Ryan/drop
1
0
Fork 0
mirror of https://github.com/Drop-OSS/drop.git synced 2025-11-13 16:22:39 +10:00
Code Issues Packages Projects Releases Wiki Activity

beginnings of download implementation

Browse Source
This commit is contained in:
DecDuck
2024-10-12 17:34:09 +11:00
parent 328b9ba46c
commit 8674ac7211
5 changed files with 62 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
server/internal/clients/event-handler.ts
View File

@ -14,6 +14,8 @@ type ClientUtils = {
fetchUser: () => Promise<User>;
};
const NONCE_LENIENCE = 30_000;
export function defineClientEventHandler<T>(handler: EventHandlerFunction<T>) {
return defineEventHandler(async (h3) => {
const header = await getHeader(h3, "Authorization");
@ -30,6 +32,21 @@ export function defineClientEventHandler<T>(handler: EventHandlerFunction<T>) {
if (!clientId || !nonce || !signature)
throw createError({ statusCode: 403 });
const nonceTime = parseInt(nonce);
const current = Date.now();
if (
// If it was generated in the future
nonceTime > current ||
// Or more than thirty seconds ago
nonceTime < current - NONCE_LENIENCE
) {
// We reject the request
throw createError({
statusCode: 403,
statusMessage: "Nonce expired",
});
}
const ca = h3.context.ca;
const certBundle = await ca.fetchClientCertificate(clientId);
if (!certBundle)