Cutlery/Kyoo
1
0
Fork 0
mirror of https://github.com/zoriya/Kyoo.git synced 2026-02-07 11:33:37 -05:00
Code Issues Packages Projects Releases Wiki Activity

Move websocket auth to keibi

Browse Source
This commit is contained in:
Zoe Roux 2025-12-18 20:37:15 +01:00
parent 82ede32aa7
commit 896d8f5cd0
No known key found for this signature in database
3 changed files with 16 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api/src/auth.ts
View File

@ -33,7 +33,7 @@ const Jwt = t.Object({
type Jwt = typeof Jwt.static; type Jwt = typeof Jwt.static;
const validator = TypeCompiler.Compile(Jwt); const validator = TypeCompiler.Compile(Jwt);
export async function verifyJwt(bearer: string) { async function verifyJwt(bearer: string) {
// @ts-expect-error ts can't understand that there's two overload idk why // @ts-expect-error ts can't understand that there's two overload idk why
const { payload } = await jwtVerify(bearer, jwtSecret ?? jwks, { const { payload } = await jwtVerify(bearer, jwtSecret ?? jwks, {
issuer: process.env.JWT_ISSUER, issuer: process.env.JWT_ISSUER,

51
api/src/websockets.ts
View File

@ -1,6 +1,6 @@
import type { TObject, TString } from "@sinclair/typebox"; import type { TObject, TString } from "@sinclair/typebox";
import Elysia, { type TSchema, t } from "elysia"; import Elysia, { type TSchema, t } from "elysia";
import { verifyJwt } from "./auth"; import { auth } from "./auth";
import { updateProgress } from "./controllers/profiles/history"; import { updateProgress } from "./controllers/profiles/history";
import { getOrCreateProfile } from "./controllers/profiles/profile"; import { getOrCreateProfile } from "./controllers/profiles/profile";
import { SeedHistory } from "./models/history"; import { SeedHistory } from "./models/history";
@ -8,7 +8,7 @@ import { SeedHistory } from "./models/history";
const actionMap = { const actionMap = {
ping: handler({ ping: handler({
message(ws) { message(ws) {
ws.send({ response: "pong" }); ws.send({ action: "ping", response: "pong" });
}, },
}), }),
watch: handler({ watch: handler({
@ -20,55 +20,12 @@ const actionMap = {
const ret = await updateProgress(profilePk, [ const ret = await updateProgress(profilePk, [
{ ...body, playedDate: null }, { ...body, playedDate: null },
]); ]);
ws.send(ret); ws.send({ action: "watch", ...ret });
}, },
}), }),
}; };
const baseWs = new Elysia() const baseWs = new Elysia().use(auth);
.guard({
headers: t.Object(
{
authorization: t.Optional(t.TemplateLiteral("Bearer ${string}")),
"Sec-WebSocket-Protocol": t.Optional(
t.Array(
t.Union([t.Literal("kyoo"), t.TemplateLiteral("Bearer ${string}")]),
),
),
},
{ additionalProperties: true },
),
})
.resolve(
async ({
headers: { authorization, "Sec-WebSocket-Protocol": wsProtocol },
status,
}) => {
const auth =
authorization ??
(wsProtocol?.length === 2 &&
wsProtocol[0] === "kyoo" &&
wsProtocol[1].startsWith("Bearer ")
? wsProtocol[1]
: null);
const bearer = auth?.slice(7);
if (!bearer) {
return status(403, {
status: 403,
message: "No authorization header was found.",
});
}
try {
return await verifyJwt(bearer);
} catch (err) {
return status(403, {
status: 403,
message: "Invalid jwt. Verification vailed",
details: err,
});
}
},
);
export const appWs = baseWs.ws("/ws", { export const appWs = baseWs.ws("/ws", {
body: t.Union( body: t.Union(

14
auth/jwt.go
View File

@ -44,9 +44,17 @@ func (h *Handler) CreateJwt(c echo.Context) error {
var token string var token string
if auth == "" { if auth == "" {
c, _ := c.Request().Cookie("X-Bearer") cookie, _ := c.Request().Cookie("X-Bearer")
if c != nil { if cookie != nil {
token = c.Value token = cookie.Value
} else {
protocol, ok := c.Request().Header["Sec-Websocket-Protocol"]
if ok &&
len(protocol) == 2 &&
protocol[0] == "kyoo" &&
strings.HasPrefix(protocol[1], "Bearer") {
token = protocol[1][len("Bearer "):]
}
} }
} else if strings.HasPrefix(auth, "Bearer ") { } else if strings.HasPrefix(auth, "Bearer ") {
token = auth[len("Bearer "):] token = auth[len("Bearer "):]