mirror of
https://github.com/Drop-OSS/drop.git
synced 2025-11-09 20:12:10 +10:00
1ae051f066
* chore: update prisma to 6.11 more prisma future proofing due to experimental features * chore: update dependencies twemoji - new unicode update argon2 - bux fixes vue3-carousel - improve mobile experiance vue-tsc - more stable * fix: incorrect prisma version in docker Also remove default value for BUILD_DROP_VERSION, that is now handled in nuxt config * fix: no logging in prod * chore: optimize docker builds even more * fix: revert adoption of prisma driverAdapters see: https://github.com/prisma/prisma/issues/27486 * chore: optimize dockerignore some more * Fix `pino-pretty` not being included in build (#135) * Remove `pino` from frontend * Fix for downloads and removing of library source (#136) * fix: downloads and removing library source * fix: linting * Fix max file size of 4GB (update droplet) (#137) * Fix manual metadata import (#138) * chore(deps): bump vue-i18n from 10.0.7 to 10.0.8 (#140) Bumps [vue-i18n](https://github.com/intlify/vue-i18n/tree/HEAD/packages/vue-i18n) from 10.0.7 to 10.0.8. - [Release notes](https://github.com/intlify/vue-i18n/releases) - [Changelog](https://github.com/intlify/vue-i18n/blob/master/CHANGELOG.md) - [Commits](https://github.com/intlify/vue-i18n/commits/v10.0.8/packages/vue-i18n) --- updated-dependencies: - dependency-name: vue-i18n dependency-version: 10.0.8 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump @intlify/core from 10.0.7 to 10.0.8 (#139) --- updated-dependencies: - dependency-name: "@intlify/core" dependency-version: 10.0.8 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Small fixes (#141) * fix: save task as Json rather than string * fix: pull objects before creating game in database * fix: strips relative dirs from version information * fix: #132 * fix: lint * fix: news object ids and small tweaks * fix: notification styling errors * fix: lint * fix: build issues by regenerating lockfile --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: DecDuck <declanahofmeyr@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
135 lines
3.6 KiB
TypeScript
135 lines
3.6 KiB
TypeScript
import type { ClientModel, UserModel } from "~/prisma/client/models";
|
|
import type { EventHandlerRequest, H3Event } from "h3";
|
|
import droplet from "@drop-oss/droplet";
|
|
import prisma from "../db/database";
|
|
import { useCertificateAuthority } from "~/server/plugins/ca";
|
|
|
|
export type EventHandlerFunction<T> = (
|
|
h3: H3Event<EventHandlerRequest>,
|
|
utils: ClientUtils,
|
|
) => Promise<T> | T;
|
|
|
|
type ClientUtils = {
|
|
clientId: string;
|
|
fetchClient: () => Promise<ClientModel>;
|
|
fetchUser: () => Promise<UserModel>;
|
|
};
|
|
|
|
const NONCE_LENIENCE = 30_000;
|
|
|
|
export function defineClientEventHandler<T>(handler: EventHandlerFunction<T>) {
|
|
return defineEventHandler(async (h3) => {
|
|
const header = getHeader(h3, "Authorization");
|
|
if (!header) throw createError({ statusCode: 403 });
|
|
const [method, ...parts] = header.split(" ");
|
|
|
|
let clientId: string;
|
|
switch (method) {
|
|
case "Debug": {
|
|
if (!import.meta.dev) throw createError({ statusCode: 403 });
|
|
const client = await prisma.client.findFirst({ select: { id: true } });
|
|
if (!client)
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: "No clients created.",
|
|
});
|
|
clientId = client.id;
|
|
break;
|
|
}
|
|
case "Nonce": {
|
|
clientId = parts[0];
|
|
const nonce = parts[1];
|
|
const signature = parts[2];
|
|
|
|
if (!clientId || !nonce || !signature)
|
|
throw createError({ statusCode: 403 });
|
|
|
|
const nonceTime = parseInt(nonce);
|
|
const current = Date.now();
|
|
if (
|
|
// If it "will be generated" in thirty seconds
|
|
nonceTime > current + NONCE_LENIENCE ||
|
|
// Or more than thirty seconds ago
|
|
nonceTime < current - NONCE_LENIENCE
|
|
) {
|
|
// We reject the request
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: "Nonce expired",
|
|
});
|
|
}
|
|
|
|
const certificateAuthority = useCertificateAuthority();
|
|
const certBundle =
|
|
await certificateAuthority.fetchClientCertificate(clientId);
|
|
// This does the blacklist check already
|
|
if (!certBundle)
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: "Invalid client ID",
|
|
});
|
|
|
|
const valid = droplet.verifyNonce(certBundle.cert, nonce, signature);
|
|
if (!valid)
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: "Invalid nonce signature.",
|
|
});
|
|
break;
|
|
}
|
|
default: {
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: "No authentication",
|
|
});
|
|
}
|
|
}
|
|
|
|
if (clientId === undefined)
|
|
throw createError({
|
|
statusCode: 500,
|
|
statusMessage: "Failed to execute authentication pipeline.",
|
|
});
|
|
|
|
async function fetchClient() {
|
|
const client = await prisma.client.findUnique({
|
|
where: { id: clientId },
|
|
});
|
|
if (!client)
|
|
throw new Error(
|
|
"client util fetch client broke - this should NOT happen",
|
|
);
|
|
return client;
|
|
}
|
|
|
|
async function fetchUser() {
|
|
const client = await prisma.client.findUnique({
|
|
where: { id: clientId },
|
|
select: {
|
|
user: true,
|
|
},
|
|
});
|
|
|
|
if (!client)
|
|
throw new Error(
|
|
"client util fetch client broke - this should NOT happen",
|
|
);
|
|
|
|
return client.user;
|
|
}
|
|
|
|
const utils: ClientUtils = {
|
|
clientId,
|
|
fetchClient,
|
|
fetchUser,
|
|
};
|
|
|
|
await prisma.client.update({
|
|
where: { id: clientId },
|
|
data: { lastConnected: new Date() },
|
|
});
|
|
|
|
return await handler(h3, utils);
|
|
});
|
|
}
|