macchiato
/
server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: macchiato:939fb83119096613a598b8aa83dbe63dc3ba7723
Branches Tags
macchiato:shared-server
...
compare: macchiato:3f09fab2ef61c8c25f0159a77b56bb8e2871374d
Branches Tags
macchiato:shared-server

2 Commits
939fb83119 ... 3f09fab2ef

Author SHA1 Message Date
bat 3f09fab2ef fix path of cookies 3 years ago
bat 57eea2e79f add storage handler and guard auth 3 years ago
3 changed files with 113 additions and 16 deletions
Show Stats

84
auth.js
Unescape Escape View File

@ -2,7 +2,7 @@ import * as cookie from 'https://deno.land/std@0.188.0/http/cookie.ts'
export class Auth {
constructor({
baseUrl,
basePath,
remoteBaseUrl,
giteaAppBaseUrl,
giteaApiBaseUrl,
@ -10,7 +10,7 @@ export class Auth {
giteaClientId,
giteaClientSecret
}) {
this.baseUrl = baseUrl
this.basePath = basePath
this.remoteBaseUrl = remoteBaseUrl
this.giteaAppBaseUrl = giteaAppBaseUrl
this.giteaApiBaseUrl = giteaApiBaseUrl
@ -50,8 +50,10 @@ export class Auth {
Location: url
})
cookie.setCookie(headers, {
...this.cookieSettings,
name: 'oauth.gitea.state',
value: state,
maxAge: 600,
})
event.respondWith(new Response('', {
headers,
@ -66,6 +68,19 @@ export class Auth {
)
}
get userinfoEndpoint() {
return (
this.giteaAppBaseUrl +
'/login/oauth/userinfo'
)
}
get cookieSettings() {
return {
path: `${this.basePath}/api`,
}
}
async getToken(code) {
const resp = await fetch(this.tokenEndpoint, {
method: 'POST',
@ -86,14 +101,17 @@ export class Auth {
saveTokens(headers, data) {
cookie.setCookie(headers, {
...this.cookieSettings,
name: 'oauth.gitea.accessToken',
value: data.access_token,
})
cookie.setCookie(headers, {
...this.cookieSettings,
name: 'oauth.gitea.refreshToken',
value: data.refresh_token,
})
cookie.setCookie(headers, {
...this.cookieSettings,
name: 'oauth.gitea.expires',
value: String(
Math.floor(new Date().valueOf() / 1000) +
@ -140,7 +158,7 @@ export class Auth {
grant_type: 'refresh_token',
})
})
return await resp.json()
return resp.ok
}
async refresh(event) {
@ -148,7 +166,8 @@ export class Auth {
const cookies = cookie.getCookies(
event.request.headers
)
const data = await this.refreshToken(body)
const token = cookies['oauth.gitea.refreshToken']
const data = await this.refreshToken(token)
this.saveTokens(headers, data)
event.respondWith(
new Response(JSON.stringify({}), {headers})
@ -157,12 +176,12 @@ export class Auth {
async serve(event) {
const {pathname} = new URL(event.request.url)
const u = this.baseUrl
if (pathname === `${u}/api/auth`) {
const b = this.basePath
if (pathname === `${b}/api/auth`) {
await this.redirect(event)
} else if (pathname === `${u}/api/auth/callback`) {
} else if (pathname === `${b}/api/auth/callback`) {
await this.callback(event)
} else if (pathname === `${u}/api/auth/refresh`) {
} else if (pathname === `${b}/api/auth/refresh`) {
await this.refresh(event)
} else {
event.respondWith(new Response(
@ -170,4 +189,53 @@ export class Auth {
))
}
}
async userInfo(token) {
const resp = await fetch(this.userinfoEndpoint, {
method: 'GET',
headers: {
Accept: 'application/json',
'Content-Type': 'application/json',
Authorization: `Bearer ${token}`,
},
})
return {
resp,
json: await resp.json()
}
}
async requireAuth(event) {
const headers = new Headers()
const cookies = cookie.getCookies(
event.request.headers
)
const token = cookies['oauth.gitea.accessToken']
if (!token) {
event.respondWith(Response.json(
{error: 'Token missing'}, {status: 401}
))
return
}
const {resp, json} = await this.userInfo(token)
if (!resp.ok) {
const refresh = cookies['oauth.gitea.refreshToken']
if (refresh) {
const data = await this.refreshToken(token)
this.saveTokens(headers, data)
const token = data.access_token
if (token) {
const {resp, json} = await this.userInfo(token)
return {
allow: resp.ok,
headers,
}
}
}
}
return {
allow: resp.ok,
headers,
}
}
}

38
server.js
Unescape Escape View File

@ -1,5 +1,6 @@
import { Auth } from "./auth.js"
import { Frontend } from "./frontend.js"
import { Storage } from "./storage.js"
export class Server {
async getEnv(variables) {
@ -31,7 +32,7 @@ export class Server {
'GITEA_CLIENT_SECRET',
])
this.port = env.PORT ?? 3000
this.baseUrl = env.BASE_URL ?? '/macchiato'
this.basePath = env.BASE_PATH ?? '/macchiato'
this.remoteBaseUrl = env.REMOTE_BASE_URL
this.giteaAppBaseUrl = (
env.GITEA_APP_BASE_URL ?? 'http://gitea:3000'
@ -49,7 +50,7 @@ export class Server {
await this.configure()
}
this.auth = new Auth({
baseUrl: this.baseUrl,
basePath: this.basePath,
remoteBaseUrl: this.remoteBaseUrl,
giteaAppBaseUrl: this.giteaAppBaseUrl,
giteaApiBaseUrl: this.giteaApiBaseUrl,
@ -61,6 +62,7 @@ export class Server {
appBaseUrl: this.giteaAppBaseUrl,
apiBaseUrl: this.giteaApiBaseUrl,
})
this.storage = new Storage()
await Promise.all([
...([
'loader',
@ -74,14 +76,26 @@ export class Server {
].map(repo => (
server.frontend.loadRepo(
'macchiato',
repo,
{srcPath: [], destPath: [repo]}
repo.split('#')[0],
{
srcPath: [],
destPath: [repo],
...(
repo.includes('#') ?
{ref: repo.split('#')[1]} :
{}
),
}
)
))),
server.frontend.loadRepo(
'macchiato',
'pages',
{srcPath: [], destPath: []}
{
srcPath: [],
destPath: [],
ref: 'shared-server',
},
),
server.frontend.loadRepo(
'macchiato',
@ -89,7 +103,7 @@ export class Server {
{
srcPath: [],
destPath: ['server'],
ref: 'shared-server'
ref: 'shared-server',
}
),
])
@ -112,9 +126,17 @@ export class Server {
}
async serveRequest(event) {
const {pathname} = new URL(event.request.url)
if (pathname.startsWith(`${this.baseUrl}/api/auth`)) {
const {pathname: p} = new URL(event.request.url)
const base = this.basePath
if (p.startsWith(`${base}/api/auth`)) {
await this.auth.serve(event)
} else if (p.startsWith(`${base}/api/storage`)) {
const {allow, headers} = (
await this.auth.requireAuth(event)
)
if (allow) {
await this.storage.serve(event, headers)
}
} else {
await this.frontend.serve(event)
}

7
storage.js
Unescape Escape View File

@ -0,0 +1,7 @@
export class Storage {
async serve(event) {
event.respondWith(new Response(
'Not Found', {status: 404}
))
}
}
Write Preview
Loading…
Cancel
Save