add storage handler and guard auth

auth.js

@@ -66,6 +66,13 @@ export class Auth {
     )
   }
 
+  get userinfoEndpoint() {
+    return (
+      this.giteaAppBaseUrl +
+      '/login/oauth/userinfo'
+    )
+  }
+
   async getToken(code) {
     const resp = await fetch(this.tokenEndpoint, {
       method: 'POST',
@@ -140,7 +147,7 @@ export class Auth {
         grant_type: 'refresh_token',
       })
     })
-    return await resp.json()
+    return resp.ok
   }
 
   async refresh(event) {
@@ -148,7 +155,8 @@ export class Auth {
     const cookies = cookie.getCookies(
       event.request.headers
     )
-    const data = await this.refreshToken(body)
+    const token = cookies['oauth.gitea.refreshToken']
+    const data = await this.refreshToken(token)
     this.saveTokens(headers, data)
     event.respondWith(
       new Response(JSON.stringify({}), {headers})
@@ -170,4 +178,53 @@ export class Auth {
       ))
     }
   }
+
+  async userInfo(token) {
+    const resp = await fetch(this.userinfoEndpoint, {
+      method: 'GET',
+      headers: {
+        Accept: 'application/json',
+        'Content-Type': 'application/json',
+        Authorization: `Bearer ${token}`,
+      },
+    })
+    return {
+      resp,
+      json: await resp.json()
+    }
+  }
+
+  async requireAuth(event) {
+    const headers = new Headers()
+    const cookies = cookie.getCookies(
+      event.request.headers
+    )
+    const token = cookies['oauth.gitea.accessToken']
+    if (!token) {
+      event.respondWith(Response.json(
+        {error: 'Token missing'}, {status: 401}
+      ))
+      return
+    }
+    const {resp, json} = await this.userInfo(token)
+    if (!resp.ok) {
+      const refresh = cookies['oauth.gitea.refreshToken']
+      if (refresh) {
+        const data = await this.refreshToken(token)
+        this.saveTokens(headers, data)
+        const token = data.access_token
+        if (token) {
+          const {resp, json} = await this.userInfo(token)
+          return {
+            allow: resp.ok,
+            headers,
+          }
+        }
+      }
+    }
+    return {
+      allow: resp.ok,
+      headers,
+    }
+  }
 }

server.js

@@ -1,5 +1,6 @@
 import { Auth } from "./auth.js"
 import { Frontend } from "./frontend.js"
+import { Storage } from "./storage.js"
 
 export class Server {
   async getEnv(variables) {
@@ -61,6 +62,7 @@ export class Server {
       appBaseUrl: this.giteaAppBaseUrl,
       apiBaseUrl: this.giteaApiBaseUrl,
     })
+    this.storage = new Storage()
     await Promise.all([
       ...([
         'loader',
@@ -74,14 +76,26 @@ export class Server {
       ].map(repo => (
         server.frontend.loadRepo(
           'macchiato',
-          repo,
+          repo.split('#')[0],
-          {srcPath: [], destPath: [repo]}
+          {
+            srcPath: [],
+            destPath: [repo],
+            ...(
+              repo.includes('#') ?
+              {ref: repo.split('#')[1]} :
+              {}
+            ),
+          }
         )
       ))),
       server.frontend.loadRepo(
         'macchiato',
         'pages',
-        {srcPath: [], destPath: []}
+        {
+          srcPath: [],
+          destPath: [],
+          ref: 'shared-server',
+        },
       ),
       server.frontend.loadRepo(
         'macchiato',
@@ -89,7 +103,7 @@ export class Server {
         {
           srcPath: [],
           destPath: ['server'],
-          ref: 'shared-server'
+          ref: 'shared-server',
         }
       ),
     ])
@@ -112,9 +126,17 @@ export class Server {
   }
 
   async serveRequest(event) {
-    const {pathname} = new URL(event.request.url)
+    const {pathname: p} = new URL(event.request.url)
-    if (pathname.startsWith(`${this.baseUrl}/api/auth`)) {
+    const base = this.baseUrl
+    if (p.startsWith(`${base}/api/auth`)) {
       await this.auth.serve(event)
+    } else if (p.startsWith(`${base}/api/storage`)) {
+      const {allow, headers} = (
+        await this.auth.requireAuth(event)
+      )
+      if (allowed) {
+        await this.storage.serve(event, headers)
+      }
     } else {
       await this.frontend.serve(event)
     }

storage.js

@@ -0,0 +1,7 @@
+export class Storage {
+  async serve(event) {
+    event.respondWith(new Response(
+      'Not Found', {status: 404}
+    ))
+  }
+}