mirror/fosrl.pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2025-07-28 14:44:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

added initial schema for resource sessions and auth types

Browse source
This commit is contained in:
Milo Schwartz 2024-11-16 22:41:43 -05:00
parent b4442a3bf7
commit cc674c2b9c
No known key found for this signature in database
8 changed files with 381 additions and 89 deletions
Download patch file Download diff file Expand all files Collapse all files

125
server/auth/resource.ts Normal file
View file

@ -0,0 +1,125 @@
import { encodeHexLowerCase } from "@oslojs/encoding";
import { sha256 } from "@oslojs/crypto/sha2";
import {
resourceSessions,
ResourceSession,
User,
users,
} from "@server/db/schema";
import db from "@server/db";
import { eq, and } from "drizzle-orm";
export const SESSION_COOKIE_NAME = "resource_session";
export const SESSION_COOKIE_EXPIRES = 1000 * 60 * 60 * 24 * 30;
export type ResourceAuthMethod = "password" | "pincode";
export async function createResourceSession(
token: string,
userId: string,
resourceId: number,
method: ResourceAuthMethod
): Promise<ResourceSession> {
const sessionId = encodeHexLowerCase(
sha256(new TextEncoder().encode(token))
);
const session: ResourceSession = {
sessionId: sessionId,
userId,
expiresAt: new Date(Date.now() + SESSION_COOKIE_EXPIRES).getTime(),
resourceId,
method,
};
await db.insert(resourceSessions).values(session);
return session;
}
export async function validateResourceSessionToken(
token: string
): Promise<ResourceSessionValidationResult> {
const sessionId = encodeHexLowerCase(
sha256(new TextEncoder().encode(token))
);
const result = await db
.select({ user: users, resourceSession: resourceSessions })
.from(resourceSessions)
.innerJoin(users, eq(resourceSessions.userId, users.userId))
.where(eq(resourceSessions.sessionId, sessionId));
if (result.length < 1) {
return { session: null, user: null };
}
const { user, resourceSession } = result[0];
if (Date.now() >= resourceSession.expiresAt) {
await db
.delete(resourceSessions)
.where(eq(resourceSessions.sessionId, resourceSession.sessionId));
return { session: null, user: null };
}
if (Date.now() >= resourceSession.expiresAt - SESSION_COOKIE_EXPIRES / 2) {
resourceSession.expiresAt = new Date(
Date.now() + SESSION_COOKIE_EXPIRES
).getTime();
await db
.update(resourceSessions)
.set({
expiresAt: resourceSession.expiresAt,
})
.where(eq(resourceSessions.sessionId, resourceSession.sessionId));
}
return { session: resourceSession, user };
}
export async function invalidateResourceSession(
sessionId: string
): Promise<void> {
await db
.delete(resourceSessions)
.where(eq(resourceSessions.sessionId, sessionId));
}
export async function invalidateAllSessions(
userId: string,
method?: ResourceAuthMethod
): Promise<void> {
if (!method) {
await db
.delete(resourceSessions)
.where(eq(resourceSessions.userId, userId));
} else {
await db
.delete(resourceSessions)
.where(
and(
eq(resourceSessions.userId, userId),
eq(resourceSessions.method, method)
)
);
}
}
export function serializeSessionCookie(
token: string,
fqdn: string,
secure: boolean
): string {
if (secure) {
return `${SESSION_COOKIE_NAME}=${token}; HttpOnly; SameSite=Lax; Max-Age=${SESSION_COOKIE_EXPIRES}; Path=/; Secure; Domain=${fqdn}`;
} else {
return `${SESSION_COOKIE_NAME}=${token}; HttpOnly; SameSite=Lax; Max-Age=${SESSION_COOKIE_EXPIRES}; Path=/; Domain=${fqdn}`;
}
}
export function createBlankSessionTokenCookie(
fqdn: string,
secure: boolean
): string {
if (secure) {
return `${SESSION_COOKIE_NAME}=; HttpOnly; SameSite=Lax; Max-Age=0; Path=/; Secure; Domain=${fqdn}`;
} else {
return `${SESSION_COOKIE_NAME}=; HttpOnly; SameSite=Lax; Max-Age=0; Path=/; Domain=${fqdn}`;
}
}
export type ResourceSessionValidationResult =
| { session: ResourceSession; user: User }
| { session: null; user: null };