Refactor demo login as an authentication method
Use the authentication method system for the demo login and the generated accounts. This makes it possible to toggle it off on production systems as these shouldn't have it enabled at all.
This commit is contained in:
parent
a33c8e9dac
commit
0d0e38e4b6
14 changed files with 212 additions and 141 deletions
|
|
@ -2,10 +2,19 @@
|
|||
SPDX-FileCopyrightText: © 2025 Hornwitser <code@hornwitser.no>
|
||||
SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
*/
|
||||
import { writeSchedule, writeUsers } from "~/server/database";
|
||||
import { nextAuthenticationMethodId, writeAuthenticationMethods, writeNextAuthenticationMethodId, writeSchedule, writeUsers } from "~/server/database";
|
||||
import { generateDemoSchedule, generateDemoAccounts } from "~/server/generate-demo-schedule";
|
||||
export default defineEventHandler(async (event) => {
|
||||
await requireServerSessionWithAdmin(event);
|
||||
await writeUsers(generateDemoAccounts());
|
||||
const accounts = generateDemoAccounts();
|
||||
await writeUsers(accounts);
|
||||
await writeSchedule(generateDemoSchedule());
|
||||
await writeAuthenticationMethods(accounts.map((user, index) => ({
|
||||
id: index,
|
||||
userId: user.id,
|
||||
provider: "demo",
|
||||
slug: user.name!,
|
||||
name: user.name!,
|
||||
})));
|
||||
await writeNextAuthenticationMethodId(Math.max(await nextAuthenticationMethodId(), accounts.length));
|
||||
})
|
||||
|
|
|
|||
|
|
@ -15,8 +15,8 @@ export default defineEventHandler(async (event): Promise<ApiSession> => {
|
|||
});
|
||||
}
|
||||
|
||||
const formData = await readBody(event);
|
||||
const name = formData.name;
|
||||
const body = await readBody(event);
|
||||
const name = body?.name;
|
||||
|
||||
const users = await readUsers();
|
||||
let user: ServerUser;
|
||||
|
|
@ -42,7 +42,7 @@ export default defineEventHandler(async (event): Promise<ApiSession> => {
|
|||
name,
|
||||
};
|
||||
|
||||
} else if (name === null) {
|
||||
} else if (name === undefined) {
|
||||
user = {
|
||||
id: await nextUserId(),
|
||||
updatedAt: new Date().toISOString(),
|
||||
|
|
@ -55,7 +55,14 @@ export default defineEventHandler(async (event): Promise<ApiSession> => {
|
|||
});
|
||||
}
|
||||
|
||||
if (session?.authenticationProvider) {
|
||||
if (user.type !== "anonymous") {
|
||||
if (!session?.authenticationProvider) {
|
||||
throw createError({
|
||||
statusCode: 409,
|
||||
statusMessage: "Conflict",
|
||||
message: "User account need an authentication method associated with it.",
|
||||
});
|
||||
}
|
||||
const authMethods = await readAuthenticationMethods();
|
||||
const method = authMethods.find(method => (
|
||||
method.provider === session.authenticationProvider
|
||||
|
|
|
|||
38
server/api/auth/ap/demo-login.post.ts
Normal file
38
server/api/auth/ap/demo-login.post.ts
Normal file
|
|
@ -0,0 +1,38 @@
|
|||
/*
|
||||
SPDX-FileCopyrightText: © 2025 Hornwitser <code@hornwitser.no>
|
||||
SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
*/
|
||||
import { readAuthenticationMethods, readUsers } from "~/server/database";
|
||||
|
||||
export default defineEventHandler(async (event) => {
|
||||
const runtimeConfig = useRuntimeConfig(event);
|
||||
if (!runtimeConfig.public.authDemoEnabled) {
|
||||
throw createError({
|
||||
statusCode: 403,
|
||||
statusMessage: "Forbidden",
|
||||
message: "Demo authentication is disabled",
|
||||
});
|
||||
}
|
||||
|
||||
const { name: slug } = await readBody(event);
|
||||
|
||||
if (typeof slug !== "string" || !slug) {
|
||||
throw createError({
|
||||
statusCode: 400,
|
||||
statusMessage: "Bad Request",
|
||||
message: "Missing name",
|
||||
});
|
||||
}
|
||||
|
||||
const authMethods = await readAuthenticationMethods();
|
||||
const method = authMethods.find(method => method.provider === "demo" && method.slug === slug);
|
||||
let session;
|
||||
if (method) {
|
||||
const users = await readUsers();
|
||||
const account = users.find(user => !user.deleted && user.id === method.userId);
|
||||
session = await setServerSession(event, account);
|
||||
} else {
|
||||
session = await setServerSession(event, undefined, "demo", slug, slug);
|
||||
}
|
||||
return await serverSessionToApi(event, session);
|
||||
})
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
/*
|
||||
SPDX-FileCopyrightText: © 2025 Hornwitser <code@hornwitser.no>
|
||||
SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
*/
|
||||
import { readUsers } from "~/server/database";
|
||||
|
||||
export default defineEventHandler(async (event) => {
|
||||
const { name } = await readBody(event);
|
||||
|
||||
if (!name) {
|
||||
return new Response(undefined, { status: 400 })
|
||||
}
|
||||
|
||||
const accounts = await readUsers();
|
||||
const account = accounts.find(a => a.name === name);
|
||||
|
||||
if (!account) {
|
||||
return new Response(undefined, { status: 403 })
|
||||
}
|
||||
|
||||
await setServerSession(event, account);
|
||||
})
|
||||
|
|
@ -3,14 +3,14 @@
|
|||
SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
*/
|
||||
import { readFile, unlink, writeFile } from "node:fs/promises";
|
||||
import type { ApiSchedule, ApiSubscription, ApiUserType } from "~/shared/types/api";
|
||||
import type { ApiAuthenticationProvider, ApiSchedule, ApiSubscription, ApiUserType } from "~/shared/types/api";
|
||||
import type { Id } from "~/shared/types/common";
|
||||
|
||||
export interface ServerSession {
|
||||
id: Id,
|
||||
access: ApiUserType,
|
||||
accountId?: number,
|
||||
authenticationProvider?: "telegram",
|
||||
authenticationProvider?: ApiAuthenticationProvider,
|
||||
authenticationSlug?: string,
|
||||
authenticationName?: string,
|
||||
rotatesAtMs: number,
|
||||
|
|
@ -33,7 +33,7 @@ export interface ServerUser {
|
|||
|
||||
export interface ServerAuthenticationMethod {
|
||||
id: Id,
|
||||
provider: "telegram",
|
||||
provider: ApiAuthenticationProvider,
|
||||
slug: string,
|
||||
name: string,
|
||||
userId: Id,
|
||||
|
|
@ -157,6 +157,10 @@ export async function nextAuthenticationMethodId() {
|
|||
return nextId;
|
||||
}
|
||||
|
||||
export async function writeNextAuthenticationMethodId(nextId: number) {
|
||||
await writeFile(nextAuthenticationMethodIdPath, String(nextId), "utf-8");
|
||||
}
|
||||
|
||||
export async function readAuthenticationMethods() {
|
||||
return readJson<ServerAuthenticationMethod[]>(authMethodPath, [])
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ import {
|
|||
writeSubscriptions
|
||||
} from "~/server/database";
|
||||
import { broadcastEvent } from "../streams";
|
||||
import type { ApiSession } from "~/shared/types/api";
|
||||
import type { ApiAuthenticationProvider, ApiSession } from "~/shared/types/api";
|
||||
|
||||
async function removeSessionSubscription(sessionId: number) {
|
||||
const subscriptions = await readSubscriptions();
|
||||
|
|
@ -54,7 +54,7 @@ export async function clearServerSession(event: H3Event) {
|
|||
export async function setServerSession(
|
||||
event: H3Event,
|
||||
account: ServerUser | undefined,
|
||||
authenticationProvider?: "telegram",
|
||||
authenticationProvider?: ApiAuthenticationProvider,
|
||||
authenticationSlug?: string,
|
||||
authenticationName?: string,
|
||||
) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue