feat: annotated client routes

2025-11-21 12:11:09 +10:00 · 2025-08-10 15:51:10 +10:00
parent 824b4e708b
commit 7c234067a5
31 changed files with 479 additions and 389 deletions
--- a/server/api/v1/client/auth/handshake.post.ts
+++ b/server/api/v1/client/auth/handshake.post.ts
@ -1,45 +1,52 @@
+import { type } from "arktype";
+import { readDropValidatedBody, throwingArktype } from "~/server/arktype";
 import clientHandler from "~/server/internal/clients/handler";
 import { useCertificateAuthority } from "~/server/plugins/ca";

-export default defineEventHandler(async (h3) => {
-  const body = await readBody(h3);
-  const clientId = body.clientId;
-  const token = body.token;
-  if (!clientId || !token)
-    throw createError({
-      statusCode: 400,
-      statusMessage: "Missing token or client ID from body",
-    });
+const HandshakeBody = type({
+  clientId: "string",
+  token: "string",
+}).configure(throwingArktype);

-  const metadata = await clientHandler.fetchClient(clientId);
-  if (!metadata)
-    throw createError({
-      statusCode: 403,
-      statusMessage: "Invalid client ID",
-    });
-  if (!metadata.authToken || !metadata.userId)
-    throw createError({
-      statusCode: 400,
-      statusMessage: "Un-authorized client ID",
-    });
-  if (metadata.authToken !== token)
-    throw createError({
-      statusCode: 403,
-      statusMessage: "Invalid token",
-    });
+/**
+ * Client route to complete handshake, after the user has authorize it. 
+ */
+export default defineEventHandler<{ body: typeof HandshakeBody.infer }>(
+  async (h3) => {
+    const body = await readDropValidatedBody(h3, HandshakeBody);
+    const clientId = body.clientId;
+    const token = body.token;

-  const certificateAuthority = useCertificateAuthority();
-  const bundle = await certificateAuthority.generateClientCertificate(
-    clientId,
-    metadata.data.name,
-  );
+    const metadata = await clientHandler.fetchClient(clientId);
+    if (!metadata)
+      throw createError({
+        statusCode: 403,
+        statusMessage: "Invalid client ID",
+      });
+    if (!metadata.authToken || !metadata.userId)
+      throw createError({
+        statusCode: 400,
+        statusMessage: "Un-authorized client ID",
+      });
+    if (metadata.authToken !== token)
+      throw createError({
+        statusCode: 403,
+        statusMessage: "Invalid token",
+      });

-  const client = await clientHandler.finialiseClient(clientId);
-  await certificateAuthority.storeClientCertificate(clientId, bundle);
+    const certificateAuthority = useCertificateAuthority();
+    const bundle = await certificateAuthority.generateClientCertificate(
+      clientId,
+      metadata.data.name,
+    );

-  return {
-    private: bundle.priv,
-    certificate: bundle.cert,
-    id: client.id,
-  };
-});
+    const client = await clientHandler.finialiseClient(clientId);
+    await certificateAuthority.storeClientCertificate(clientId, bundle);
+
+    return {
+      private: bundle.priv,
+      certificate: bundle.cert,
+      id: client.id,
+    };
+  },
+);