macchiato
/
server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: macchiato:939fb83119096613a598b8aa83dbe63dc3ba7723
Branches Tags
macchiato:shared-server
..
compare: macchiato:3f09fab2ef61c8c25f0159a77b56bb8e2871374d
Branches Tags
macchiato:shared-server

2 Commits
939fb83119 ... 3f09fab2ef

Author SHA1 Message Date
bat 3f09fab2ef fix path of cookies 3 years ago
bat 57eea2e79f add storage handler and guard auth 3 years ago
3 changed files with 113 additions and 16 deletions
Show Stats

84
auth.js
Unescape Escape View File

@ -2,7 +2,7 @@ import * as cookie from 'https://deno.land/std@0.188.0/http/cookie.ts'
export class Auth { export class Auth {
constructor({ constructor({
baseUrl, basePath,
remoteBaseUrl, remoteBaseUrl,
giteaAppBaseUrl, giteaAppBaseUrl,
giteaApiBaseUrl, giteaApiBaseUrl,
@ -10,7 +10,7 @@ export class Auth {
giteaClientId, giteaClientId,
giteaClientSecret giteaClientSecret
}) { }) {
this.baseUrl = baseUrl this.basePath = basePath
this.remoteBaseUrl = remoteBaseUrl this.remoteBaseUrl = remoteBaseUrl
this.giteaAppBaseUrl = giteaAppBaseUrl this.giteaAppBaseUrl = giteaAppBaseUrl
this.giteaApiBaseUrl = giteaApiBaseUrl this.giteaApiBaseUrl = giteaApiBaseUrl
@ -50,8 +50,10 @@ export class Auth {
Location: url Location: url
}) })
cookie.setCookie(headers, { cookie.setCookie(headers, {
...this.cookieSettings,
name: 'oauth.gitea.state', name: 'oauth.gitea.state',
value: state, value: state,
maxAge: 600,
}) })
event.respondWith(new Response('', { event.respondWith(new Response('', {
headers, headers,
@ -66,6 +68,19 @@ export class Auth {
) )
} }
get userinfoEndpoint() {
return (
this.giteaAppBaseUrl +
'/login/oauth/userinfo'
)
}
get cookieSettings() {
return {
path: `${this.basePath}/api`,
}
}
async getToken(code) { async getToken(code) {
const resp = await fetch(this.tokenEndpoint, { const resp = await fetch(this.tokenEndpoint, {
method: 'POST', method: 'POST',
@ -86,14 +101,17 @@ export class Auth {
saveTokens(headers, data) { saveTokens(headers, data) {
cookie.setCookie(headers, { cookie.setCookie(headers, {
...this.cookieSettings,
name: 'oauth.gitea.accessToken', name: 'oauth.gitea.accessToken',
value: data.access_token, value: data.access_token,
}) })
cookie.setCookie(headers, { cookie.setCookie(headers, {
...this.cookieSettings,
name: 'oauth.gitea.refreshToken', name: 'oauth.gitea.refreshToken',
value: data.refresh_token, value: data.refresh_token,
}) })
cookie.setCookie(headers, { cookie.setCookie(headers, {
...this.cookieSettings,
name: 'oauth.gitea.expires', name: 'oauth.gitea.expires',
value: String( value: String(
Math.floor(new Date().valueOf() / 1000) + Math.floor(new Date().valueOf() / 1000) +
@ -140,7 +158,7 @@ export class Auth {
grant_type: 'refresh_token', grant_type: 'refresh_token',
}) })
}) })
return await resp.json() return resp.ok
} }
async refresh(event) { async refresh(event) {
@ -148,7 +166,8 @@ export class Auth {
const cookies = cookie.getCookies( const cookies = cookie.getCookies(
event.request.headers event.request.headers
) )
const data = await this.refreshToken(body) const token = cookies['oauth.gitea.refreshToken']
const data = await this.refreshToken(token)
this.saveTokens(headers, data) this.saveTokens(headers, data)
event.respondWith( event.respondWith(
new Response(JSON.stringify({}), {headers}) new Response(JSON.stringify({}), {headers})
@ -157,12 +176,12 @@ export class Auth {
async serve(event) { async serve(event) {
const {pathname} = new URL(event.request.url) const {pathname} = new URL(event.request.url)
const u = this.baseUrl const b = this.basePath
if (pathname === `${u}/api/auth`) { if (pathname === `${b}/api/auth`) {
await this.redirect(event) await this.redirect(event)
} else if (pathname === `${u}/api/auth/callback`) { } else if (pathname === `${b}/api/auth/callback`) {
await this.callback(event) await this.callback(event)
} else if (pathname === `${u}/api/auth/refresh`) { } else if (pathname === `${b}/api/auth/refresh`) {
await this.refresh(event) await this.refresh(event)
} else { } else {
event.respondWith(new Response( event.respondWith(new Response(
@ -170,4 +189,53 @@ export class Auth {
)) ))
} }
} }
async userInfo(token) {
const resp = await fetch(this.userinfoEndpoint, {
method: 'GET',
headers: {
Accept: 'application/json',
'Content-Type': 'application/json',
Authorization: `Bearer ${token}`,
},
})
return {
resp,
json: await resp.json()
}
}
async requireAuth(event) {
const headers = new Headers()
const cookies = cookie.getCookies(
event.request.headers
)
const token = cookies['oauth.gitea.accessToken']
if (!token) {
event.respondWith(Response.json(
{error: 'Token missing'}, {status: 401}
))
return
}
const {resp, json} = await this.userInfo(token)
if (!resp.ok) {
const refresh = cookies['oauth.gitea.refreshToken']
if (refresh) {
const data = await this.refreshToken(token)
this.saveTokens(headers, data)
const token = data.access_token
if (token) {
const {resp, json} = await this.userInfo(token)
return {
allow: resp.ok,
headers,
}
}
}
}
return {
allow: resp.ok,
headers,
}
}
} }

38
server.js
Unescape Escape View File

@ -1,5 +1,6 @@
import { Auth } from "./auth.js" import { Auth } from "./auth.js"
import { Frontend } from "./frontend.js" import { Frontend } from "./frontend.js"
import { Storage } from "./storage.js"
export class Server { export class Server {
async getEnv(variables) { async getEnv(variables) {
@ -31,7 +32,7 @@ export class Server {
'GITEA_CLIENT_SECRET', 'GITEA_CLIENT_SECRET',
]) ])
this.port = env.PORT ?? 3000 this.port = env.PORT ?? 3000
this.baseUrl = env.BASE_URL ?? '/macchiato' this.basePath = env.BASE_PATH ?? '/macchiato'
this.remoteBaseUrl = env.REMOTE_BASE_URL this.remoteBaseUrl = env.REMOTE_BASE_URL
this.giteaAppBaseUrl = ( this.giteaAppBaseUrl = (
env.GITEA_APP_BASE_URL ?? 'http://gitea:3000' env.GITEA_APP_BASE_URL ?? 'http://gitea:3000'
@ -49,7 +50,7 @@ export class Server {
await this.configure() await this.configure()
} }
this.auth = new Auth({ this.auth = new Auth({
baseUrl: this.baseUrl, basePath: this.basePath,
remoteBaseUrl: this.remoteBaseUrl, remoteBaseUrl: this.remoteBaseUrl,
giteaAppBaseUrl: this.giteaAppBaseUrl, giteaAppBaseUrl: this.giteaAppBaseUrl,
giteaApiBaseUrl: this.giteaApiBaseUrl, giteaApiBaseUrl: this.giteaApiBaseUrl,
@ -61,6 +62,7 @@ export class Server {
appBaseUrl: this.giteaAppBaseUrl, appBaseUrl: this.giteaAppBaseUrl,
apiBaseUrl: this.giteaApiBaseUrl, apiBaseUrl: this.giteaApiBaseUrl,
}) })
this.storage = new Storage()
await Promise.all([ await Promise.all([
...([ ...([
'loader', 'loader',
@ -74,14 +76,26 @@ export class Server {
].map(repo => ( ].map(repo => (
server.frontend.loadRepo( server.frontend.loadRepo(
'macchiato', 'macchiato',
repo, repo.split('#')[0],
{srcPath: [], destPath: [repo]} {
srcPath: [],
destPath: [repo],
...(
repo.includes('#') ?
{ref: repo.split('#')[1]} :
{}
),
}
) )
))), ))),
server.frontend.loadRepo( server.frontend.loadRepo(
'macchiato', 'macchiato',
'pages', 'pages',
{srcPath: [], destPath: []} {
srcPath: [],
destPath: [],
ref: 'shared-server',
},
), ),
server.frontend.loadRepo( server.frontend.loadRepo(
'macchiato', 'macchiato',
@ -89,7 +103,7 @@ export class Server {
{ {
srcPath: [], srcPath: [],
destPath: ['server'], destPath: ['server'],
ref: 'shared-server' ref: 'shared-server',
} }
), ),
]) ])
@ -112,9 +126,17 @@ export class Server {
} }
async serveRequest(event) { async serveRequest(event) {
const {pathname} = new URL(event.request.url) const {pathname: p} = new URL(event.request.url)
if (pathname.startsWith(`${this.baseUrl}/api/auth`)) { const base = this.basePath
if (p.startsWith(`${base}/api/auth`)) {
await this.auth.serve(event) await this.auth.serve(event)
} else if (p.startsWith(`${base}/api/storage`)) {
const {allow, headers} = (
await this.auth.requireAuth(event)
)
if (allow) {
await this.storage.serve(event, headers)
}
} else { } else {
await this.frontend.serve(event) await this.frontend.serve(event)
} }

7
storage.js
Unescape Escape View File

@ -0,0 +1,7 @@
export class Storage {
async serve(event) {
event.respondWith(new Response(
'Not Found', {status: 404}
))
}
}
Write Preview
Loading…
Cancel
Save