fix: authentication (#26)

Author: aster-void

.env.sample

@@ -1,5 +1,7 @@
 # NOTE: .env is only used for development.
 # = credentials (if any)
+# == COOKIE_SIGN: 値に特に意味はないのでローカルでは適当な値を入れてください
+COOKIE_SIGN=randomly-generated-128-bytes-string
 
 # = config
 # == service config

service/db/schema.ts

@@ -3,7 +3,7 @@ import { integer, sqliteTable, text } from "drizzle-orm/sqlite-core";
 export const participants = sqliteTable("participants", {
   id: text("id").notNull().primaryKey(),
   name: text().notNull(),
-  account_id: text("account_id").references(() => accounts.id).notNull(),
+  browser_id: text("browser_id").notNull(),
   project_id: text("project_id").references(() => projects.id).notNull(),
   is_admin: integer("is_admin").notNull(),
 });

service/features/auth/index.ts

@@ -0,0 +1,87 @@
+import type { Context } from "hono";
+import { getSignedCookie, setSignedCookie } from "hono/cookie";
+import { db } from "../../db/client.ts";
+import { accounts, type SelectAccount } from "../../db/schema.ts";
+import { HTTPException } from "hono/http-exception";
+import { eq } from "drizzle-orm";
+import type { CookieOptions } from "hono/utils/cookie";
+import { env } from "../../utils/env.ts";
+
+function GET_COOKIE_SIGN(c: Context): string {
+  return env(c, "COOKIE_SIGN");
+}
+
+const cookie_identifier__browser_id = "howmatch.browser_id";
+// TODO: make it last forever or smth
+const cookieOptions: CookieOptions = {
+  httpOnly: true,
+  secure: false,
+};
+
+type NoAuth = {
+  name: string;
+};
+
+// TODO: implement authentication
+type AuthInfo = {
+  kind: "none";
+  info: NoAuth;
+};
+
+export async function signup(c: Context, auth: AuthInfo): Promise<SelectAccount> {
+  const browser_id = await getBrowserID(c);
+  const prev = await _findAccount(c, auth);
+  if (prev) {
+    // already has an account
+    return prev;
+  }
+  const account = (
+    await db(c)
+      .insert(accounts)
+      .values({
+        id: crypto.randomUUID(),
+        browser_id,
+        name: auth.info.name,
+      })
+      .returning()
+  )[0];
+  if (!account) throw new HTTPException(500, { message: "Failed to create account" });
+  return account;
+}
+
+// TODO: implement authentication
+export async function login(c: Context, auth: AuthInfo): Promise<SelectAccount> {
+  const acc = await _findAccount(c, auth);
+  if (acc) {
+    setSignedCookie(c, cookie_identifier__browser_id, acc.browser_id, GET_COOKIE_SIGN(c), cookieOptions);
+    return acc;
+  }
+  throw new HTTPException(404, { message: "account not found" });
+}
+
+// creates new one if necessary.
+export async function getBrowserID(c: Context): Promise<string> {
+  const cookie = await getSignedCookie(c, GET_COOKIE_SIGN(c), cookie_identifier__browser_id);
+  if (cookie) {
+    return cookie;
+  }
+  const browser_id = crypto.randomUUID();
+  await setSignedCookie(c, cookie_identifier__browser_id, browser_id, GET_COOKIE_SIGN(c), cookieOptions);
+  return browser_id;
+}
+
+// TODO: implement authentication
+async function _findAccount(c: Context, auth: AuthInfo): Promise<SelectAccount | undefined> {
+  switch (auth.kind) {
+    case "none": {
+      const accountsResult = await db(c)
+        .select()
+        .from(accounts)
+        .where(eq(accounts.name, auth.info.name))
+        .limit(1);
+      return accountsResult[0]; // findUnique をしたかった
+    }
+    default:
+      auth.kind satisfies never;
+  }
+}

service/index.ts

@@ -9,7 +9,7 @@ const app = new Hono<HonoOptions>()
   .use(
     "/*",
     async (c, next) => {
-      const CORS_ALLOW_ORIGINS = env(c, "CORS_ALLOW_ORIGINS", "");
+      const CORS_ALLOW_ORIGINS = env(c, "CORS_ALLOW_ORIGINS", { fallback: "" });
       return await cors({
         origin: CORS_ALLOW_ORIGINS.split(","),
         credentials: true,