the authorization for a client
+ */
+export default defineEventHandler<{ body: typeof AuthorizeBody.infer }>(
+  async (h3) => {
+    const userId = await aclManager.getUserIdACL(h3, []);
+    if (!userId) throw createError({ statusCode: 403 });
 
-  const client = await clientHandler.fetchClient(clientId);
-  if (!client)
-    throw createError({
-      statusCode: 400,
-      statusMessage: "Invalid or expired client ID.",
-    });
+    const body = await readDropValidatedBody(h3, AuthorizeBody);
+    const clientId = body.id;
 
-  if (client.userId != user.userId)
-    throw createError({
-      statusCode: 403,
-      statusMessage: "Not allowed to authorize this client.",
-    });
+    const client = await clientHandler.fetchClient(clientId);
+    if (!client)
+      throw createError({
+        statusCode: 400,
+        statusMessage: "Invalid or expired client ID.",
+      });
 
-  const token = await clientHandler.generateAuthToken(clientId);
+    if (client.userId != userId)
+      throw createError({
+        statusCode: 403,
+        statusMessage: "Not allowed to authorize this client.",
+      });
 
-  return {
-    redirect: `drop://handshake/${clientId}/${token}`,
-    token: `${clientId}/${token}`,
-  };
-});
+    const token = await clientHandler.generateAuthToken(clientId);
+
+    return {
+      redirect: `drop://handshake/${clientId}/${token}`,
+      token: `${clientId}/${token}`,
+    };
+  },
+);

server/api/v1/client/auth/code/index.get.ts

@@ -1,17 +1,22 @@
+import { ArkErrors, type } from "arktype";
+import aclManager from "~/server/internal/acls";
 import clientHandler from "~/server/internal/clients/handler";
-import sessionHandler from "~/server/internal/session";
 
-export default defineEventHandler(async (h3) => {
-  const user = await sessionHandler.getSession(h3);
-  if (!user) throw createError({ statusCode: 403 });
+const Query = type({
+  code: "string.upper",
+});
 
-  const query = getQuery(h3);
-  const code = query.code?.toString()?.toUpperCase();
-  if (!code)
-    throw createError({
-      statusCode: 400,
-      statusMessage: "Code required in query params.",
-    });
+/**
+ * Fetch client ID by authorize code
+ */
+export default defineEventHandler<{ query: typeof Query.infer }>(async (h3) => {
+  const userId = await aclManager.getUserIdACL(h3, []);
+  if (!userId) throw createError({ statusCode: 403 });
+
+  const query = Query(getQuery(h3));
+  if (query instanceof ArkErrors)
+    throw createError({ statusCode: 400, statusMessage: query.summary });
+  const code = query.code;
 
   const clientId = await clientHandler.fetchClientIdByCode(code);
   if (!clientId)

server/api/v1/client/auth/code/index.post.ts

@@ -1,35 +1,46 @@
+import { type } from "arktype";
+import { readDropValidatedBody, throwingArktype } from "~/server/arktype";
+import aclManager from "~/server/internal/acls";
 import clientHandler from "~/server/internal/clients/handler";
-import sessionHandler from "~/server/internal/session";
 
-export default defineEventHandler(async (h3) => {
-  const user = await sessionHandler.getSession(h3);
-  if (!user) throw createError({ statusCode: 403 });
+const CodeAuthorize = type({
+  id: "string",
+}).configure(throwingArktype);
 
-  const body = await readBody(h3);
-  const clientId = await body.id;
+/**
+ * Authorize code by client ID, and send token via WS to client
+ */
+export default defineEventHandler<{ body: typeof CodeAuthorize.infer }>(
+  async (h3) => {
+    const userId = await aclManager.getUserIdACL(h3, []);
+    if (!userId) throw createError({ statusCode: 403 });
 
-  const client = await clientHandler.fetchClient(clientId);
-  if (!client)
-    throw createError({
-      statusCode: 400,
-      statusMessage: "Invalid or expired client ID.",
-    });
+    const body = await readDropValidatedBody(h3, CodeAuthorize);
+    const clientId = body.id;
 
-  if (client.userId != user.userId)
-    throw createError({
-      statusCode: 403,
-      statusMessage: "Not allowed to authorize this client.",
-    });
+    const client = await clientHandler.fetchClient(clientId);
+    if (!client)
+      throw createError({
+        statusCode: 400,
+        statusMessage: "Invalid or expired client ID.",
+      });
 
-  if (!client.peer)
-    throw createError({
-      statusCode: 500,
-      statusMessage: "No client listening for authorization.",
-    });
+    if (client.userId != userId)
+      throw createError({
+        statusCode: 403,
+        statusMessage: "Not allowed to authorize this client.",
+      });
 
-  const token = await clientHandler.generateAuthToken(clientId);
+    if (!client.peer)
+      throw createError({
+        statusCode: 500,
+        statusMessage: "No client listening for authorization.",
+      });
 
-  await clientHandler.sendAuthToken(clientId, token);
+    const token = await clientHandler.generateAuthToken(clientId);
 
-  return;
-});
+    await clientHandler.sendAuthToken(clientId, token);
+
+    return;
+  },
+);

server/api/v1/client/auth/code/ws.get.ts

@@ -1,6 +1,10 @@
 import type { FetchError } from "ofetch";
 import clientHandler from "~/server/internal/clients/handler";
 
+/**
+ * Client route to listen for code authorization. 
+ * @request Pass the code in the `Authorization` header
+ */
 export default defineWebSocketHandler({
   async open(peer) {
     try {

server/api/v1/client/auth/handshake.post.ts

@@ -1,45 +1,52 @@
+import { type } from "arktype";
+import { readDropValidatedBody, throwingArktype } from "~/server/arktype";
 import clientHandler from "~/server/internal/clients/handler";
 import { useCertificateAuthority } from "~/server/plugins/ca";
 
-export default defineEventHandler(async (h3) => {
-  const body = await readBody(h3);
-  const clientId = body.clientId;
-  const token = body.token;
-  if (!clientId || !token)
-    throw createError({
-      statusCode: 400,
-      statusMessage: "Missing token or client ID from body",
-    });
+const HandshakeBody = type({
+  clientId: "string",
+  token: "string",
+}).configure(throwingArktype);
 
-  const metadata = await clientHandler.fetchClient(clientId);
-  if (!metadata)
-    throw createError({
-      statusCode: 403,
-      statusMessage: "Invalid client ID",
-    });
-  if (!metadata.authToken || !metadata.userId)
-    throw createError({
-      statusCode: 400,
-      statusMessage: "Un-authorized client ID",
-    });
-  if (metadata.authToken !== token)
-    throw createError({
-      statusCode: 403,
-      statusMessage: "Invalid token",
-    });
+/**
+ * Client route to complete handshake, after the user has authorize it. 
+ */
+export default defineEventHandler<{ body: typeof HandshakeBody.infer }>(
+  async (h3) => {
+    const body = await readDropValidatedBody(h3, HandshakeBody);
+    const clientId = body.clientId;
+    const token = body.token;
 
-  const certificateAuthority = useCertificateAuthority();
-  const bundle = await certificateAuthority.generateClientCertificate(
-    clientId,
-    metadata.data.name,
-  );
+    const metadata = await clientHandler.fetchClient(clientId);
+    if (!metadata)
+      throw createError({
+        statusCode: 403,
+        statusMessage: "Invalid client ID",
+      });
+    if (!metadata.authToken || !metadata.userId)
+      throw createError({
+        statusCode: 400,
+        statusMessage: "Un-authorized client ID",
+      });
+    if (metadata.authToken !== token)
+      throw createError({
+        statusCode: 403,
+        statusMessage: "Invalid token",
+      });
 
-  const client = await clientHandler.finialiseClient(clientId);
-  await certificateAuthority.storeClientCertificate(clientId, bundle);
+    const certificateAuthority = useCertificateAuthority();
+    const bundle = await certificateAuthority.generateClientCertificate(
+      clientId,
+      metadata.data.name,
+    );
 
-  return {
-    private: bundle.priv,
-    certificate: bundle.cert,
-    id: client.id,
-  };
-});
+    const client = await clientHandler.finialiseClient(clientId);
+    await certificateAuthority.storeClientCertificate(clientId, bundle);
+
+    return {
+      private: bundle.priv,
+      certificate: bundle.cert,
+      id: client.id,
+    };
+  },
+);

server/api/v1/client/auth/index.get.ts

@@ -1,17 +1,22 @@
+import { ArkErrors, type } from "arktype";
+import aclManager from "~/server/internal/acls";
 import clientHandler from "~/server/internal/clients/handler";
-import sessionHandler from "~/server/internal/session";
 
-export default defineEventHandler(async (h3) => {
-  const user = await sessionHandler.getSession(h3);
-  if (!user) throw createError({ statusCode: 403 });
+const Query = type({
+  id: "string",
+});
 
-  const query = getQuery(h3);
-  const providedClientId = query.id?.toString();
-  if (!providedClientId)
-    throw createError({
-      statusCode: 400,
-      statusMessage: "Provide client ID in request params as 'id'",
-    });
+/**
+ * Fetch details about an authorization request, and claim it for the current user
+ */
+export default defineEventHandler<{ query: typeof Query.infer }>(async (h3) => {
+  const userId = await aclManager.getUserIdACL(h3, []);
+  if (!userId) throw createError({ statusCode: 403 });
+
+  const query = Query(getQuery(h3));
+  if (query instanceof ArkErrors)
+    throw createError({ statusCode: 400, statusMessage: query.summary });
+  const providedClientId = query.id;
 
   const client = await clientHandler.fetchClient(providedClientId);
   if (!client)
@@ -20,13 +25,13 @@ export default defineEventHandler(async (h3) => {
       statusMessage: "Request not found.",
     });
 
-  if (client.userId && user.userId !== client.userId)
+  if (client.userId && userId !== client.userId)
     throw createError({
       statusCode: 400,
       statusMessage: "Client already claimed.",
     });
 
-  await clientHandler.attachUserId(providedClientId, user.userId);
+  await clientHandler.attachUserId(providedClientId, userId);
 
   return client.data;
 });

server/api/v1/client/auth/initiate.post.ts

@@ -17,55 +17,61 @@ const ClientAuthInitiate = type({
   mode: type.valueOf(AuthMode).default(AuthMode.Callback),
 }).configure(throwingArktype);
 
-export default defineEventHandler(async (h3) => {
-  const body = await readDropValidatedBody(h3, ClientAuthInitiate);
+/**
+ * Client route to initiate authorization flow. 
+ * @response The requested callback or code.
+ */
+export default defineEventHandler<{ body: typeof ClientAuthInitiate.infer }>(
+  async (h3) => {
+    const body = await readDropValidatedBody(h3, ClientAuthInitiate);
 
-  const platformRaw = body.platform;
-  const capabilities: Partial<CapabilityConfiguration> =
-    body.capabilities ?? {};
+    const platformRaw = body.platform;
+    const capabilities: Partial<CapabilityConfiguration> =
+      body.capabilities ?? {};
 
-  const platform = parsePlatform(platformRaw);
-  if (!platform)
-    throw createError({
-      statusCode: 400,
-      statusMessage: "Invalid or unsupported platform",
+    const platform = parsePlatform(platformRaw);
+    if (!platform)
+      throw createError({
+        statusCode: 400,
+        statusMessage: "Invalid or unsupported platform",
+      });
+
+    const capabilityIterable = Object.entries(capabilities) as Array<
+      [InternalClientCapability, object]
+    >;
+    if (
+      capabilityIterable.length > 0 &&
+      capabilityIterable
+        .map(([capability]) => validCapabilities.find((v) => capability == v))
+        .filter((e) => e).length == 0
+    )
+      throw createError({
+        statusCode: 400,
+        statusMessage: "Invalid capabilities.",
+      });
+
+    if (
+      capabilityIterable.length > 0 &&
+      capabilityIterable.filter(
+        ([capability, configuration]) =>
+          !capabilityManager.validateCapabilityConfiguration(
+            capability,
+            configuration,
+          ),
+      ).length > 0
+    )
+      throw createError({
+        statusCode: 400,
+        statusMessage: "Invalid capability configuration.",
+      });
+
+    const result = await clientHandler.initiate({
+      name: body.name,
+      platform,
+      capabilities,
+      mode: body.mode,
     });
 
-  const capabilityIterable = Object.entries(capabilities) as Array<
-    [InternalClientCapability, object]
-  >;
-  if (
-    capabilityIterable.length > 0 &&
-    capabilityIterable
-      .map(([capability]) => validCapabilities.find((v) => capability == v))
-      .filter((e) => e).length == 0
-  )
-    throw createError({
-      statusCode: 400,
-      statusMessage: "Invalid capabilities.",
-    });
-
-  if (
-    capabilityIterable.length > 0 &&
-    capabilityIterable.filter(
-      ([capability, configuration]) =>
-        !capabilityManager.validateCapabilityConfiguration(
-          capability,
-          configuration,
-        ),
-    ).length > 0
-  )
-    throw createError({
-      statusCode: 400,
-      statusMessage: "Invalid capability configuration.",
-    });
-
-  const result = await clientHandler.initiate({
-    name: body.name,
-    platform,
-    capabilities,
-    mode: body.mode,
-  });
-
-  return result;
-});
+    return result;
+  },
+);

server/api/v1/client/auth/session.post.ts

@@ -1 +0,0 @@
-export default defineEventHandler((_h3) => {});