feat: annotated client routes

server/api/v1/client/auth/code/index.get.ts

@@ -1,17 +1,22 @@
+import { ArkErrors, type } from "arktype";
+import aclManager from "~/server/internal/acls";
 import clientHandler from "~/server/internal/clients/handler";
-import sessionHandler from "~/server/internal/session";
 
-export default defineEventHandler(async (h3) => {
-  const user = await sessionHandler.getSession(h3);
-  if (!user) throw createError({ statusCode: 403 });
+const Query = type({
+  code: "string.upper",
+});
 
-  const query = getQuery(h3);
-  const code = query.code?.toString()?.toUpperCase();
-  if (!code)
-    throw createError({
-      statusCode: 400,
-      statusMessage: "Code required in query params.",
-    });
+/**
+ * Fetch client ID by authorize code
+ */
+export default defineEventHandler<{ query: typeof Query.infer }>(async (h3) => {
+  const userId = await aclManager.getUserIdACL(h3, []);
+  if (!userId) throw createError({ statusCode: 403 });
+
+  const query = Query(getQuery(h3));
+  if (query instanceof ArkErrors)
+    throw createError({ statusCode: 400, statusMessage: query.summary });
+  const code = query.code;
 
   const clientId = await clientHandler.fetchClientIdByCode(code);
   if (!clientId)

server/api/v1/client/auth/code/index.post.ts

@@ -1,35 +1,46 @@
+import { type } from "arktype";
+import { readDropValidatedBody, throwingArktype } from "~/server/arktype";
+import aclManager from "~/server/internal/acls";
 import clientHandler from "~/server/internal/clients/handler";
-import sessionHandler from "~/server/internal/session";
 
-export default defineEventHandler(async (h3) => {
-  const user = await sessionHandler.getSession(h3);
-  if (!user) throw createError({ statusCode: 403 });
+const CodeAuthorize = type({
+  id: "string",
+}).configure(throwingArktype);
 
-  const body = await readBody(h3);
-  const clientId = await body.id;
+/**
+ * Authorize code by client ID, and send token via WS to client
+ */
+export default defineEventHandler<{ body: typeof CodeAuthorize.infer }>(
+  async (h3) => {
+    const userId = await aclManager.getUserIdACL(h3, []);
+    if (!userId) throw createError({ statusCode: 403 });
 
-  const client = await clientHandler.fetchClient(clientId);
-  if (!client)
-    throw createError({
-      statusCode: 400,
-      statusMessage: "Invalid or expired client ID.",
-    });
+    const body = await readDropValidatedBody(h3, CodeAuthorize);
+    const clientId = body.id;
 
-  if (client.userId != user.userId)
-    throw createError({
-      statusCode: 403,
-      statusMessage: "Not allowed to authorize this client.",
-    });
+    const client = await clientHandler.fetchClient(clientId);
+    if (!client)
+      throw createError({
+        statusCode: 400,
+        statusMessage: "Invalid or expired client ID.",
+      });
 
-  if (!client.peer)
-    throw createError({
-      statusCode: 500,
-      statusMessage: "No client listening for authorization.",
-    });
+    if (client.userId != userId)
+      throw createError({
+        statusCode: 403,
+        statusMessage: "Not allowed to authorize this client.",
+      });
 
-  const token = await clientHandler.generateAuthToken(clientId);
+    if (!client.peer)
+      throw createError({
+        statusCode: 500,
+        statusMessage: "No client listening for authorization.",
+      });
 
-  await clientHandler.sendAuthToken(clientId, token);
+    const token = await clientHandler.generateAuthToken(clientId);
 
-  return;
-});
+    await clientHandler.sendAuthToken(clientId, token);
+
+    return;
+  },
+);

server/api/v1/client/auth/code/ws.get.ts

@@ -1,6 +1,10 @@
 import type { FetchError } from "ofetch";
 import clientHandler from "~/server/internal/clients/handler";
 
+/**
+ * Client route to listen for code authorization. 
+ * @request Pass the code in the `Authorization` header
+ */
 export default defineWebSocketHandler({
   async open(peer) {
     try {