mirror of
https://github.com/zoriya/Kyoo.git
synced 2026-05-13 10:52:28 -04:00
Move websocket auth to keibi
This commit is contained in:
Zoe Roux
+1
-1
@@ -33,7 +33,7 @@ const Jwt = t.Object({
|
||||
type Jwt = typeof Jwt.static;
|
||||
const validator = TypeCompiler.Compile(Jwt);
|
||||
|
||||
export async function verifyJwt(bearer: string) {
|
||||
async function verifyJwt(bearer: string) {
|
||||
// @ts-expect-error ts can't understand that there's two overload idk why
|
||||
const { payload } = await jwtVerify(bearer, jwtSecret ?? jwks, {
|
||||
issuer: process.env.JWT_ISSUER,
|
||||
|
||||
+4
-47
@@ -1,6 +1,6 @@
|
||||
import type { TObject, TString } from "@sinclair/typebox";
|
||||
import Elysia, { type TSchema, t } from "elysia";
|
||||
import { verifyJwt } from "./auth";
|
||||
import { auth } from "./auth";
|
||||
import { updateProgress } from "./controllers/profiles/history";
|
||||
import { getOrCreateProfile } from "./controllers/profiles/profile";
|
||||
import { SeedHistory } from "./models/history";
|
||||
@@ -8,7 +8,7 @@ import { SeedHistory } from "./models/history";
|
||||
const actionMap = {
|
||||
ping: handler({
|
||||
message(ws) {
|
||||
ws.send({ response: "pong" });
|
||||
ws.send({ action: "ping", response: "pong" });
|
||||
},
|
||||
}),
|
||||
watch: handler({
|
||||
@@ -20,55 +20,12 @@ const actionMap = {
|
||||
const ret = await updateProgress(profilePk, [
|
||||
{ ...body, playedDate: null },
|
||||
]);
|
||||
ws.send(ret);
|
||||
ws.send({ action: "watch", ...ret });
|
||||
},
|
||||
}),
|
||||
};
|
||||
|
||||
const baseWs = new Elysia()
|
||||
.guard({
|
||||
headers: t.Object(
|
||||
{
|
||||
authorization: t.Optional(t.TemplateLiteral("Bearer ${string}")),
|
||||
"Sec-WebSocket-Protocol": t.Optional(
|
||||
t.Array(
|
||||
t.Union([t.Literal("kyoo"), t.TemplateLiteral("Bearer ${string}")]),
|
||||
),
|
||||
),
|
||||
},
|
||||
{ additionalProperties: true },
|
||||
),
|
||||
})
|
||||
.resolve(
|
||||
async ({
|
||||
headers: { authorization, "Sec-WebSocket-Protocol": wsProtocol },
|
||||
status,
|
||||
}) => {
|
||||
const auth =
|
||||
authorization ??
|
||||
(wsProtocol?.length === 2 &&
|
||||
wsProtocol[0] === "kyoo" &&
|
||||
wsProtocol[1].startsWith("Bearer ")
|
||||
? wsProtocol[1]
|
||||
: null);
|
||||
const bearer = auth?.slice(7);
|
||||
if (!bearer) {
|
||||
return status(403, {
|
||||
status: 403,
|
||||
message: "No authorization header was found.",
|
||||
});
|
||||
}
|
||||
try {
|
||||
return await verifyJwt(bearer);
|
||||
} catch (err) {
|
||||
return status(403, {
|
||||
status: 403,
|
||||
message: "Invalid jwt. Verification vailed",
|
||||
details: err,
|
||||
});
|
||||
}
|
||||
},
|
||||
);
|
||||
const baseWs = new Elysia().use(auth);
|
||||
|
||||
export const appWs = baseWs.ws("/ws", {
|
||||
body: t.Union(
|
||||
|
||||
Reference in New Issue
Block a user