mirror of
https://github.com/BillyOutlast/drop.git
synced 2026-02-04 00:31:17 +01:00
63ac2b8ffc
* feat: nginx + torrential basics & services system * fix: lint + i18n * fix: update torrential to remove openssl * feat: add torrential to Docker build * feat: move to self hosted runner * fix: move off self-hosted runner * fix: update nginx.conf * feat: torrential cache invalidation * fix: update torrential for cache invalidation * feat: integrity check task * fix: lint * feat: move to version ids * fix: client fixes and client-side checks * feat: new depot apis and version id fixes * feat: update torrential * feat: droplet bump and remove unsafe update functions * fix: lint * feat: v4 featureset: emulators, multi-launch commands * fix: lint * fix: mobile ui for game editor * feat: launch options * fix: lint * fix: remove axios, use $fetch * feat: metadata and task api improvements * feat: task actions * fix: slight styling issue * feat: fix style and lints * feat: totp backend routes * feat: oidc groups * fix: update drop-base * feat: creation of passkeys & totp * feat: totp signin * feat: webauthn mfa/signin * feat: launch selecting ui * fix: manually running tasks * feat: update add company game modal to use new SelectorGame * feat: executor selector * fix(docker): update rust to rust nightly for torrential build (#305) * feat: new version ui * feat: move package lookup to build time to allow for deno dev * fix: lint * feat: localisation cleanup * feat: apply localisation cleanup * feat: potential i18n refactor logic * feat: remove args from commands * fix: lint * fix: lockfile --------- Co-authored-by: Aden Lindsay <140392385+AdenMGB@users.noreply.github.com>
136 lines
3.7 KiB
TypeScript
136 lines
3.7 KiB
TypeScript
import type { ClientModel, UserModel } from "~/prisma/client/models";
|
|
import type { EventHandlerRequest, H3Event } from "h3";
|
|
import droplet from "@drop-oss/droplet";
|
|
import prisma from "../db/database";
|
|
import { useCertificateAuthority } from "~/server/plugins/ca";
|
|
|
|
export type EventHandlerFunction<T> = (
|
|
h3: H3Event<EventHandlerRequest>,
|
|
utils: ClientUtils,
|
|
) => Promise<T> | T;
|
|
|
|
type ClientUtils = {
|
|
clientId: string;
|
|
fetchClient: () => Promise<ClientModel>;
|
|
fetchUser: () => Promise<UserModel>;
|
|
};
|
|
|
|
const NONCE_LENIENCE = 30_000;
|
|
|
|
export function defineClientEventHandler<T>(handler: EventHandlerFunction<T>) {
|
|
return defineEventHandler(async (h3) => {
|
|
const header = getHeader(h3, "Authorization");
|
|
if (!header) throw createError({ statusCode: 403 });
|
|
const [method, ...parts] = header.split(" ");
|
|
|
|
let clientId: string;
|
|
switch (method) {
|
|
case "Debug": {
|
|
if (!import.meta.dev) throw createError({ statusCode: 403 });
|
|
const client = await prisma.client.findFirst({ select: { id: true } });
|
|
if (!client)
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: "No clients created.",
|
|
});
|
|
clientId = client.id;
|
|
break;
|
|
}
|
|
case "Nonce": {
|
|
clientId = parts[0];
|
|
const nonce = parts[1];
|
|
const signature = parts[2];
|
|
|
|
if (!clientId || !nonce || !signature)
|
|
throw createError({ statusCode: 403 });
|
|
|
|
const nonceTime = parseInt(nonce);
|
|
const current = Date.now();
|
|
if (
|
|
// If it "will be generated" in thirty seconds
|
|
nonceTime > current + NONCE_LENIENCE ||
|
|
// Or more than thirty seconds ago
|
|
nonceTime < current - NONCE_LENIENCE
|
|
) {
|
|
// We reject the request
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: "Nonce expired",
|
|
});
|
|
}
|
|
|
|
const certificateAuthority = useCertificateAuthority();
|
|
const certBundle =
|
|
await certificateAuthority.fetchClientCertificate(clientId);
|
|
// This does the blacklist check already
|
|
if (!certBundle)
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: "Invalid client ID",
|
|
});
|
|
|
|
const valid = droplet.verifyNonce(certBundle.cert, nonce, signature);
|
|
if (!valid)
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: "Invalid nonce signature.",
|
|
});
|
|
break;
|
|
}
|
|
default: {
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: "No authentication",
|
|
});
|
|
}
|
|
}
|
|
|
|
if (clientId === undefined)
|
|
throw createError({
|
|
statusCode: 500,
|
|
statusMessage: "Failed to execute authentication pipeline.",
|
|
});
|
|
|
|
async function fetchClient() {
|
|
const client = await prisma.client.findUnique({
|
|
where: { id: clientId },
|
|
});
|
|
if (!client)
|
|
throw new Error(
|
|
"client util fetch client broke - this should NOT happen",
|
|
);
|
|
return client;
|
|
}
|
|
|
|
async function fetchUser() {
|
|
const client = await prisma.client.findUnique({
|
|
where: { id: clientId },
|
|
select: {
|
|
user: true,
|
|
},
|
|
});
|
|
|
|
if (!client)
|
|
throw new Error(
|
|
"client util fetch client broke - this should NOT happen",
|
|
);
|
|
|
|
return client.user;
|
|
}
|
|
|
|
const utils: ClientUtils = {
|
|
clientId,
|
|
fetchClient,
|
|
fetchUser,
|
|
};
|
|
|
|
// Ignore response because we don't care if this fails
|
|
await prisma.client.updateMany({
|
|
where: { id: clientId },
|
|
data: { lastConnected: new Date() },
|
|
});
|
|
|
|
return await handler(h3, utils);
|
|
});
|
|
}
|