From 57eea2e79f02c1a6d7fab93859de2afa15183f4b Mon Sep 17 00:00:00 2001 From: bat Date: Sun, 4 Jun 2023 06:50:06 +0000 Subject: [PATCH] add storage handler and guard auth --- auth.js | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- server.js | 34 ++++++++++++++++++++++++------ storage.js | 7 +++++++ 3 files changed, 94 insertions(+), 8 deletions(-) create mode 100644 storage.js diff --git a/auth.js b/auth.js index aa232ea..0fe1f61 100644 --- a/auth.js +++ b/auth.js @@ -66,6 +66,13 @@ export class Auth { ) } + get userinfoEndpoint() { + return ( + this.giteaAppBaseUrl + + '/login/oauth/userinfo' + ) + } + async getToken(code) { const resp = await fetch(this.tokenEndpoint, { method: 'POST', @@ -140,7 +147,7 @@ export class Auth { grant_type: 'refresh_token', }) }) - return await resp.json() + return resp.ok } async refresh(event) { @@ -148,7 +155,8 @@ export class Auth { const cookies = cookie.getCookies( event.request.headers ) - const data = await this.refreshToken(body) + const token = cookies['oauth.gitea.refreshToken'] + const data = await this.refreshToken(token) this.saveTokens(headers, data) event.respondWith( new Response(JSON.stringify({}), {headers}) @@ -170,4 +178,53 @@ export class Auth { )) } } + + async userInfo(token) { + const resp = await fetch(this.userinfoEndpoint, { + method: 'GET', + headers: { + Accept: 'application/json', + 'Content-Type': 'application/json', + Authorization: `Bearer ${token}`, + }, + }) + return { + resp, + json: await resp.json() + } + } + + async requireAuth(event) { + const headers = new Headers() + const cookies = cookie.getCookies( + event.request.headers + ) + const token = cookies['oauth.gitea.accessToken'] + if (!token) { + event.respondWith(Response.json( + {error: 'Token missing'}, {status: 401} + )) + return + } + const {resp, json} = await this.userInfo(token) + if (!resp.ok) { + const refresh = cookies['oauth.gitea.refreshToken'] + if (refresh) { + const data = await this.refreshToken(token) + this.saveTokens(headers, data) + const token = data.access_token + if (token) { + const {resp, json} = await this.userInfo(token) + return { + allow: resp.ok, + headers, + } + } + } + } + return { + allow: resp.ok, + headers, + } + } } \ No newline at end of file diff --git a/server.js b/server.js index b94c8d8..4b19675 100644 --- a/server.js +++ b/server.js @@ -1,5 +1,6 @@ import { Auth } from "./auth.js" import { Frontend } from "./frontend.js" +import { Storage } from "./storage.js" export class Server { async getEnv(variables) { @@ -61,6 +62,7 @@ export class Server { appBaseUrl: this.giteaAppBaseUrl, apiBaseUrl: this.giteaApiBaseUrl, }) + this.storage = new Storage() await Promise.all([ ...([ 'loader', @@ -74,14 +76,26 @@ export class Server { ].map(repo => ( server.frontend.loadRepo( 'macchiato', - repo, - {srcPath: [], destPath: [repo]} + repo.split('#')[0], + { + srcPath: [], + destPath: [repo], + ...( + repo.includes('#') ? + {ref: repo.split('#')[1]} : + {} + ), + } ) ))), server.frontend.loadRepo( 'macchiato', 'pages', - {srcPath: [], destPath: []} + { + srcPath: [], + destPath: [], + ref: 'shared-server', + }, ), server.frontend.loadRepo( 'macchiato', @@ -89,7 +103,7 @@ export class Server { { srcPath: [], destPath: ['server'], - ref: 'shared-server' + ref: 'shared-server', } ), ]) @@ -112,9 +126,17 @@ export class Server { } async serveRequest(event) { - const {pathname} = new URL(event.request.url) - if (pathname.startsWith(`${this.baseUrl}/api/auth`)) { + const {pathname: p} = new URL(event.request.url) + const base = this.baseUrl + if (p.startsWith(`${base}/api/auth`)) { await this.auth.serve(event) + } else if (p.startsWith(`${base}/api/storage`)) { + const {allow, headers} = ( + await this.auth.requireAuth(event) + ) + if (allowed) { + await this.storage.serve(event, headers) + } } else { await this.frontend.serve(event) } diff --git a/storage.js b/storage.js new file mode 100644 index 0000000..f6c6431 --- /dev/null +++ b/storage.js @@ -0,0 +1,7 @@ +export class Storage { + async serve(event) { + event.respondWith(new Response( + 'Not Found', {status: 404} + )) + } +} \ No newline at end of file