newsnow/server/middleware/auth.ts

import process from "node:process"
import { jwtVerify } from "jose"

export default defineEventHandler(async (event) => {
  const url = getRequestURL(event)
  if (["JWT_SECRET", "G_CLIENT_ID", "G_CLIENT_SECRET"].find(k => !process.env[k])) {
    event.context.disabledLogin = true
    if (!url.pathname.startsWith("/api/s"))
      throw createError({ statusCode: 506, message: "Server not configured, disable login" })
  } else {
    if (["/api/s", "/api/me"].find(p => url.pathname.startsWith(p))) {
      const token = getHeader(event, "Authorization")?.replace(/Bearer\s*/, "")?.trim()
      if (token) {
        try {
          const { payload } = await jwtVerify(token, new TextEncoder().encode(process.env.JWT_SECRET)) as { payload?: { id: string, type: string } }
          if (payload?.id) {
            event.context.user = {
              id: payload.id,
              type: payload.type,
            }
          }
        } catch {
          if (url.pathname.startsWith("/api/me"))
            throw createError({ statusCode: 401, message: "JWT verification failed" })
          else logger.warn("JWT verification failed")
        }
      } else if (url.pathname.startsWith("/api/me")) {
        throw createError({ statusCode: 401, message: "JWT verification failed" })
      }
    }
  }
})
feat: support github oauth 2024-10-14 00:02:58 +08:00			`import process from "node:process"`
fix: test jose to sign jwt 2024-10-14 01:20:43 +08:00			`import { jwtVerify } from "jose"`
feat: support github oauth 2024-10-14 00:02:58 +08:00
fix: use @tsndr/cloudflare-worker-jwt 2024-10-14 00:33:37 +08:00			`export default defineEventHandler(async (event) => {`
feat: sync user action 2024-10-15 12:05:03 +08:00			`const url = getRequestURL(event)`
fix: github oauth on cloudflare page 2024-10-14 17:18:57 +08:00			`if (["JWT_SECRET", "G_CLIENT_ID", "G_CLIENT_SECRET"].find(k => !process.env[k])) {`
feat: optimize cache logi 2024-10-14 21:50:27 +08:00			`event.context.disabledLogin = true`
feat: optimize auth logic 2024-10-24 20:50:30 +08:00			`if (!url.pathname.startsWith("/api/s"))`
			`throw createError({ statusCode: 506, message: "Server not configured, disable login" })`
fix: github oauth on cloudflare page 2024-10-14 17:18:57 +08:00			`} else {`
feat: optimize auth logic 2024-10-24 20:50:30 +08:00			`if (["/api/s", "/api/me"].find(p => url.pathname.startsWith(p))) {`
chore: minor changes 2024-10-25 03:06:28 +08:00			`const token = getHeader(event, "Authorization")?.replace(/Bearer\s*/, "")?.trim()`
feat: optimize auth logic 2024-10-24 20:50:30 +08:00			`if (token) {`
feat: optimize cache logi 2024-10-14 21:50:27 +08:00			`try {`
fix: user verify 2024-10-19 13:14:31 +08:00			`const { payload } = await jwtVerify(token, new TextEncoder().encode(process.env.JWT_SECRET)) as { payload?: { id: string, type: string } }`
feat: optimize cache logi 2024-10-14 21:50:27 +08:00			`if (payload?.id) {`
			`event.context.user = {`
			`id: payload.id,`
			`type: payload.type,`
			`}`
			`}`
			`} catch {`
feat: optimize auth logic 2024-10-24 20:50:30 +08:00			`if (url.pathname.startsWith("/api/me"))`
			`throw createError({ statusCode: 401, message: "JWT verification failed" })`
			`else logger.warn("JWT verification failed")`
fix: github oauth on cloudflare page 2024-10-14 17:18:57 +08:00			`}`
feat: optimize auth logic 2024-10-24 20:50:30 +08:00			`} else if (url.pathname.startsWith("/api/me")) {`
			`throw createError({ statusCode: 401, message: "JWT verification failed" })`
fix: test jose to sign jwt 2024-10-14 01:20:43 +08:00			`}`
feat: support github oauth 2024-10-14 00:02:58 +08:00			`}`
			`}`
			`})`