mirror of
https://github.com/Drop-OSS/drop.git
synced 2025-11-20 11:41:14 +10:00
53 lines
1.5 KiB
TypeScript
53 lines
1.5 KiB
TypeScript
import { type } from "arktype";
|
|
import { readDropValidatedBody, throwingArktype } from "~/server/arktype";
|
|
import clientHandler from "~/server/internal/clients/handler";
|
|
import { useCertificateAuthority } from "~/server/plugins/ca";
|
|
|
|
const HandshakeBody = type({
|
|
clientId: "string",
|
|
token: "string",
|
|
}).configure(throwingArktype);
|
|
|
|
/**
|
|
* Client route to complete handshake, after the user has authorize it.
|
|
*/
|
|
export default defineEventHandler<{ body: typeof HandshakeBody.infer }>(
|
|
async (h3) => {
|
|
const body = await readDropValidatedBody(h3, HandshakeBody);
|
|
const clientId = body.clientId;
|
|
const token = body.token;
|
|
|
|
const metadata = await clientHandler.fetchClient(clientId);
|
|
if (!metadata)
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: "Invalid client ID",
|
|
});
|
|
if (!metadata.authToken || !metadata.userId)
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: "Un-authorized client ID",
|
|
});
|
|
if (metadata.authToken !== token)
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: "Invalid token",
|
|
});
|
|
|
|
const certificateAuthority = useCertificateAuthority();
|
|
const bundle = await certificateAuthority.generateClientCertificate(
|
|
clientId,
|
|
metadata.data.name,
|
|
);
|
|
|
|
const client = await clientHandler.finialiseClient(clientId);
|
|
await certificateAuthority.storeClientCertificate(clientId, bundle);
|
|
|
|
return {
|
|
private: bundle.priv,
|
|
certificate: bundle.cert,
|
|
id: client.id,
|
|
};
|
|
},
|
|
);
|