feat: add supertokens
This commit is contained in:
@@ -1,85 +1,25 @@
|
||||
import { logger } from "@platform/logger";
|
||||
import cookie from "cookie";
|
||||
import { NotFoundError } from "@platform/relay";
|
||||
import { getSessionHeaders } from "@platform/supertoken/session.ts";
|
||||
import Passwordless from "supertokens-node/recipe/passwordless";
|
||||
|
||||
import { Code } from "../../../aggregates/code.ts";
|
||||
import { Identity } from "../../../aggregates/identity.ts";
|
||||
import { auth } from "../../../auth.ts";
|
||||
import { config } from "../../../config.ts";
|
||||
import { eventStore } from "../../../event-store.ts";
|
||||
import route from "./spec.ts";
|
||||
|
||||
export default route.access("public").handle(async ({ params: { identityId, codeId, value }, query: { next } }) => {
|
||||
const code = await eventStore.aggregate.getByStream(Code, codeId);
|
||||
|
||||
if (code === undefined) {
|
||||
return logger.info({
|
||||
type: "code:claimed",
|
||||
session: false,
|
||||
message: "Invalid Code ID",
|
||||
received: codeId,
|
||||
});
|
||||
export default route.access("public").handle(async ({ body: { preAuthSessionId, deviceId, userInputCode } }) => {
|
||||
const response = await Passwordless.consumeCode({ tenantId: "public", preAuthSessionId, deviceId, userInputCode });
|
||||
if (response.status !== "OK") {
|
||||
return new NotFoundError();
|
||||
}
|
||||
|
||||
if (code.claimedAt !== undefined) {
|
||||
return logger.info({
|
||||
type: "code:claimed",
|
||||
session: false,
|
||||
message: "Code Already Claimed",
|
||||
received: codeId,
|
||||
});
|
||||
}
|
||||
|
||||
await code.claim().save();
|
||||
|
||||
if (code.value !== value) {
|
||||
return logger.info({
|
||||
type: "code:claimed",
|
||||
session: false,
|
||||
message: "Invalid Value",
|
||||
expected: code.value,
|
||||
received: value,
|
||||
});
|
||||
}
|
||||
|
||||
if (code.identity.id !== identityId) {
|
||||
return logger.info({
|
||||
type: "code:claimed",
|
||||
session: false,
|
||||
message: "Invalid Identity ID",
|
||||
expected: code.identity.id,
|
||||
received: identityId,
|
||||
});
|
||||
}
|
||||
|
||||
const account = await eventStore.aggregate.getByStream(Identity, identityId);
|
||||
if (account === undefined) {
|
||||
return logger.info({
|
||||
type: "code:claimed",
|
||||
session: false,
|
||||
message: "Account Not Found",
|
||||
expected: code.identity.id,
|
||||
received: undefined,
|
||||
});
|
||||
}
|
||||
|
||||
logger.info({ type: "code:claimed", session: true });
|
||||
|
||||
const options = config.cookie(1000 * 60 * 60 * 24 * 7);
|
||||
|
||||
if (next !== undefined) {
|
||||
return new Response(null, {
|
||||
status: 302,
|
||||
headers: {
|
||||
location: next,
|
||||
"set-cookie": cookie.serialize("token", await auth.generate({ id: account.id }, "1 week"), options),
|
||||
},
|
||||
});
|
||||
}
|
||||
logger.info({
|
||||
type: "code:claimed",
|
||||
session: true,
|
||||
message: "Identity resolved",
|
||||
user: response.user.toJson(),
|
||||
});
|
||||
|
||||
return new Response(null, {
|
||||
status: 200,
|
||||
headers: {
|
||||
"set-cookie": cookie.serialize("token", await auth.generate({ id: account.id }, "1 week"), options),
|
||||
},
|
||||
headers: await getSessionHeaders("public", response.recipeUserId),
|
||||
});
|
||||
});
|
||||
|
||||
@@ -2,12 +2,14 @@ import { route } from "@platform/relay";
|
||||
import z from "zod";
|
||||
|
||||
export default route
|
||||
.get("/api/v1/identities/login/code/:identityId/code/:codeId/:value")
|
||||
.params({
|
||||
identityId: z.string(),
|
||||
codeId: z.string(),
|
||||
value: z.string(),
|
||||
})
|
||||
.post("/api/v1/identity/login/code")
|
||||
.body(
|
||||
z.strictObject({
|
||||
deviceId: z.string(),
|
||||
preAuthSessionId: z.string(),
|
||||
userInputCode: z.string(),
|
||||
}),
|
||||
)
|
||||
.query({
|
||||
next: z.string().optional(),
|
||||
});
|
||||
|
||||
@@ -1,27 +1,23 @@
|
||||
import { logger } from "@platform/logger";
|
||||
import Passwordless from "supertokens-node/recipe/passwordless";
|
||||
|
||||
import { Code } from "../../../aggregates/code.ts";
|
||||
import { getIdentityEmailRelation, Identity } from "../../../aggregates/identity.ts";
|
||||
import { eventStore } from "../../../event-store.ts";
|
||||
import route from "./spec.ts";
|
||||
|
||||
export default route.access("public").handle(async ({ body: { base, email } }) => {
|
||||
const identity = await eventStore.aggregate.getByRelation(Identity, getIdentityEmailRelation(email));
|
||||
if (identity === undefined) {
|
||||
export default route.access("public").handle(async ({ body: { email } }) => {
|
||||
const response = await Passwordless.createCode({ tenantId: "public", email });
|
||||
if (response.status !== "OK") {
|
||||
return logger.info({
|
||||
type: "auth:email",
|
||||
code: false,
|
||||
message: "Identity Not Found",
|
||||
type: "auth:passwordless",
|
||||
message: "Create code failed.",
|
||||
received: email,
|
||||
});
|
||||
}
|
||||
const code = await eventStore.aggregate.from(Code).create({ id: identity.id }).save();
|
||||
logger.info({
|
||||
type: "auth:email",
|
||||
type: "auth:passwordless",
|
||||
data: {
|
||||
code: code.id,
|
||||
identityId: identity.id,
|
||||
deviceId: response.deviceId,
|
||||
preAuthSessionId: response.preAuthSessionId,
|
||||
userInputCode: response.userInputCode,
|
||||
},
|
||||
link: `${base}/api/v1/admin/auth/${identity.id}/code/${code.id}/${code.value}?next=${base}/admin`,
|
||||
});
|
||||
});
|
||||
|
||||
@@ -1,9 +1,8 @@
|
||||
import { route } from "@platform/relay";
|
||||
import z from "zod";
|
||||
|
||||
export default route.post("/api/v1/identities/login/email").body(
|
||||
export default route.post("/api/v1/identity/login/email").body(
|
||||
z.object({
|
||||
base: z.url(),
|
||||
email: z.email(),
|
||||
}),
|
||||
);
|
||||
|
||||
48
modules/identity/routes/login/sudo/handle.ts
Normal file
48
modules/identity/routes/login/sudo/handle.ts
Normal file
@@ -0,0 +1,48 @@
|
||||
import { logger } from "@platform/logger";
|
||||
import { NotFoundError } from "@platform/relay";
|
||||
import { getSessionHeaders } from "@platform/supertoken/session.ts";
|
||||
import Passwordless from "supertokens-node/recipe/passwordless";
|
||||
|
||||
import route from "./spec.ts";
|
||||
|
||||
export default route.access("public").handle(async ({ body: { email } }) => {
|
||||
const code = await Passwordless.createCode({ tenantId: "public", email });
|
||||
if (code.status !== "OK") {
|
||||
return logger.info({
|
||||
type: "auth:passwordless",
|
||||
message: "Create code failed.",
|
||||
received: email,
|
||||
});
|
||||
}
|
||||
|
||||
logger.info({
|
||||
type: "auth:passwordless",
|
||||
data: {
|
||||
deviceId: code.deviceId,
|
||||
preAuthSessionId: code.preAuthSessionId,
|
||||
userInputCode: code.userInputCode,
|
||||
},
|
||||
});
|
||||
|
||||
const response = await Passwordless.consumeCode({
|
||||
tenantId: "public",
|
||||
preAuthSessionId: code.preAuthSessionId,
|
||||
deviceId: code.deviceId,
|
||||
userInputCode: code.userInputCode,
|
||||
});
|
||||
if (response.status !== "OK") {
|
||||
return new NotFoundError();
|
||||
}
|
||||
|
||||
logger.info({
|
||||
type: "code:claimed",
|
||||
session: true,
|
||||
message: "Identity resolved",
|
||||
user: response.user.toJson(),
|
||||
});
|
||||
|
||||
return new Response(null, {
|
||||
status: 200,
|
||||
headers: await getSessionHeaders("public", response.recipeUserId),
|
||||
});
|
||||
});
|
||||
8
modules/identity/routes/login/sudo/spec.ts
Normal file
8
modules/identity/routes/login/sudo/spec.ts
Normal file
@@ -0,0 +1,8 @@
|
||||
import { route } from "@platform/relay";
|
||||
import z from "zod";
|
||||
|
||||
export default route.post("/api/v1/identities/login/sudo").body(
|
||||
z.object({
|
||||
email: z.email(),
|
||||
}),
|
||||
);
|
||||
Reference in New Issue
Block a user