feat: auth route

maxakuru · maxakuru · commit a322aea92449 · 2025-02-20T16:19:40.000-08:00
diff --git a/src/routes/auth/fetch.js b/src/routes/auth/fetch.js
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2025 Adobe. All rights reserved.
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+ * OF ANY KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+
+import { assertAuthorization } from '../../utils/auth.js';
+import { errorResponse } from '../../utils/http.js';
+
+/**
+ * @param {Context} ctx
+ */
+export default async function fetch(ctx) {
+  const { config } = ctx;
+
+  await assertAuthorization(ctx);
+
+  const token = await ctx.env.KEYS.get(config.siteKey);
+  if (!token) {
+    return errorResponse(404);
+  }
+
+  return new Response(JSON.stringify({ token }), {
+    headers: {
+      'Content-Type': 'application/json',
+    },
+  });
+}
diff --git a/src/routes/auth/handler.js b/src/routes/auth/handler.js
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2025 Adobe. All rights reserved.
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+ * OF ANY KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+
+import { errorResponse } from '../../utils/http.js';
+import fetch from './fetch.js';
+import update from './update.js';
+import rotate from './rotate.js';
+
+/**
+ * @type {Record<string, Record<string, (ctx: Context, req: Request) => Promise<Response>>>}
+ */
+const handlers = {
+  token: {
+    GET: fetch,
+    PUT: update,
+    POST: rotate,
+  },
+};
+
+/**
+ * @param {Context} ctx
+ * @param {Request} req
+ * @returns {Promise<Response>}
+ */
+export default async function handler(ctx, req) {
+  const {
+    info: { method },
+    url: { pathname },
+  } = ctx;
+  const [subRoute] = pathname.split('/').filter(Boolean).slice(['org', 'site', 'route'].length);
+
+  const fn = handlers[subRoute]?.[method];
+  if (!fn) {
+    return errorResponse(404);
+  }
+  return fn(ctx, req);
+}
diff --git a/src/routes/auth/rotate.js b/src/routes/auth/rotate.js
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2025 Adobe. All rights reserved.
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+ * OF ANY KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+
+import { assertAuthorization } from '../../utils/auth.js';
+import { errorResponse } from '../../utils/http.js';
+import { updateToken } from './update.js';
+
+/**
+ * @param {Context} ctx
+ */
+export default async function rotate(ctx) {
+  const { data } = ctx;
+  if (data.token) {
+    return errorResponse(400, 'token can not be provided on rotate');
+  }
+
+  await assertAuthorization(ctx);
+
+  const token = await updateToken(ctx);
+  return new Response(JSON.stringify({ token }), {
+    headers: {
+      'Content-Type': 'application/json',
+    },
+  });
+}
diff --git a/src/routes/auth/update.js b/src/routes/auth/update.js
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2025 Adobe. All rights reserved.
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+ * OF ANY KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+
+import { assertAuthorization } from '../../utils/auth.js';
+import { errorResponse, errorWithResponse } from '../../utils/http.js';
+
+const generateToken = () => crypto.randomUUID().toUpperCase();
+
+/**
+ *
+ * @param {Context} ctx
+ * @param {string} [token]
+ * @returns {Promise<string>}
+ */
+export async function updateToken(ctx, token = generateToken()) {
+  const { config } = ctx;
+  try {
+    await ctx.env.KEYS.put(config.siteKey, token);
+  } catch (e) {
+    ctx.log.error('failed to update token', e);
+    throw errorWithResponse(500, 'failed to update token');
+  }
+  return token;
+}
+
+/**
+ * @param {Context} ctx
+ */
+export default async function update(ctx) {
+  const { data } = ctx;
+  if (!data.token || typeof data.token !== 'string') {
+    return errorResponse(400, 'missing or invalid token');
+  }
+
+  await assertAuthorization(ctx);
+
+  const token = await updateToken(ctx, data.token);
+  return new Response(JSON.stringify({ token }), {
+    headers: {
+      'Content-Type': 'application/json',
+    },
+  });
+}
