set resource session as base domain cookie

2025-08-05 10:35:18 +02:00 · 2024-11-27 00:07:40 -05:00 · 2024-11-27 00:07:40 -05:00 · 8178dd1525
commit 8178dd1525
parent 41e531306d
13 changed files with 169 additions and 52 deletions
--- a/server/routers/auth/checkResourceSession.ts
+++ b/server/routers/auth/checkResourceSession.ts
@ -0,0 +1,65 @@
+import { Request, Response, NextFunction } from "express";
+import createHttpError from "http-errors";
+import { z } from "zod";
+import { fromError } from "zod-validation-error";
+import HttpCode from "@server/types/HttpCode";
+import { response } from "@server/utils";
+import { validateSessionToken } from "@server/auth";
+import { validateResourceSessionToken } from "@server/auth/resource";
+
+export const params = z.object({
+    token: z.string(),
+    resourceId: z.string().transform(Number).pipe(z.number().int().positive()),
+});
+
+export type CheckResourceSessionParams = z.infer<typeof params>;
+
+export type CheckResourceSessionResponse = {
+    valid: boolean;
+};
+
+export async function checkResourceSession(
+    req: Request,
+    res: Response,
+    next: NextFunction,
+): Promise<any> {
+    const parsedParams = params.safeParse(req.params);
+
+    if (!parsedParams.success) {
+        return next(
+            createHttpError(
+                HttpCode.BAD_REQUEST,
+                fromError(parsedParams.error).toString(),
+            ),
+        );
+    }
+
+    const { token, resourceId } = parsedParams.data;
+
+    try {
+        const { resourceSession } = await validateResourceSessionToken(
+            token,
+            resourceId,
+        );
+
+        let valid = false;
+        if (resourceSession) {
+            valid = true;
+        }
+
+        return response<CheckResourceSessionResponse>(res, {
+            data: { valid },
+            success: true,
+            error: false,
+            message: "Checked validity",
+            status: HttpCode.OK,
+        });
+    } catch (e) {
+        return next(
+            createHttpError(
+                HttpCode.INTERNAL_SERVER_ERROR,
+                "Failed to reset password",
+            ),
+        );
+    }
+}
--- a/server/routers/auth/index.ts
+++ b/server/routers/auth/index.ts
@ -9,3 +9,4 @@ export * from "./requestEmailVerificationCode";
 export * from "./changePassword";
 export * from "./requestPasswordReset";
 export * from "./resetPassword";
+export * from "./checkResourceSession";