You've already forked obsidian-visualiser
Markdown editor in progress + Login and session process completed
This commit is contained in:
@@ -1,96 +1,89 @@
|
||||
import useDatabase from '~/composables/useDatabase';
|
||||
import { schema } from '~/schemas/login';
|
||||
import { User, UserExtendedData, UserRawData, UserSession, UserSessionRequired } from '~/types/auth';
|
||||
import type { Database } from "bun:sqlite";
|
||||
import { ZodError } from 'zod';
|
||||
import { checkSession, logSession } from '~/server/utils/user';
|
||||
|
||||
export default defineEventHandler(async (e) => {
|
||||
const { sessionPassword } = useRuntimeConfig();
|
||||
const session = await useSession(e, {
|
||||
password: sessionPassword,
|
||||
});
|
||||
interface SuccessHandler
|
||||
{
|
||||
success: true;
|
||||
session: UserSession;
|
||||
}
|
||||
interface ErrorHandler
|
||||
{
|
||||
success: false;
|
||||
error: Error | ZodError<{
|
||||
usernameOrEmail: string;
|
||||
password: string;
|
||||
}>;
|
||||
}
|
||||
type Return = SuccessHandler | ErrorHandler;
|
||||
|
||||
export default defineEventHandler(async (e): Promise<Return> => {
|
||||
try
|
||||
{
|
||||
const session = await getUserSession(e);
|
||||
const db = useDatabase();
|
||||
|
||||
console.log(session.id);
|
||||
const checkedSession = await checkSession(e, session);
|
||||
|
||||
if(session.id && session.data.id)
|
||||
{
|
||||
const checkSession = db.query("SELECT user_id FROM user_sessions WHERE id = ?1");
|
||||
const sessionId = checkSession.get(session.id) as any;
|
||||
|
||||
console.log(sessionId);
|
||||
|
||||
if(sessionId && sessionId.user_id === session.data.id)
|
||||
{
|
||||
return { success: true, id: session.data.id, sessionId: session.id, data: session.data };
|
||||
}
|
||||
else
|
||||
{
|
||||
session.clear();
|
||||
|
||||
setResponseStatus(e, 406);
|
||||
return { success: false, error: { path: ['global'], message: 'Vous êtes déjà connecté' } };
|
||||
}
|
||||
|
||||
}
|
||||
if(checkedSession !== undefined)
|
||||
return checkedSession;
|
||||
|
||||
const body = await readValidatedBody(e, schema.safeParse);
|
||||
|
||||
if (!body.success)
|
||||
{
|
||||
session.clear();
|
||||
await clearUserSession(e);
|
||||
|
||||
setResponseStatus(e, 406);
|
||||
return { success: false, error: body.error };
|
||||
}
|
||||
|
||||
|
||||
const hash = await Bun.password.hash(body.data.password);
|
||||
const checkID = db.query(`SELECT id FROM users WHERE (username = ?1 or email = ?1)`);
|
||||
const id = checkID.get(body.data.username) as any;
|
||||
const checkID = db.query(`SELECT id, hash FROM users WHERE (username = ?1 or email = ?1)`);
|
||||
const id = checkID.get(body.data.usernameOrEmail) as { id: number, hash: string };
|
||||
|
||||
if(!id || !id.id)
|
||||
if(!id || !id.id || !id.hash)
|
||||
{
|
||||
session.clear();
|
||||
await clearUserSession(e);
|
||||
|
||||
setResponseStatus(e, 401);
|
||||
return { success: false, error: { path: ['username'], message: 'Identifiant inconnu' } };
|
||||
return { success: false, error: new ZodError([{ code: 'custom', path: ['username'], message: 'Identifiant inconnu' }]) };
|
||||
}
|
||||
|
||||
const valid = await Bun.password.verify(body.data.password, id.hash);
|
||||
|
||||
const checkHash = db.query(`SELECT COUNT(*) as count FROM users WHERE id = ?1 and hash = ?2`);
|
||||
const validation = checkHash.get(id.id, hash) as any;
|
||||
|
||||
if(validation && validation.count && validation.count !== 1)
|
||||
if(!valid)
|
||||
{
|
||||
session.clear();
|
||||
await clearUserSession(e);
|
||||
|
||||
setResponseStatus(e, 401);
|
||||
return { success: false, error: { path: ['password'], message: 'Mot de passe incorrect' } };
|
||||
return { success: false, error: new ZodError([{ code: 'custom', path: ['password'], message: 'Mot de passe incorrect' }]) };
|
||||
}
|
||||
|
||||
const loggingIn = db.query(`INSERT INTO user_sessions(id, user_id, ip, agent, lastRefresh) VALUES(?1, ?2, ?3, ?4, ?5)`);
|
||||
loggingIn.get(session.id, id.id, getRequestIP(e), getRequestHeader(e, 'User-Agent'), Date.now());
|
||||
|
||||
await session.update(getData(db, id.id));
|
||||
logSession(e, await setUserSession(e, { user: getData(db, id.id) }) as UserSessionRequired);
|
||||
|
||||
setResponseStatus(e, 201);
|
||||
return { success: true, id: id.id, sessionId: session.id, data: session.data };
|
||||
return { success: true, session };
|
||||
}
|
||||
catch(e)
|
||||
catch(err: any)
|
||||
{
|
||||
session.clear();
|
||||
await clearUserSession(e);
|
||||
|
||||
console.error(e);
|
||||
return { success: false, error: e };
|
||||
console.error(err);
|
||||
return { success: false, error: err as Error };
|
||||
}
|
||||
});
|
||||
|
||||
function getData(db: Database, id: string): any
|
||||
function getData(db: Database, id: number): User
|
||||
{
|
||||
const userQuery = db.query(`SELECT * FROM users WHERE id = ?1`);
|
||||
const user = userQuery.get(id);
|
||||
const userQuery = db.query(`SELECT id, username, email, state FROM users WHERE id = ?1`);
|
||||
const user = userQuery.get(id) as UserRawData;
|
||||
|
||||
const userDataQuery = db.query(`SELECT * FROM users_data WHERE user_id = ?1`);
|
||||
const userData = userDataQuery.get(id);
|
||||
const userData = userDataQuery.get(id) as UserExtendedData;
|
||||
|
||||
return { ...user, ...userData };
|
||||
}
|
||||
@@ -1,2 +0,0 @@
|
||||
export default defineEventHandler(async (e) => {
|
||||
});
|
||||
@@ -1,41 +1,67 @@
|
||||
import { ZodError, ZodIssue } from 'zod';
|
||||
import useDatabase from '~/composables/useDatabase';
|
||||
import { schema } from '~/schemas/registration';
|
||||
import { checkSession, logSession } from '~/server/utils/user';
|
||||
import { UserSession, UserSessionRequired } from '~/types/auth';
|
||||
|
||||
export default defineEventHandler(async (e) => {
|
||||
interface SuccessHandler
|
||||
{
|
||||
success: true;
|
||||
session: UserSession;
|
||||
}
|
||||
interface ErrorHandler
|
||||
{
|
||||
success: false;
|
||||
error: Error | ZodError<{
|
||||
username: string;
|
||||
email: string;
|
||||
password: string;
|
||||
}>;
|
||||
}
|
||||
type Return = SuccessHandler | ErrorHandler;
|
||||
|
||||
export default defineEventHandler(async (e): Promise<Return> => {
|
||||
try
|
||||
{
|
||||
const { sessionPassword } = useRuntimeConfig();
|
||||
const session = await getUserSession(e);
|
||||
const db = useDatabase();
|
||||
|
||||
const checkedSession = await checkSession(e, session);
|
||||
|
||||
if(checkedSession !== undefined)
|
||||
return checkedSession;
|
||||
|
||||
const body = await readValidatedBody(e, schema.safeParse);
|
||||
|
||||
if (!body.success)
|
||||
{
|
||||
await clearUserSession(e);
|
||||
|
||||
setResponseStatus(e, 406);
|
||||
return { success: false, error: body.error };
|
||||
}
|
||||
|
||||
const db = useDatabase();
|
||||
|
||||
const usernameQuery = db.query(`SELECT COUNT(*) as count FROM users WHERE username = ?1`);
|
||||
const checkUsername = usernameQuery.get(body.data.username) as any;
|
||||
|
||||
const emailQuery = db.query(`SELECT COUNT(*) as count FROM users WHERE email = ?1`);
|
||||
const checkEmail = emailQuery.get(body.data.email) as any;
|
||||
|
||||
const errors = [];
|
||||
const errors: ZodIssue[] = [];
|
||||
if(checkUsername.count !== 0)
|
||||
errors.push({ path: ['username'], message: "Ce nom d'utilisateur est déjà utilisé" });
|
||||
errors.push({ code: 'custom', path: ['username'], message: "Ce nom d'utilisateur est déjà utilisé" });
|
||||
if(checkEmail.count !== 0)
|
||||
errors.push({ path: ['email'], message: "Cette adresse mail est déjà utilisée" });
|
||||
errors.push({ code: 'custom', path: ['email'], message: "Cette adresse mail est déjà utilisée" });
|
||||
|
||||
if(errors.length > 0)
|
||||
{
|
||||
setResponseStatus(e, 406);
|
||||
return { success: false, error: errors };
|
||||
return { success: false, error: new ZodError(errors) };
|
||||
}
|
||||
else
|
||||
{
|
||||
const hash = await Bun.password.hash(body.data.password);
|
||||
const registration = db.query(`INSERT INTO users(username, email, hash, email_valid) VALUES(?1, ?2, ?3, 0)`);
|
||||
const registration = db.query(`INSERT INTO users(username, email, hash, state) VALUES(?1, ?2, ?3, 0)`);
|
||||
registration.get(body.data.username, body.data.email, hash) as any;
|
||||
|
||||
const userIdQuery = db.query(`SELECT id FROM users WHERE username = ?1`);
|
||||
@@ -43,20 +69,18 @@ export default defineEventHandler(async (e) => {
|
||||
|
||||
const registeringData = db.query(`INSERT INTO users_data(user_id) VALUES(?1)`);
|
||||
registeringData.get(id);
|
||||
|
||||
const session = await useSession(e, {
|
||||
password: sessionPassword,
|
||||
});
|
||||
|
||||
const loggingIn = db.query(`INSERT INTO user_sessions(id, user_id, ip, agent, lastRefresh) VALUES(?1, ?2, ?3, ?4, ?5)`);
|
||||
loggingIn.get(session.id, id, getRequestIP(e), getRequestHeader(e, 'User-Agent'), Date.now());
|
||||
logSession(e, await setUserSession(e, { user: { id: id, username: body.data.username, email: body.data.email, state: 0 } }) as UserSessionRequired);
|
||||
|
||||
setResponseStatus(e, 201);
|
||||
return { success: true, id: id, sessionId: session.id };
|
||||
return { success: true, session };
|
||||
}
|
||||
}
|
||||
catch(e)
|
||||
catch(err: any)
|
||||
{
|
||||
return { success: false, error: e };
|
||||
await clearUserSession(e);
|
||||
|
||||
console.error(err);
|
||||
return { success: false, error: err as Error };
|
||||
}
|
||||
});
|
||||
8
server/api/auth/session.delete.ts
Normal file
8
server/api/auth/session.delete.ts
Normal file
@@ -0,0 +1,8 @@
|
||||
import { eventHandler } from 'h3';
|
||||
import { clearUserSession } from '~/server/utils/session';
|
||||
|
||||
export default eventHandler(async (event) => {
|
||||
await clearUserSession(event);
|
||||
|
||||
return { loggedOut: true };
|
||||
})
|
||||
13
server/api/auth/session.get.ts
Normal file
13
server/api/auth/session.get.ts
Normal file
@@ -0,0 +1,13 @@
|
||||
import { eventHandler } from 'h3'
|
||||
import { getUserSession, sessionHooks } from '~/server/utils/session'
|
||||
import type { UserSessionRequired } from '~/types/auth'
|
||||
|
||||
export default eventHandler(async (event) => {
|
||||
const session = await getUserSession(event)
|
||||
|
||||
if (session.user) {
|
||||
await sessionHooks.callHookParallel('fetch', session as UserSessionRequired, event)
|
||||
}
|
||||
|
||||
return session
|
||||
})
|
||||
File diff suppressed because one or more lines are too long
32
server/plugins/session.ts
Normal file
32
server/plugins/session.ts
Normal file
@@ -0,0 +1,32 @@
|
||||
import useDatabase from "~/composables/useDatabase";
|
||||
|
||||
const monthAsMs = 1000 * 60 * 60 * 24 * 30;
|
||||
|
||||
export default defineNitroPlugin(() => {
|
||||
const db = useDatabase();
|
||||
|
||||
sessionHooks.hook('fetch', async (session, event) => {
|
||||
const query = db.prepare('SELECT lastRefresh FROM user_sessions WHERE id = ?1 AND user_id = ?2');
|
||||
const result = query.get(session.id, session.user.id) as Record<string, any>;
|
||||
|
||||
if(!result)
|
||||
{
|
||||
throw createError({ statusCode: 401, message: 'Unauthorized' });
|
||||
}
|
||||
else if(result && result.lastRefresh && result.lastRefresh < Date.now() - monthAsMs)
|
||||
{
|
||||
throw createError({ statusCode: 401, message: 'Session has expired' });
|
||||
}
|
||||
else
|
||||
{
|
||||
db.prepare('UPDATE user_sessions SET lastRefresh = ?1 WHERE id = ?2 AND user_id = ?3').run(Date.now(), session.id, session.user.id);
|
||||
}
|
||||
});
|
||||
sessionHooks.hook('clear', async (session, event) => {
|
||||
if(session.id && session.user)
|
||||
{
|
||||
const query = db.prepare('DELETE FROM user_sessions WHERE id = ?1 AND user_id = ?2');
|
||||
query.run(session.id, session.user.id);
|
||||
}
|
||||
});
|
||||
});
|
||||
110
server/utils/session.ts
Normal file
110
server/utils/session.ts
Normal file
@@ -0,0 +1,110 @@
|
||||
import type { H3Event, SessionConfig } from 'h3'
|
||||
import { useSession, createError } from 'h3'
|
||||
import { defu } from 'defu'
|
||||
import { createHooks } from 'hookable'
|
||||
import { useRuntimeConfig } from '#imports'
|
||||
import type { UserSession, UserSessionRequired } from '~/types/auth'
|
||||
|
||||
export interface SessionHooks {
|
||||
/**
|
||||
* Called when fetching the session from the API
|
||||
* - Add extra properties to the session
|
||||
* - Throw an error if the session could not be verified (with a database for example)
|
||||
*/
|
||||
fetch: (session: UserSessionRequired, event: H3Event) => void | Promise<void>
|
||||
/**
|
||||
* Called before clearing the session
|
||||
*/
|
||||
clear: (session: UserSession, event: H3Event) => void | Promise<void>
|
||||
}
|
||||
|
||||
export const sessionHooks = createHooks<SessionHooks>()
|
||||
|
||||
/**
|
||||
* Get the user session from the current request
|
||||
* @param event The Request (h3) event
|
||||
* @returns The user session
|
||||
*/
|
||||
export async function getUserSession(event: H3Event) {
|
||||
const session = await _useSession(event);
|
||||
|
||||
if(!session.data || !session.data.id)
|
||||
{
|
||||
await session.update(defu({ id: session.id }, session.data));
|
||||
}
|
||||
|
||||
return session.data;
|
||||
}
|
||||
/**
|
||||
* Set a user session
|
||||
* @param event The Request (h3) event
|
||||
* @param data User session data, please only store public information since it can be decoded with API calls
|
||||
* @see https://github.com/atinux/nuxt-auth-utils
|
||||
*/
|
||||
export async function setUserSession(event: H3Event, data: UserSession) {
|
||||
const session = await _useSession(event)
|
||||
|
||||
await session.update(defu(data, session.data))
|
||||
|
||||
return session.data
|
||||
}
|
||||
|
||||
/**
|
||||
* Replace a user session
|
||||
* @param event The Request (h3) event
|
||||
* @param data User session data, please only store public information since it can be decoded with API calls
|
||||
*/
|
||||
export async function replaceUserSession(event: H3Event, data: UserSession) {
|
||||
const session = await _useSession(event)
|
||||
|
||||
await session.clear()
|
||||
await session.update(data)
|
||||
|
||||
return session.data
|
||||
}
|
||||
|
||||
/**
|
||||
* Clear the user session and removing the session cookie
|
||||
* @param event The Request (h3) event
|
||||
* @returns true if the session was cleared
|
||||
*/
|
||||
export async function clearUserSession(event: H3Event) {
|
||||
const session = await _useSession(event)
|
||||
|
||||
await sessionHooks.callHookParallel('clear', session.data, event)
|
||||
await session.clear()
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
/**
|
||||
* Require a user session, throw a 401 error if the user is not logged in
|
||||
* @param event
|
||||
* @param opts Options to customize the error message and status code
|
||||
* @param opts.statusCode The status code to use for the error (defaults to 401)
|
||||
* @param opts.message The message to use for the error (defaults to Unauthorized)
|
||||
* @see https://github.com/atinux/nuxt-auth-utils
|
||||
*/
|
||||
export async function requireUserSession(event: H3Event, opts: { statusCode?: number, message?: string } = {}): Promise<UserSessionRequired> {
|
||||
const userSession = await getUserSession(event)
|
||||
|
||||
if (!userSession.user) {
|
||||
throw createError({
|
||||
statusCode: opts.statusCode || 401,
|
||||
message: opts.message || 'Unauthorized',
|
||||
})
|
||||
}
|
||||
|
||||
return userSession as UserSessionRequired
|
||||
}
|
||||
|
||||
let sessionConfig: SessionConfig
|
||||
|
||||
function _useSession(event: H3Event) {
|
||||
if (!sessionConfig) {
|
||||
const runtimeConfig = useRuntimeConfig(event)
|
||||
|
||||
sessionConfig = runtimeConfig.session;
|
||||
}
|
||||
return useSession<UserSession>(event, sessionConfig)
|
||||
}
|
||||
33
server/utils/user.ts
Normal file
33
server/utils/user.ts
Normal file
@@ -0,0 +1,33 @@
|
||||
import useDatabase from "~/composables/useDatabase";
|
||||
import { Return } from "~/types/api";
|
||||
import type { UserSession, UserSessionRequired } from "~/types/auth";
|
||||
|
||||
export async function checkSession(e: H3Event<EventRequestHandler>, session: UserSession): Promise<Return | undefined>
|
||||
{
|
||||
const db = useDatabase();
|
||||
|
||||
if(session.id && session.user?.id)
|
||||
{
|
||||
const checkSession = db.query("SELECT user_id FROM user_sessions WHERE id = ?1");
|
||||
const sessionId = checkSession.get(session.id) as any;
|
||||
|
||||
if(sessionId && sessionId.user_id === session.user?.id)
|
||||
{
|
||||
return { success: true, session };
|
||||
}
|
||||
else
|
||||
{
|
||||
await clearUserSession(e);
|
||||
|
||||
setResponseStatus(e, 406);
|
||||
return { success: false, error: new Error('Vous êtes déjà connecté') };
|
||||
}
|
||||
}
|
||||
}
|
||||
export async function logSession(e: H3Event<EventRequestHandler>, session: UserSessionRequired)
|
||||
{
|
||||
const db = useDatabase();
|
||||
|
||||
const loggingIn = db.query(`INSERT INTO user_sessions(id, user_id, ip, agent, lastRefresh) VALUES(?1, ?2, ?3, ?4, ?5)`);
|
||||
loggingIn.get(session.id, session.user.id, getRequestIP(e) ?? null, getRequestHeader(e, 'User-Agent') ?? null, Date.now());
|
||||
}
|
||||
Reference in New Issue
Block a user