allow access token in resource url

server/auth/verifyResourceAccessToken.ts

@@ -0,0 +1,67 @@
+import db from "@server/db";
+import {
+    Resource,
+    ResourceAccessToken,
+    resourceAccessToken,
+} from "@server/db/schema";
+import { and, eq } from "drizzle-orm";
+import { isWithinExpirationDate } from "oslo";
+import { verifyPassword } from "./password";
+
+export async function verifyResourceAccessToken({
+    resource,
+    accessTokenId,
+    accessToken
+}: {
+    resource: Resource;
+    accessTokenId: string;
+    accessToken: string;
+}): Promise<{
+    valid: boolean;
+    error?: string;
+    tokenItem?: ResourceAccessToken;
+}> {
+    const [result] = await db
+        .select()
+        .from(resourceAccessToken)
+        .where(
+            and(
+                eq(resourceAccessToken.resourceId, resource.resourceId),
+                eq(resourceAccessToken.accessTokenId, accessTokenId)
+            )
+        )
+        .limit(1);
+
+    const tokenItem = result;
+
+    if (!tokenItem) {
+        return {
+            valid: false,
+            error: "Access token does not exist for resource"
+        };
+    }
+
+    const validCode = await verifyPassword(accessToken, tokenItem.tokenHash);
+
+    if (!validCode) {
+        return {
+            valid: false,
+            error: "Invalid access token"
+        };
+    }
+
+    if (
+        tokenItem.expiresAt &&
+        !isWithinExpirationDate(new Date(tokenItem.expiresAt))
+    ) {
+        return {
+            valid: false,
+            error: "Access token has expired"
+        };
+    }
+
+    return {
+        valid: true,
+        tokenItem
+    };
+}