Compare commits
No commits in common. "5cb71428245f8d945f334448e242d07304a64e99" and "c6758721ecd578b0c319c0c6d858fe932a65050a" have entirely different histories.
5cb7142824
...
c6758721ec
|
|
@ -23,7 +23,7 @@ export default function LoginForm() {
|
|||
required
|
||||
/>
|
||||
<Input
|
||||
label='Utiliser une Passkey si disponible'
|
||||
label='Utiliser une Passkey'
|
||||
name='passkey'
|
||||
type='checkbox'
|
||||
checked
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ import 'npm:iterator-polyfill'
|
|||
import { FreshContext } from '$fresh/server.ts'
|
||||
import { Contact, type Mail, send } from '@cohabit/cohamail/mod.ts'
|
||||
import { magicLinkTemplate } from '@cohabit/cohamail/templates/mod.ts'
|
||||
import { SessionHandlers, SessionStore } from '../../../src/session/mod.ts'
|
||||
import { SessionHandlers } from '../../../src/session/mod.ts'
|
||||
import { respondApi } from '../../../src/utils.ts'
|
||||
import { sleep } from '@jotsr/delayed'
|
||||
import { User } from '@cohabit/ressources_manager/src/models/mod.ts'
|
||||
|
|
@ -39,21 +39,19 @@ export const handler: SessionHandlers = {
|
|||
// generate magic link
|
||||
const token = crypto.randomUUID()
|
||||
const endpoint =
|
||||
`${ctx.url.origin}/api/magiclink?token=${token}&session=${ctx.state.session.uuid}&redirect=/profil`
|
||||
`${ctx.url.origin}/api/magiclink?token=${token}&redirect=/profil`
|
||||
|
||||
// save token to session
|
||||
ctx.state.session.flash<MagicLinkInfos>(`MAGIC_LINK__${token}`, {
|
||||
email,
|
||||
remoteId: remoteId(request, ctx),
|
||||
remoteId: remoteId(ctx),
|
||||
timestamp: Date.now(),
|
||||
})
|
||||
|
||||
// send mail to user
|
||||
try {
|
||||
if (user) {
|
||||
// Get user ip through proxy else from tcp connection
|
||||
const ip = request.headers.get('X-FORWARDED-FOR') ??
|
||||
ctx.remoteAddr.hostname
|
||||
const ip = ctx.remoteAddr.hostname
|
||||
const device = request.headers.get('Sec-Ch-Ua-Platform') ?? undefined
|
||||
|
||||
await sendMagicLink(user, { device, ip, endpoint })
|
||||
|
|
@ -71,24 +69,14 @@ export const handler: SessionHandlers = {
|
|||
)
|
||||
}
|
||||
},
|
||||
async GET(request, ctx) {
|
||||
async GET(_request, ctx) {
|
||||
const token = ctx.url.searchParams.get('token')
|
||||
const redirect = ctx.url.searchParams.get('redirect')
|
||||
const sessionId = ctx.url.searchParams.get('session')
|
||||
|
||||
// no token or sessionId
|
||||
if (token === null || sessionId === null) {
|
||||
return respondApi('error', 'no token or session provided', 400)
|
||||
// no token
|
||||
if (token === null) {
|
||||
return respondApi('error', 'no token provided', 400)
|
||||
}
|
||||
|
||||
// set session if 3rd party cookies was blocked
|
||||
ctx.state.session = ctx.state.session ?? SessionStore.getSession(sessionId)
|
||||
|
||||
// no session available
|
||||
if (ctx.state.session === null) {
|
||||
return respondApi('error', 'no session datas', 401)
|
||||
}
|
||||
|
||||
// wrong or timeout token
|
||||
const entry = ctx.state.session.get<MagicLinkInfos>(`MAGIC_LINK__${token}`)
|
||||
|
||||
|
|
@ -99,12 +87,12 @@ export const handler: SessionHandlers = {
|
|||
}
|
||||
|
||||
// check remote id (same user/machine that has query the token)
|
||||
if (entry.remoteId === remoteId(request, ctx)) {
|
||||
if (entry.remoteId === remoteId(ctx)) {
|
||||
const user = await getUserByMail(entry.email)
|
||||
ctx.state.session.set('user', user)
|
||||
|
||||
if (redirect) {
|
||||
return Response.redirect(new URL(redirect, ctx.url.origin))
|
||||
return Response.redirect(new URL(redirect, ctx.basePath))
|
||||
}
|
||||
|
||||
return respondApi('success', user)
|
||||
|
|
@ -121,16 +109,8 @@ export const handler: SessionHandlers = {
|
|||
}
|
||||
|
||||
function remoteId(
|
||||
{ headers }: { headers: Headers },
|
||||
{ remoteAddr }: { remoteAddr: FreshContext['remoteAddr'] },
|
||||
): string {
|
||||
const forwardedAddress = headers.get('X-FORWARDED-FOR')
|
||||
const forwardedProto = headers.get('X-FORWARDED-PROTO')
|
||||
|
||||
if (forwardedAddress && forwardedProto) {
|
||||
return `${forwardedProto}://${forwardedAddress}`
|
||||
}
|
||||
|
||||
return `(${remoteAddr.transport}):${remoteAddr.hostname}:${remoteAddr.port}`
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -118,7 +118,8 @@ export const handler: SessionHandlers = {
|
|||
}
|
||||
|
||||
const { newCounter } = authenticationInfo
|
||||
const newPasskey = { ...passkey, counter: newCounter }
|
||||
|
||||
passkey.counter = newCounter
|
||||
|
||||
// Update credential store
|
||||
const [credential] = await db.ressource.credential.list(
|
||||
|
|
@ -132,7 +133,7 @@ export const handler: SessionHandlers = {
|
|||
|
||||
// Save credential to db
|
||||
await db.ressource.credential.set([
|
||||
credential.update({ store: newPasskey }),
|
||||
credential.update({ store: passkey }),
|
||||
])
|
||||
|
||||
// log user
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ export const handler: SessionHandlers = {
|
|||
|
||||
const options = await generateRegistrationOptions({
|
||||
rpName: relyingParty.name,
|
||||
rpID: relyingParty.origin,
|
||||
rpID: relyingParty.id,
|
||||
userName: user.login,
|
||||
attestationType: 'none',
|
||||
excludeCredentials,
|
||||
|
|
|
|||
|
|
@ -1,11 +1,6 @@
|
|||
export function getRelyingParty(url: string | URL) {
|
||||
url = new URL(url)
|
||||
|
||||
// Prevent protocol mismatch when server is behind a proxy
|
||||
if (!['localhost', '127.0.0.1', '0.0.0.0'].includes(url.hostname)) {
|
||||
url.protocol = 'https'
|
||||
}
|
||||
|
||||
return {
|
||||
/**
|
||||
* Human-readable title for your website
|
||||
|
|
|
|||
Loading…
Reference in a new issue