Depot API & v4 (#298)

* feat: nginx + torrential basics & services system

* fix: lint + i18n

* fix: update torrential to remove openssl

* feat: add torrential to Docker build

* feat: move to self hosted runner

* fix: move off self-hosted runner

* fix: update nginx.conf

* feat: torrential cache invalidation

* fix: update torrential for cache invalidation

* feat: integrity check task

* fix: lint

* feat: move to version ids

* fix: client fixes and client-side checks

* feat: new depot apis and version id fixes

* feat: update torrential

* feat: droplet bump and remove unsafe update functions

* fix: lint

* feat: v4 featureset: emulators, multi-launch commands

* fix: lint

* fix: mobile ui for game editor

* feat: launch options

* fix: lint

* fix: remove axios, use $fetch

* feat: metadata and task api improvements

* feat: task actions

* fix: slight styling issue

* feat: fix style and lints

* feat: totp backend routes

* feat: oidc groups

* fix: update drop-base

* feat: creation of passkeys & totp

* feat: totp signin

* feat: webauthn mfa/signin

* feat: launch selecting ui

* fix: manually running tasks

* feat: update add company game modal to use new SelectorGame

* feat: executor selector

* fix(docker): update rust to rust nightly for torrential build (#305)

* feat: new version ui

* feat: move package lookup to build time to allow for deno dev

* fix: lint

* feat: localisation cleanup

* feat: apply localisation cleanup

* feat: potential i18n refactor logic

* feat: remove args from commands

* fix: lint

* fix: lockfile

---------

Co-authored-by: Aden Lindsay <140392385+AdenMGB@users.noreply.github.com>
This commit is contained in:
DecDuck
2026-01-13 15:32:39 +11:00
committed by GitHub
parent 8ef983304c
commit 63ac2b8ffc
190 changed files with 5848 additions and 2309 deletions
+11 -3
View File
@@ -16,9 +16,17 @@ export default function createDBSessionHandler(): SessionProvider {
},
create: {
token,
...session,
...(session.authenticated?.userId
? { userId: session.authenticated?.userId }
: undefined),
expiresAt: session.expiresAt,
data: session as object,
},
update: {
expiresAt: session.expiresAt,
data: session as object,
},
update: session,
});
return true;
},
@@ -39,7 +47,7 @@ export default function createDBSessionHandler(): SessionProvider {
// i hate casting
// need to cast to unknown since result.data can be an N deep json object technically
// ts doesn't like that be cast down to the more constraining session type
return result as unknown as T;
return result.data as unknown as T;
},
async removeSession(token) {
await cache.remove(token);
+93 -6
View File
@@ -6,6 +6,7 @@ import type { MinimumRequestObject } from "~/server/h3";
import type { DurationLike } from "luxon";
import { DateTime } from "luxon";
import createDBSessionHandler from "./db";
import prisma from "../db/database";
/*
This implementation may need work.
@@ -13,6 +14,9 @@ This implementation may need work.
It exposes an API that should stay static, but there are plenty of opportunities for optimisation/organisation under the hood
*/
// 10 minutes
const SUPERLEVEL_LENGTH = 10 * 60 * 1000;
const dropTokenCookieName = "drop-token";
const normalSessionLength: DurationLike = {
days: 31,
@@ -21,6 +25,8 @@ const extendedSessionLength: DurationLike = {
year: 1,
};
type SigninResult = ["signin", "2fa", "fail"][number];
export class SessionHandler {
private sessionProvider: SessionProvider;
@@ -31,14 +37,53 @@ export class SessionHandler {
// this.sessionProvider = createMemorySessionProvider();
}
async signin(h3: H3Event, userId: string, rememberMe: boolean = false) {
async signin(
h3: H3Event,
userId: string,
rememberMe: boolean = false,
): Promise<SigninResult> {
const mfaCount = await prisma.linkedMFAMec.count({
where: { userId, enabled: true },
});
const expiresAt = this.createExipreAt(rememberMe);
const token = this.createSessionCookie(h3, expiresAt);
return await this.sessionProvider.setSession(token, {
userId,
const token =
this.getSessionToken(h3) ?? this.createSessionCookie(h3, expiresAt);
const session = (await this.sessionProvider.getSession(token)) ?? {
expiresAt,
data: {},
});
};
const wasAuthenticated = !!session.authenticated;
session.authenticated = {
userId,
level: session.authenticated?.level ?? 10,
requiredLevel: mfaCount > 0 ? 20 : 10,
superleveledExpiry: undefined,
};
if (
!wasAuthenticated &&
session.authenticated.level >= session.authenticated.requiredLevel
)
session.authenticated.superleveledExpiry = Date.now() + SUPERLEVEL_LENGTH;
const success = await this.sessionProvider.setSession(token, session);
if (!success) return "fail";
if (session.authenticated.level < session.authenticated.requiredLevel)
return "2fa";
return "signin";
}
async mfa(h3: H3Event, amount: number) {
const token = this.getSessionToken(h3);
if (!token)
throw createError({ statusCode: 403, message: "User not signed in" });
const session = await this.sessionProvider.getSession(token);
if (!session || !session.authenticated)
throw createError({ statusCode: 403, message: "User not signed in" });
session.authenticated.level += amount;
await this.sessionProvider.setSession(token, session);
}
/**
@@ -48,12 +93,54 @@ export class SessionHandler {
async getSession<T extends Session>(request: MinimumRequestObject) {
const token = this.getSessionToken(request);
if (!token) return undefined;
// TODO: should validate if session is expired or not here, not in application code
const data = await this.sessionProvider.getSession<T>(token);
if (!data) return undefined;
if (new Date(data.expiresAt).getTime() < Date.now()) return undefined; // Expired
return data;
}
async getSessionDataKey<T>(
request: MinimumRequestObject,
key: string,
): Promise<T | undefined> {
const token = this.getSessionToken(request);
if (!token) return undefined;
const session = await this.sessionProvider.getSession(token);
if (!session) return undefined;
return session.data[key] as T;
}
async setSessionDataKey<T>(request: H3Event, key: string, value: T) {
const expiresAt = this.createExipreAt(true);
const token =
this.getSessionToken(request) ??
this.createSessionCookie(request, expiresAt);
const session = (await this.sessionProvider.getSession(token)) ?? {
expiresAt,
data: {},
};
console.log(session);
session.data[key] = value;
await this.sessionProvider.setSession(token, session);
return true;
}
async deleteSessionDataKey(request: MinimumRequestObject, key: string) {
const token = this.getSessionToken(request);
if (!token) return false;
const session = await this.sessionProvider.getSession(token);
if (!session) return false;
// eslint-disable-next-line @typescript-eslint/no-dynamic-delete
delete session.data[key];
await this.sessionProvider.setSession(token, session);
return true;
}
/**
* Signout session associated with request and deauthenticates it
* @param request
+9 -1
View File
@@ -1,5 +1,6 @@
export type Session = {
userId: string;
authenticated?: AuthenticatedSession;
expiresAt: Date;
data: {
// eslint-disable-next-line @typescript-eslint/no-explicit-any
@@ -7,6 +8,13 @@ export type Session = {
};
};
export interface AuthenticatedSession {
userId: string;
level: number;
requiredLevel: number;
superleveledExpiry: number | undefined;
}
export interface SessionProvider {
getSession: <T extends Session>(token: string) => Promise<T | undefined>;
setSession: (token: string, data: Session) => Promise<boolean>;