mirror of
https://github.com/Drop-OSS/drop.git
synced 2025-11-09 20:12:10 +10:00
b72e1ef7a4
* feat: code-based authorization * fix: final touches * fix: require session on code fetch endpoint * feat: better error handling * refactor: move auth send to client handler * fix: lint
31 lines
861 B
TypeScript
31 lines
861 B
TypeScript
import clientHandler from "~/server/internal/clients/handler";
|
|
import sessionHandler from "~/server/internal/session";
|
|
|
|
export default defineEventHandler(async (h3) => {
|
|
const user = await sessionHandler.getSession(h3);
|
|
if (!user) throw createError({ statusCode: 403 });
|
|
|
|
const body = await readBody(h3);
|
|
const clientId = await body.id;
|
|
|
|
const client = await clientHandler.fetchClient(clientId);
|
|
if (!client)
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: "Invalid or expired client ID.",
|
|
});
|
|
|
|
if (client.userId != user.userId)
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: "Not allowed to authorize this client.",
|
|
});
|
|
|
|
const token = await clientHandler.generateAuthToken(clientId);
|
|
|
|
return {
|
|
redirect: `drop://handshake/${clientId}/${token}`,
|
|
token: `${clientId}/${token}`,
|
|
};
|
|
});
|