github-mirrors/netris-nestri
1
0
Fork 0
mirror of https://github.com/nestriness/nestri.git synced 2025-12-12 16:55:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: Add auth flow (#146)

Browse Source 
This adds a simple way to incorporate a centralized authentication flow.

The idea is to have the user, API and SSH (for machine authentication)
all in one place using `openauthjs` + `SST`

We also have a database now :)

> We are using InstantDB as it allows us to authenticate a use with just
the email. Plus it is super simple simple to use _of course after the
initial fumbles trying to design the db and relationships_
This commit is contained in:
Wanjohi
2025-01-04 00:02:28 +03:00
committed by GitHub
parent 33895974a7
commit fc5a755408
136 changed files with 3512 additions and 1914 deletions
Download Patch File Download Diff File Expand all files Collapse all files

153
packages/functions/src/api/index.ts Normal file
View File

@@ -0,0 +1,153 @@
import "zod-openapi/extend";
import { Resource } from "sst";
import { ZodError } from "zod";
import { logger } from "hono/logger";
import { subjects } from "../subjects";
import { VisibleError } from "../error";
import { MachineApi } from "./machine";
import { openAPISpecs } from "hono-openapi";
import { ActorContext } from '@nestri/core/actor';
import { Hono, type MiddlewareHandler } from "hono";
import { HTTPException } from "hono/http-exception";
import { createClient } from "@openauthjs/openauth/client";
const auth: MiddlewareHandler = async (c, next) => {
const client = createClient({
clientID: "api",
issuer: Resource.Urls.auth
});
const authHeader =
c.req.query("authorization") ?? c.req.header("authorization");
if (authHeader) {
const match = authHeader.match(/^Bearer (.+)$/);
if (!match || !match[1]) {
throw new VisibleError(
"input",
"auth.token",
"Bearer token not found or improperly formatted",
);
}
const bearerToken = match[1];
const result = await client.verify(subjects, bearerToken!);
if (result.err)
throw new VisibleError("input", "auth.invalid", "Invalid bearer token");
if (result.subject.type === "user") {
return ActorContext.with(
{
type: "user",
properties: {
userID: result.subject.properties.userID,
accessToken: result.subject.properties.accessToken,
auth: {
type: "oauth",
clientID: result.aud,
},
},
},
next,
);
} else if (result.subject.type === "device") {
return ActorContext.with(
{
type: "device",
properties: {
fingerprint: result.subject.properties.fingerprint,
id: result.subject.properties.id,
auth: {
type: "oauth",
clientID: result.aud,
},
},
},
next,
);
}
}
return ActorContext.with({ type: "public", properties: {} }, next);
};
const app = new Hono();
app
.use(logger(), async (c, next) => {
c.header("Cache-Control", "no-store");
return next();
})
.use(auth);
const routes = app
.get("/", (c) => c.text("Hello there 👋🏾"))
.route("/machine", MachineApi.route)
.onError((error, c) => {
console.error(error);
if (error instanceof VisibleError) {
return c.json(
{
code: error.code,
message: error.message,
},
error.kind === "auth" ? 401 : 400,
);
}
if (error instanceof ZodError) {
const e = error.errors[0];
if (e) {
return c.json(
{
code: e?.code,
message: e?.message,
},
400,
);
}
}
if (error instanceof HTTPException) {
return c.json(
{
code: "request",
message: "Invalid request",
},
400,
);
}
return c.json(
{
code: "internal",
message: "Internal server error",
},
500,
);
});
app.get(
"/doc",
openAPISpecs(routes, {
documentation: {
info: {
title: "Nestri API",
description:
"The Nestri API gives you the power to run your own customized cloud gaming platform.",
version: "0.0.3",
},
components: {
securitySchemes: {
Bearer: {
type: "http",
scheme: "bearer",
bearerFormat: "JWT",
},
},
},
security: [{ Bearer: [] }],
servers: [
{ description: "Production", url: "https://api.nestri.io" },
],
},
}),
);
export type Routes = typeof routes;
export default app

160
packages/functions/src/api/machine.ts Normal file
View File

@@ -0,0 +1,160 @@
import { z } from "zod";
import { Result } from "../common";
import { Hono } from "hono";
import { describeRoute } from "hono-openapi";
import { validator, resolver } from "hono-openapi/zod";
import { Examples } from "@nestri/core/examples";
import { Machine } from "@nestri/core/machine/index";
import { useCurrentUser } from "@nestri/core/actor";
export module MachineApi {
export const route = new Hono()
.get(
"/",
describeRoute({
tags: ["Machine"],
summary: "List machines",
description: "List the current user's machines.",
responses: {
200: {
content: {
"application/json": {
schema: Result(
Machine.Info.array().openapi({
description: "List of machines.",
example: [Examples.Machine],
}),
),
},
},
description: "List of machines.",
},
404: {
content: {
"application/json": {
schema: resolver(z.object({ error: z.string() })),
},
},
description: "This user has no machines.",
},
},
}),
async (c) => {
const machines = await Machine.list();
if (!machines) return c.json({ error: "This user has no machines." }, 404);
return c.json({ data: machines }, 200);
},
)
.get(
"/:id",
describeRoute({
tags: ["Machine"],
summary: "Get machine",
description: "Get the machine with the given ID.",
responses: {
404: {
content: {
"application/json": {
schema: resolver(z.object({ error: z.string() })),
},
},
description: "Machine not found.",
},
200: {
content: {
"application/json": {
schema: Result(
Machine.Info.openapi({
description: "Machine.",
example: Examples.Machine,
}),
),
},
},
description: "Machine.",
},
},
}),
validator(
"param",
z.object({
id: z.string().openapi({
description: "ID of the machine to get.",
example: Examples.Machine.id,
}),
}),
),
async (c) => {
const param = c.req.valid("param");
const machine = await Machine.fromID(param.id);
if (!machine) return c.json({ error: "Machine not found." }, 404);
return c.json({ data: machine }, 200);
},
)
.post(
"/:id",
describeRoute({
tags: ["Machine"],
summary: "Link a machine to a user",
description: "Link a machine to the owner.",
responses: {
200: {
content: {
"application/json": {
schema: Result(z.literal("ok"))
},
},
description: "Machine was linked successfully.",
},
},
}),
validator(
"param",
z.object({
id: Machine.Info.shape.fingerprint.openapi({
description: "Fingerprint of the machine to link to.",
example: Examples.Machine.id,
}),
}),
),
async (c) => {
const request = c.req.valid("param")
const machine = await Machine.fromFingerprint(request.id)
if (!machine) return c.json({ error: "Machine not found." }, 404);
await Machine.link({machineId:machine.id })
return c.json({ data: "ok" as const }, 200);
},
)
.delete(
"/:id",
describeRoute({
tags: ["Machine"],
summary: "Delete machine",
description: "Delete the machine with the given ID.",
responses: {
200: {
content: {
"application/json": {
schema: Result(z.literal("ok")),
},
},
description: "Machine was deleted successfully.",
},
},
}),
validator(
"param",
z.object({
id: Machine.Info.shape.id.openapi({
description: "ID of the machine to delete.",
example: Examples.Machine.id,
}),
}),
),
async (c) => {
const param = c.req.valid("param");
await Machine.remove(param.id);
return c.json({ data: "ok" as const }, 200);
},
);
}