-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
24 changed files
with
571 additions
and
93 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,25 +1,22 @@ | ||
import { Email } from '@/constants/Types/Email.types'; | ||
import AuthMagicLinkEmail from '@/emails/auth-magic-link'; | ||
import { token_secret } from '@/schema/auth'; | ||
import { surreal } from '@api/surreal'; | ||
import { fullname } from '@/lib/zod'; | ||
import { sessionLength } from '@api/config/auth'; | ||
import { MagicLinkVerification } from '@api/config/shared_schemas'; | ||
import { surreal } from '@api/lib/surreal'; | ||
import AuthMagicLinkEmail from '@email/auth-magic-link'; | ||
import { render } from '@react-email/components'; | ||
import { token_secret } from '@schema/auth'; | ||
import jwt from 'jsonwebtoken'; | ||
import { NextRequest, NextResponse } from 'next/server'; | ||
import { z } from 'zod'; | ||
|
||
const sessionLength = { | ||
admin: 60 * 60 * 2, | ||
user: 60 * 60 * 24, | ||
}; | ||
|
||
const Body = z.object({ | ||
identifier: z.string(), | ||
scope: z.union([z.literal('admin'), z.literal('user')]), | ||
}); | ||
|
||
const MagicLinkVerification = z.object({ | ||
identifier: z.string(), | ||
challenge: z.string(), | ||
export const CreateProfile = MagicLinkVerification.extend({ | ||
name: fullname(), | ||
}); | ||
|
||
const Method = z.literal('magic-link'); | ||
|
@@ -31,56 +28,68 @@ export async function POST( | |
const method = Method.parse(params.method); | ||
const { identifier, scope } = Body.parse(await req.json()); | ||
|
||
const [, res] = await surreal.query< | ||
const [, , , res] = await surreal.query< | ||
[ | ||
null, | ||
null, | ||
null, | ||
null | { | ||
challenge: { | ||
challenge: string; | ||
}; | ||
subject: { | ||
name: string; | ||
email: string; | ||
}; | ||
challenge: string; | ||
email: string; | ||
} | ||
] | ||
>( | ||
/* surrealql */ ` | ||
LET $subject = (SELECT * FROM type::table($scope_name) WHERE email = $identifier)[0]; | ||
IF (!!$subject.id) THEN { | ||
LET $challenge = (CREATE auth_challenge SET method = $method, subject = $subject.id); | ||
LET $challenge = (CREATE auth_challenge SET method = $method, subject = ($subject.id OR $identifier)); | ||
LET $email = $subject.email OR $identifier; | ||
IF ( | ||
-- Admins cannot sign up | ||
-- Therefor, in case of an admin, we check if the user exists already | ||
-- Users can signup, they are allowed to continue | ||
($subject.id OR $scope_name = 'user') | ||
-- Was the challenge created, and is the email valid? | ||
-- (email is backup check, should have failed by earlier asserts if invalid) | ||
AND $challenge.challenge | ||
AND is::email($email) | ||
) THEN | ||
RETURN { | ||
subject: $subject, | ||
challenge: $challenge | ||
challenge: $challenge.challenge, | ||
email: $email, | ||
}; | ||
} END; | ||
END; | ||
`, | ||
{ identifier, scope_name: scope, method } | ||
); | ||
|
||
if (method == 'magic-link' && res.result) { | ||
const { | ||
challenge: { challenge }, | ||
subject: { email }, | ||
} = res.result; | ||
|
||
const body = Email.parse({ | ||
from: '[email protected]', | ||
to: email, | ||
subject: 'PlayrBase signin link', | ||
text: render(AuthMagicLinkEmail({ challenge, identifier: email }), { | ||
plainText: true, | ||
}), | ||
html: render(AuthMagicLinkEmail({ challenge, identifier: email })), | ||
} satisfies Email); | ||
|
||
await fetch('http://127.0.0.1:13004/email/store', { | ||
method: 'POST', | ||
headers: { | ||
'Content-Type': 'application/json', | ||
}, | ||
body: JSON.stringify(body), | ||
}); | ||
if (method == 'magic-link') { | ||
if (res.result) { | ||
const { challenge, email } = res.result; | ||
|
||
const body = Email.parse({ | ||
from: '[email protected]', | ||
to: email, | ||
subject: 'PlayrBase signin link', | ||
text: render( | ||
AuthMagicLinkEmail({ challenge, identifier: email }), | ||
{ | ||
plainText: true, | ||
} | ||
), | ||
html: render( | ||
AuthMagicLinkEmail({ challenge, identifier: email }) | ||
), | ||
} satisfies Email); | ||
|
||
await fetch('http://127.0.0.1:13004/email/store', { | ||
method: 'POST', | ||
headers: { | ||
'Content-Type': 'application/json', | ||
}, | ||
body: JSON.stringify(body), | ||
}); | ||
} | ||
|
||
return NextResponse.json({ success: true }); | ||
} | ||
|
@@ -137,10 +146,14 @@ export async function GET( | |
[ | ||
null, | ||
null, | ||
null | { | ||
SC: string; | ||
ID: string; | ||
} | ||
( | ||
| null | ||
| 'empty-profile' | ||
| { | ||
SC: string; | ||
ID: string; | ||
} | ||
) | ||
] | ||
>( | ||
/* surrealql */ ` | ||
|
@@ -151,6 +164,8 @@ export async function GET( | |
SC: meta::tb($subject.id), | ||
ID: $subject.id | ||
}; | ||
} ELSE IF (!!$verification.id) THEN { | ||
RETURN "empty-profile"; | ||
} END; | ||
`, | ||
{ identifier, challenge, method } | ||
|
@@ -159,7 +174,19 @@ export async function GET( | |
|
||
if (method == 'magic-link') { | ||
const res = await verifyChallenge(challenge); | ||
if (res.result) { | ||
if (res.result == 'empty-profile') { | ||
const url = `/account/create-profile?${new URLSearchParams({ | ||
identifier, | ||
challenge, | ||
})}`; | ||
|
||
return new NextResponse(`Success! Redirecting to ${url}`, { | ||
status: 302, | ||
headers: { | ||
Location: url, | ||
}, | ||
}); | ||
} else if (res.result) { | ||
const { SC, SC: TK, ID } = res.result; | ||
const { header } = generateToken({ SC, TK, ID }); | ||
|
||
|
@@ -184,6 +211,81 @@ export async function GET( | |
); | ||
} | ||
|
||
export async function PUT( | ||
req: NextRequest, | ||
{ params }: { params: { method: string } } | ||
) { | ||
const method = Method.parse(params.method); | ||
console.log(1, method); | ||
const { identifier, challenge, name } = CreateProfile.parse( | ||
await req.json() | ||
); | ||
|
||
console.log(2, { identifier, challenge, name }); | ||
|
||
const createProfile = async (challenge: string) => | ||
( | ||
await surreal.query< | ||
[ | ||
null, | ||
null, | ||
null | { | ||
SC: string; | ||
ID: string; | ||
} | ||
] | ||
>( | ||
/* surrealql */ ` | ||
LET $verification = (SELECT * FROM auth_challenge WHERE method = $method AND challenge = $challenge AND subject = $identifier AND created > time::now() - 30m)[0]; | ||
LET $subject = CREATE user CONTENT { | ||
email: $identifier, | ||
name: $name | ||
}; | ||
IF (!!$subject.id) THEN { | ||
RETURN { | ||
SC: meta::tb($subject.id), | ||
ID: $subject.id | ||
}; | ||
} END; | ||
`, | ||
{ identifier, challenge, name, method } | ||
) | ||
)[2]; | ||
|
||
if (method == 'magic-link') { | ||
const res = await createProfile(challenge); | ||
console.log(3, res); | ||
if (res.result) { | ||
const { SC, SC: TK, ID } = res.result; | ||
const { header, token } = generateToken({ SC, TK, ID }); | ||
|
||
return NextResponse.json( | ||
{ | ||
success: true, | ||
token, | ||
}, | ||
{ | ||
status: 200, | ||
headers: { | ||
'Set-Cookie': header, | ||
}, | ||
} | ||
); | ||
} | ||
|
||
return NextResponse.json( | ||
{ success: false, error: 'invalid_credentials' }, | ||
{ status: 400 } | ||
); | ||
} | ||
|
||
return NextResponse.json( | ||
{ success: false, error: 'invalid_method' }, | ||
{ status: 400 } | ||
); | ||
} | ||
|
||
function generateToken({ SC, TK, ID }: { SC: string; TK: string; ID: string }) { | ||
const maxAge = | ||
SC in sessionLength | ||
|
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
export const sessionLength = { | ||
admin: 60 * 60 * 2, | ||
user: 60 * 60 * 24, | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
import { z } from 'zod'; | ||
|
||
export const MagicLinkVerification = z.object({ | ||
identifier: z.string(), | ||
challenge: z.string(), | ||
}); |
File renamed without changes.
Oops, something went wrong.