Code-based authorization for Drop clients (#145)

* feat: code-based authorization

* fix: final touches

* fix: require session on code fetch endpoint

* feat: better error handling

* refactor: move auth send to client handler

* fix: lint

server/api/v1/client/auth/code/index.get.ts

@@ -0,0 +1,21 @@
+import clientHandler from "~/server/internal/clients/handler";
+import sessionHandler from "~/server/internal/session";
+
+export default defineEventHandler(async (h3) => {
+  const user = await sessionHandler.getSession(h3);
+  if (!user) throw createError({ statusCode: 403 });
+
+  const query = getQuery(h3);
+  const code = query.code?.toString()?.toUpperCase();
+  if (!code)
+    throw createError({
+      statusCode: 400,
+      statusMessage: "Code required in query params.",
+    });
+
+  const clientId = await clientHandler.fetchClientIdByCode(code);
+  if (!clientId)
+    throw createError({ statusCode: 400, statusMessage: "Invalid code." });
+
+  return clientId;
+});

server/api/v1/client/auth/code/index.post.ts

@@ -0,0 +1,35 @@
+import clientHandler from "~/server/internal/clients/handler";
+import sessionHandler from "~/server/internal/session";
+
+export default defineEventHandler(async (h3) => {
+  const user = await sessionHandler.getSession(h3);
+  if (!user) throw createError({ statusCode: 403 });
+
+  const body = await readBody(h3);
+  const clientId = await body.id;
+
+  const client = await clientHandler.fetchClient(clientId);
+  if (!client)
+    throw createError({
+      statusCode: 400,
+      statusMessage: "Invalid or expired client ID.",
+    });
+
+  if (client.userId != user.userId)
+    throw createError({
+      statusCode: 403,
+      statusMessage: "Not allowed to authorize this client.",
+    });
+
+  if (!client.peer)
+    throw createError({
+      statusCode: 500,
+      statusMessage: "No client listening for authorization.",
+    });
+
+  const token = await clientHandler.generateAuthToken(clientId);
+
+  await clientHandler.sendAuthToken(clientId, token);
+
+  return;
+});

server/api/v1/client/auth/code/ws.get.ts

@@ -0,0 +1,25 @@
+import type { FetchError } from "ofetch";
+import clientHandler from "~/server/internal/clients/handler";
+
+export default defineWebSocketHandler({
+  async open(peer) {
+    try {
+      const h3 = { headers: peer.request?.headers ?? new Headers() };
+      const code = h3.headers.get("Authorization");
+      if (!code)
+        throw createError({
+          statusCode: 400,
+          statusMessage: "Code required in Authorization header.",
+        });
+      await clientHandler.connectCodeListener(code, peer);
+    } catch (e) {
+      peer.send(
+        JSON.stringify({
+          type: "error",
+          value: (e as FetchError)?.statusMessage,
+        }),
+      );
+      peer.close();
+    }
+  },
+});