mirror of
https://github.com/nestriness/nestri.git
synced 2025-12-11 00:05:36 +02:00
feat: Move API to CF workers (WIP)
This commit is contained in:
Wanjohi
12
cloud/infra/api.ts
Normal file
12
cloud/infra/api.ts
Normal file
@@ -0,0 +1,12 @@
|
|||||||
|
import { urls } from "./urls";
|
||||||
|
import { auth } from "./auth";
|
||||||
|
import { domain } from "./stage";
|
||||||
|
import { secret } from "./secrets";
|
||||||
|
import { database } from "./database";
|
||||||
|
|
||||||
|
export const api = new sst.cloudflare.Worker("Api", {
|
||||||
|
url: true,
|
||||||
|
domain: `api.${domain}`,
|
||||||
|
handler: "cloud/packages/functions/src/api/index.ts",
|
||||||
|
link: [database, secret.POLAR_API_KEY, urls, auth],
|
||||||
|
});
|
||||||
10
cloud/infra/urls.ts
Normal file
10
cloud/infra/urls.ts
Normal file
@@ -0,0 +1,10 @@
|
|||||||
|
import { domain } from "./stage";
|
||||||
|
|
||||||
|
export const urls = new sst.Linkable("Urls", {
|
||||||
|
properties: {
|
||||||
|
api: "https://api." + domain,
|
||||||
|
auth: "https://auth." + domain,
|
||||||
|
site: $dev ? "http://localhost:4321" : "https://" + domain,
|
||||||
|
openapi: "https://api." + domain + "/doc",
|
||||||
|
},
|
||||||
|
});
|
||||||
@@ -2,7 +2,6 @@ import { z } from "zod";
|
|||||||
import { fn } from "../utils";
|
import { fn } from "../utils";
|
||||||
import { Resource } from "sst";
|
import { Resource } from "sst";
|
||||||
import { Actor } from "../actor";
|
import { Actor } from "../actor";
|
||||||
import { bus } from "sst/aws/bus";
|
|
||||||
import { Common } from "../common";
|
import { Common } from "../common";
|
||||||
import { Database } from "../drizzle";
|
import { Database } from "../drizzle";
|
||||||
import { Examples } from "../examples";
|
import { Examples } from "../examples";
|
||||||
|
|||||||
@@ -9,6 +9,7 @@ import { AccountApi } from "./account";
|
|||||||
import { openAPISpecs } from "hono-openapi";
|
import { openAPISpecs } from "hono-openapi";
|
||||||
import { patchLogger } from "../utils/patch-logger";
|
import { patchLogger } from "../utils/patch-logger";
|
||||||
import { HTTPException } from "hono/http-exception";
|
import { HTTPException } from "hono/http-exception";
|
||||||
|
import type { Service } from "@cloudflare/workers-types";
|
||||||
import { ErrorCodes, VisibleError } from "@nestri/core/error";
|
import { ErrorCodes, VisibleError } from "@nestri/core/error";
|
||||||
|
|
||||||
patchLogger();
|
patchLogger();
|
||||||
|
|||||||
@@ -2,14 +2,18 @@ import { Resource } from "sst";
|
|||||||
import { subjects } from "../../subjects";
|
import { subjects } from "../../subjects";
|
||||||
import { Actor } from "@nestri/core/actor";
|
import { Actor } from "@nestri/core/actor";
|
||||||
import { type MiddlewareHandler } from "hono";
|
import { type MiddlewareHandler } from "hono";
|
||||||
|
import { memo } from "@nestri/core/utils/memo";
|
||||||
import { Steam } from "@nestri/core/steam/index";
|
import { Steam } from "@nestri/core/steam/index";
|
||||||
import { createClient } from "@openauthjs/openauth/client";
|
import { createClient } from "@openauthjs/openauth/client";
|
||||||
import { ErrorCodes, VisibleError } from "@nestri/core/error";
|
import { ErrorCodes, VisibleError } from "@nestri/core/error";
|
||||||
|
|
||||||
const client = createClient({
|
const client = memo(() =>
|
||||||
clientID: "api",
|
createClient({
|
||||||
issuer: Resource.Auth.url,
|
clientID: "api",
|
||||||
});
|
fetch: (input, init) => Resource.Auth.fetch(input, init),
|
||||||
|
issuer: Resource.Urls.auth,
|
||||||
|
}),
|
||||||
|
);
|
||||||
|
|
||||||
export const notPublic: MiddlewareHandler = async (c, next) => {
|
export const notPublic: MiddlewareHandler = async (c, next) => {
|
||||||
const actor = Actor.use();
|
const actor = Actor.use();
|
||||||
@@ -34,7 +38,8 @@ export const auth: MiddlewareHandler = async (c, next) => {
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
const bearerToken = match[1];
|
const bearerToken = match[1];
|
||||||
let result = await client.verify(subjects, bearerToken!);
|
//@ts-expect-error
|
||||||
|
let result = await client().verify(subjects, bearerToken!);
|
||||||
if (result.err) {
|
if (result.err) {
|
||||||
throw new VisibleError(
|
throw new VisibleError(
|
||||||
"authentication",
|
"authentication",
|
||||||
@@ -46,22 +51,27 @@ export const auth: MiddlewareHandler = async (c, next) => {
|
|||||||
if (result.subject.type === "user") {
|
if (result.subject.type === "user") {
|
||||||
const steamID = c.req.header("x-nestri-steam");
|
const steamID = c.req.header("x-nestri-steam");
|
||||||
if (!steamID) {
|
if (!steamID) {
|
||||||
return Actor.provide(result.subject.type, result.subject.properties, next);
|
return Actor.provide(
|
||||||
|
result.subject.type,
|
||||||
|
// @ts-expect-error
|
||||||
|
result.subject.properties,
|
||||||
|
next,
|
||||||
|
);
|
||||||
}
|
}
|
||||||
const userID = result.subject.properties.userID
|
const userID = result.subject.properties.userID;
|
||||||
return Actor.provide(
|
return Actor.provide(
|
||||||
"steam",
|
"steam",
|
||||||
{
|
{
|
||||||
steamID
|
steamID,
|
||||||
},
|
},
|
||||||
async () => {
|
async () => {
|
||||||
const steamAcc = await Steam.confirmOwnerShip(userID)
|
const steamAcc = await Steam.confirmOwnerShip(userID);
|
||||||
if (!steamAcc) {
|
if (!steamAcc) {
|
||||||
throw new VisibleError(
|
throw new VisibleError(
|
||||||
"authentication",
|
"authentication",
|
||||||
ErrorCodes.Authentication.UNAUTHORIZED,
|
ErrorCodes.Authentication.UNAUTHORIZED,
|
||||||
`You don't have permission to access this resource.`
|
`You don't have permission to access this resource.`,
|
||||||
)
|
);
|
||||||
}
|
}
|
||||||
return Actor.provide(
|
return Actor.provide(
|
||||||
"member",
|
"member",
|
||||||
@@ -69,9 +79,11 @@ export const auth: MiddlewareHandler = async (c, next) => {
|
|||||||
steamID,
|
steamID,
|
||||||
userID,
|
userID,
|
||||||
},
|
},
|
||||||
next)
|
next,
|
||||||
});
|
);
|
||||||
|
},
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
return Actor.provide("public", {}, next);
|
return Actor.provide("public", {}, next);
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -95,6 +95,8 @@ export default {
|
|||||||
|
|
||||||
throw new Error("Something went seriously wrong");
|
throw new Error("Something went seriously wrong");
|
||||||
},
|
},
|
||||||
}).use(logger());
|
})
|
||||||
|
.use(logger())
|
||||||
|
.fetch(request, env, ctx);
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|||||||
7
cloud/packages/functions/sst-env.d.ts
vendored
7
cloud/packages/functions/sst-env.d.ts
vendored
@@ -25,6 +25,13 @@ declare module "sst" {
|
|||||||
"type": "sst.sst.Secret"
|
"type": "sst.sst.Secret"
|
||||||
"value": string
|
"value": string
|
||||||
}
|
}
|
||||||
|
"Urls": {
|
||||||
|
"api": string
|
||||||
|
"auth": string
|
||||||
|
"openapi": string
|
||||||
|
"site": string
|
||||||
|
"type": "sst.sst.Linkable"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// cloudflare
|
// cloudflare
|
||||||
|
|||||||
7
sst-env.d.ts
vendored
7
sst-env.d.ts
vendored
@@ -25,6 +25,13 @@ declare module "sst" {
|
|||||||
"type": "sst.sst.Secret"
|
"type": "sst.sst.Secret"
|
||||||
"value": string
|
"value": string
|
||||||
}
|
}
|
||||||
|
"Urls": {
|
||||||
|
"api": string
|
||||||
|
"auth": string
|
||||||
|
"openapi": string
|
||||||
|
"site": string
|
||||||
|
"type": "sst.sst.Linkable"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// cloudflare
|
// cloudflare
|
||||||
|
|||||||
Reference in New Issue
Block a user