mirror of
https://github.com/nestriness/nestri.git
synced 2025-12-12 08:45:38 +02:00
a0dc353561
## Description <!-- Briefly describe the purpose and scope of your changes --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Centralized and standardized error response schemas for APIs. - Utility functions for result formatting and enhanced validation error handling. - New utility modules for authentication and OAuth provider handling. - Added Discord OAuth user data fetching with email verification. - **Bug Fixes** - Improved error safety in cloud task creation by preventing potential runtime errors. - **Refactor** - Major simplification and reorganization of API routes and authentication logic. - Migration from valibot to zod for schema validation. - Streamlined import paths and consolidated utility exports. - Simplified TypeScript and .gitignore configuration for easier maintenance. - Disabled machine authentication provider and related logic. - **Chores** - Removal of unused or deprecated API endpoints, database migration, and permissions deployment code. - Updated package dependencies and scripts for improved reliability and performance. - Enhanced documentation and updated project metadata. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
63 lines
1.7 KiB
TypeScript
63 lines
1.7 KiB
TypeScript
import { Resource } from "sst";
|
|
import { subjects } from "../../subjects";
|
|
import { type MiddlewareHandler } from "hono";
|
|
import { useActor, withActor } from "@nestri/core/actor";
|
|
import { createClient } from "@openauthjs/openauth/client";
|
|
import { ErrorCodes, VisibleError } from "@nestri/core/error";
|
|
|
|
const client = createClient({
|
|
clientID: "api",
|
|
issuer: Resource.Auth.url,
|
|
});
|
|
|
|
export const notPublic: MiddlewareHandler = async (c, next) => {
|
|
const actor = useActor();
|
|
if (actor.type === "public")
|
|
throw new VisibleError(
|
|
"authentication",
|
|
ErrorCodes.Authentication.UNAUTHORIZED,
|
|
"Missing authorization header",
|
|
);
|
|
return next();
|
|
};
|
|
|
|
export const auth: MiddlewareHandler = async (c, next) => {
|
|
const authHeader =
|
|
c.req.query("authorization") ?? c.req.header("authorization");
|
|
if (!authHeader) return withActor({ type: "public", properties: {} }, next);
|
|
const match = authHeader.match(/^Bearer (.+)$/);
|
|
if (!match) {
|
|
throw new VisibleError(
|
|
"authentication",
|
|
ErrorCodes.Authentication.INVALID_TOKEN,
|
|
"Invalid personal access token",
|
|
);
|
|
}
|
|
const bearerToken = match[1];
|
|
let result = await client.verify(subjects, bearerToken!);
|
|
if (result.err) {
|
|
throw new VisibleError(
|
|
"authentication",
|
|
ErrorCodes.Authentication.INVALID_TOKEN,
|
|
"Invalid bearer token",
|
|
);
|
|
}
|
|
|
|
if (result.subject.type === "user") {
|
|
const teamID = c.req.header("x-nestri-team");
|
|
if (!teamID) return withActor(result.subject, next);
|
|
return withActor(
|
|
{
|
|
type: "system",
|
|
properties: {
|
|
teamID,
|
|
},
|
|
},
|
|
async () =>
|
|
withActor(
|
|
result.subject,
|
|
next,
|
|
)
|
|
);
|
|
}
|
|
}; |