Cutlery/Kyoo
1
0
Fork 0
mirror of https://github.com/zoriya/Kyoo.git synced 2025-05-31 04:04:21 -04:00
Code Issues Packages Projects Releases Wiki Activity

Use jwks in elysia

Browse Source
This commit is contained in:
Zoe Roux 2025-03-24 23:38:06 +01:00
parent 161e4943a1
commit bcded031e2
No known key found for this signature in database
4 changed files with 18 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
api/bun.lock
View File

@ -4,12 +4,12 @@
"": { "": {
"name": "api", "name": "api",
"dependencies": { "dependencies": {
"@elysiajs/jwt": "^1.2.0",
"@elysiajs/swagger": "^1.2.2", "@elysiajs/swagger": "^1.2.2",
"blurhash": "^2.0.5", "blurhash": "^2.0.5",
"drizzle-kit": "^0.30.4", "drizzle-kit": "^0.30.4",
"drizzle-orm": "0.39.0", "drizzle-orm": "0.39.0",
"elysia": "^1.2.23", "elysia": "^1.2.23",
"jose": "^6.0.10",
"parjs": "^1.3.9", "parjs": "^1.3.9",
"pg": "^8.13.3", "pg": "^8.13.3",
"sharp": "^0.33.5", "sharp": "^0.33.5",
@ -27,8 +27,6 @@
"packages": { "packages": {
"@drizzle-team/brocli": ["@drizzle-team/brocli@0.10.2", "", {}, "sha512-z33Il7l5dKjUgGULTqBsQBQwckHh5AbIuxhdsIxDDiZAzBOrZO6q9ogcWC65kU382AfynTfgNumVcNIjuIua6w=="], "@drizzle-team/brocli": ["@drizzle-team/brocli@0.10.2", "", {}, "sha512-z33Il7l5dKjUgGULTqBsQBQwckHh5AbIuxhdsIxDDiZAzBOrZO6q9ogcWC65kU382AfynTfgNumVcNIjuIua6w=="],
"@elysiajs/jwt": ["@elysiajs/jwt@1.2.0", "", { "dependencies": { "jose": "^4.14.4" }, "peerDependencies": { "elysia": ">= 1.2.0" } }, "sha512-5iMoZucIKNAqPKW3n6RBIyCnDWG3kOcqA4WZKtqEff+IjV6AN3dlMSE2XsS0xjIvusLD0UBXS8cxQ9NwIcj6ew=="],
"@elysiajs/swagger": ["@elysiajs/swagger@1.2.2", "", { "dependencies": { "@scalar/themes": "^0.9.52", "@scalar/types": "^0.0.12", "openapi-types": "^12.1.3", "pathe": "^1.1.2" }, "peerDependencies": { "elysia": ">= 1.2.0" } }, "sha512-DG0PbX/wzQNQ6kIpFFPCvmkkWTIbNWDS7lVLv3Puy6ONklF14B4NnbDfpYjX1hdSYKeCqKBBOuenh6jKm8tbYA=="], "@elysiajs/swagger": ["@elysiajs/swagger@1.2.2", "", { "dependencies": { "@scalar/themes": "^0.9.52", "@scalar/types": "^0.0.12", "openapi-types": "^12.1.3", "pathe": "^1.1.2" }, "peerDependencies": { "elysia": ">= 1.2.0" } }, "sha512-DG0PbX/wzQNQ6kIpFFPCvmkkWTIbNWDS7lVLv3Puy6ONklF14B4NnbDfpYjX1hdSYKeCqKBBOuenh6jKm8tbYA=="],
"@emnapi/runtime": ["@emnapi/runtime@1.3.1", "", { "dependencies": { "tslib": "^2.4.0" } }, "sha512-kEBmG8KyqtxJZv+ygbEim+KCGtIq1fC22Ms3S4ziXmYKm8uyoLX0MHONVKwp+9opg390VaKRNt4a7A9NwmpNhw=="], "@emnapi/runtime": ["@emnapi/runtime@1.3.1", "", { "dependencies": { "tslib": "^2.4.0" } }, "sha512-kEBmG8KyqtxJZv+ygbEim+KCGtIq1fC22Ms3S4ziXmYKm8uyoLX0MHONVKwp+9opg390VaKRNt4a7A9NwmpNhw=="],
@ -183,7 +181,7 @@
"isexe": ["isexe@3.1.1", "", {}, "sha512-LpB/54B+/2J5hqQ7imZHfdU31OlgQqx7ZicVlkm9kzg9/w8GKLEcFfJl/t7DCEDueOyBAD6zCCwTO6Fzs0NoEQ=="], "isexe": ["isexe@3.1.1", "", {}, "sha512-LpB/54B+/2J5hqQ7imZHfdU31OlgQqx7ZicVlkm9kzg9/w8GKLEcFfJl/t7DCEDueOyBAD6zCCwTO6Fzs0NoEQ=="],
"jose": ["jose@4.15.9", "", {}, "sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA=="], "jose": ["jose@6.0.10", "", {}, "sha512-skIAxZqcMkOrSwjJvplIPYrlXGpxTPnro2/QWTDCxAdWQrSTV5/KqspMWmi5WAx5+ULswASJiZ0a+1B/Lxt9cw=="],
"memoirist": ["memoirist@0.3.0", "", {}, "sha512-wR+4chMgVPq+T6OOsk40u9Wlpw1Pjx66NMNiYxCQQ4EUJ7jDs3D9kTCeKdBOkvAiqXlHLVJlvYL01PvIJ1MPNg=="], "memoirist": ["memoirist@0.3.0", "", {}, "sha512-wR+4chMgVPq+T6OOsk40u9Wlpw1Pjx66NMNiYxCQQ4EUJ7jDs3D9kTCeKdBOkvAiqXlHLVJlvYL01PvIJ1MPNg=="],

2
api/package.json
View File

@ -9,12 +9,12 @@
"format": "biome check --write ." "format": "biome check --write ."
}, },
"dependencies": { "dependencies": {
"@elysiajs/jwt": "^1.2.0",
"@elysiajs/swagger": "^1.2.2", "@elysiajs/swagger": "^1.2.2",
"blurhash": "^2.0.5", "blurhash": "^2.0.5",
"drizzle-kit": "^0.30.4", "drizzle-kit": "^0.30.4",
"drizzle-orm": "0.39.0", "drizzle-orm": "0.39.0",
"elysia": "^1.2.23", "elysia": "^1.2.23",
"jose": "^6.0.10",
"parjs": "^1.3.9", "parjs": "^1.3.9",
"pg": "^8.13.3", "pg": "^8.13.3",
"sharp": "^0.33.5" "sharp": "^0.33.5"

24
api/src/auth.ts
View File

@ -1,14 +1,17 @@
import jwt from "@elysiajs/jwt";
import Elysia, { t } from "elysia"; import Elysia, { t } from "elysia";
import { createRemoteJWKSet } from "jose"; import { createRemoteJWKSet, jwtVerify } from "jose";
const jwtSecret = process.env.JWT_SECRET; const jwtSecret = process.env.JWT_SECRET
? new TextEncoder().encode(process.env.JWT_SECRET)
: null;
const jwks = createRemoteJWKSet( const jwks = createRemoteJWKSet(
new URL(process.env.AUTH_SERVER ?? "http://auth:4568"), new URL(
".well-known/jwks.json",
process.env.AUTH_SERVER ?? "http://auth:4568",
),
); );
export const auth = new Elysia({ name: "auth" }) export const auth = new Elysia({ name: "auth" })
.use(jwt({ secret: jwtSecret ?? jwks }))
.guard({ .guard({
headers: t.Object({ headers: t.Object({
authorization: t.String({ pattern: "^Bearer .+$" }), authorization: t.String({ pattern: "^Bearer .+$" }),
@ -18,11 +21,12 @@ export const auth = new Elysia({ name: "auth" })
permissions(perms: string[]) { permissions(perms: string[]) {
return { return {
beforeHandle: () => {}, beforeHandle: () => {},
resolve: async ({ headers: { authorization }, jwt }) => { resolve: async ({ headers: { authorization } }) => {
console.log(authorization?.slice(7)); const bearer = authorization?.slice(7);
const user = await jwt.verify(authorization?.slice(7)); if (!bearer) return { jwt: false };
console.log("macro", user); // @ts-expect-error ts can't understand that there's two overload idk why
return { user }; const { payload: jwt } = await jwtVerify(bearer, jwtSecret ?? jwks);
return { jwt };
}, },
}; };
}, },

1
auth/jwt.go
View File

@ -48,6 +48,7 @@ func (h *Handler) CreateJwt(c echo.Context) error {
}() }()
claims := maps.Clone(session.User.Claims) claims := maps.Clone(session.User.Claims)
claims["username"] = session.User.Username
claims["sub"] = session.User.Id.String() claims["sub"] = session.User.Id.String()
claims["sid"] = session.Id.String() claims["sid"] = session.Id.String()
claims["iss"] = h.config.PublicUrl claims["iss"] = h.config.PublicUrl