mirror/fosrl.pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2025-07-25 13:15:02 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

set resource session cookie in proxy via param

Browse source
This commit is contained in:
Milo Schwartz 2024-11-23 23:31:22 -05:00
parent 34c9093469
commit d7c4bc43a4
No known key found for this signature in database
12 changed files with 143 additions and 81 deletions
Download patch file Download diff file Expand all files Collapse all files

34
server/auth/resource.ts
View file

@ -15,12 +15,12 @@ export async function createResourceSession(opts: {
}): Promise<ResourceSession> {
if (!opts.passwordId && !opts.pincodeId) {
throw new Error(
"At least one of passwordId or pincodeId must be provided"
"At least one of passwordId or pincodeId must be provided",
);
}
const sessionId = encodeHexLowerCase(
sha256(new TextEncoder().encode(opts.token))
sha256(new TextEncoder().encode(opts.token)),
);
const session: ResourceSession = {
@ -38,10 +38,10 @@ export async function createResourceSession(opts: {
export async function validateResourceSessionToken(
token: string,
resourceId: number
resourceId: number,
): Promise<ResourceSessionValidationResult> {
const sessionId = encodeHexLowerCase(
sha256(new TextEncoder().encode(token))
sha256(new TextEncoder().encode(token)),
);
const result = await db
.select()
@ -49,8 +49,8 @@ export async function validateResourceSessionToken(
.where(
and(
eq(resourceSessions.sessionId, sessionId),
eq(resourceSessions.resourceId, resourceId)
)
eq(resourceSessions.resourceId, resourceId),
),
);
if (result.length < 1) {
@ -61,7 +61,7 @@ export async function validateResourceSessionToken(
if (Date.now() >= resourceSession.expiresAt - SESSION_COOKIE_EXPIRES / 2) {
resourceSession.expiresAt = new Date(
Date.now() + SESSION_COOKIE_EXPIRES
Date.now() + SESSION_COOKIE_EXPIRES,
).getTime();
await db
.update(resourceSessions)
@ -75,7 +75,7 @@ export async function validateResourceSessionToken(
}
export async function invalidateResourceSession(
sessionId: string
sessionId: string,
): Promise<void> {
await db
.delete(resourceSessions)
@ -87,7 +87,7 @@ export async function invalidateAllSessions(
method?: {
passwordId?: number;
pincodeId?: number;
}
},
): Promise<void> {
if (method?.passwordId) {
await db
@ -95,8 +95,8 @@ export async function invalidateAllSessions(
.where(
and(
eq(resourceSessions.resourceId, resourceId),
eq(resourceSessions.passwordId, method.passwordId)
)
eq(resourceSessions.passwordId, method.passwordId),
),
);
} else if (method?.pincodeId) {
await db
@ -104,8 +104,8 @@ export async function invalidateAllSessions(
.where(
and(
eq(resourceSessions.resourceId, resourceId),
eq(resourceSessions.pincodeId, method.pincodeId)
)
eq(resourceSessions.pincodeId, method.pincodeId),
),
);
} else {
await db
@ -117,18 +117,18 @@ export async function invalidateAllSessions(
export function serializeResourceSessionCookie(
token: string,
fqdn: string,
secure: boolean
secure: boolean,
): string {
if (secure) {
return `${SESSION_COOKIE_NAME}=${token}; HttpOnly; SameSite=Lax; Max-Age=${SESSION_COOKIE_EXPIRES}; Path=/; Secure; Domain=${fqdn}`;
return `${SESSION_COOKIE_NAME}=${token}; HttpOnly; SameSite=Lax; Max-Age=${SESSION_COOKIE_EXPIRES}; Path=/; Secure; Domain=.localhost`;
} else {
return `${SESSION_COOKIE_NAME}=${token}; HttpOnly; SameSite=Lax; Max-Age=${SESSION_COOKIE_EXPIRES}; Path=/; Domain=${fqdn}`;
return `${SESSION_COOKIE_NAME}=${token}; HttpOnly; SameSite=Lax; Max-Age=${SESSION_COOKIE_EXPIRES}; Path=/; Domain=.localhost`;
}
}
export function createBlankResourceSessionTokenCookie(
fqdn: string,
secure: boolean
secure: boolean,
): string {
if (secure) {
return `${SESSION_COOKIE_NAME}=; HttpOnly; SameSite=Lax; Max-Age=0; Path=/; Secure; Domain=${fqdn}`;