63ac2b8ffc
* feat: nginx + torrential basics & services system * fix: lint + i18n * fix: update torrential to remove openssl * feat: add torrential to Docker build * feat: move to self hosted runner * fix: move off self-hosted runner * fix: update nginx.conf * feat: torrential cache invalidation * fix: update torrential for cache invalidation * feat: integrity check task * fix: lint * feat: move to version ids * fix: client fixes and client-side checks * feat: new depot apis and version id fixes * feat: update torrential * feat: droplet bump and remove unsafe update functions * fix: lint * feat: v4 featureset: emulators, multi-launch commands * fix: lint * fix: mobile ui for game editor * feat: launch options * fix: lint * fix: remove axios, use $fetch * feat: metadata and task api improvements * feat: task actions * fix: slight styling issue * feat: fix style and lints * feat: totp backend routes * feat: oidc groups * fix: update drop-base * feat: creation of passkeys & totp * feat: totp signin * feat: webauthn mfa/signin * feat: launch selecting ui * fix: manually running tasks * feat: update add company game modal to use new SelectorGame * feat: executor selector * fix(docker): update rust to rust nightly for torrential build (#305) * feat: new version ui * feat: move package lookup to build time to allow for deno dev * fix: lint * feat: localisation cleanup * feat: apply localisation cleanup * feat: potential i18n refactor logic * feat: remove args from commands * fix: lint * fix: lockfile --------- Co-authored-by: Aden Lindsay <140392385+AdenMGB@users.noreply.github.com>
123 lines
3.1 KiB
TypeScript
123 lines
3.1 KiB
TypeScript
import { AuthMec } from "~/prisma/client/enums";
|
|
import type { JsonArray } from "@prisma/client/runtime/library";
|
|
import { type } from "arktype";
|
|
import prisma from "~/server/internal/db/database";
|
|
import sessionHandler from "~/server/internal/session";
|
|
import authManager, {
|
|
checkHashArgon2,
|
|
checkHashBcrypt,
|
|
} from "~/server/internal/auth";
|
|
import { logger } from "~/server/internal/logging";
|
|
|
|
const signinValidator = type({
|
|
username: "string",
|
|
password: "string",
|
|
"rememberMe?": "boolean | undefined",
|
|
});
|
|
|
|
export default defineEventHandler<{
|
|
body: typeof signinValidator.infer;
|
|
}>(async (h3) => {
|
|
const t = await useTranslation(h3);
|
|
|
|
if (!authManager.getAuthProviders().Simple)
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: t("errors.auth.method.signinDisabled"),
|
|
});
|
|
|
|
const body = signinValidator(await readBody(h3));
|
|
if (body instanceof type.errors) {
|
|
// hover out.summary to see validation errors
|
|
logger.error(body.summary);
|
|
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: body.summary,
|
|
});
|
|
}
|
|
|
|
const authMek = await prisma.linkedAuthMec.findFirst({
|
|
where: {
|
|
mec: AuthMec.Simple,
|
|
enabled: true,
|
|
user: {
|
|
username: body.username,
|
|
},
|
|
},
|
|
include: {
|
|
user: {
|
|
select: {
|
|
enabled: true,
|
|
},
|
|
},
|
|
},
|
|
});
|
|
|
|
if (!authMek)
|
|
throw createError({
|
|
statusCode: 401,
|
|
statusMessage: t("errors.auth.invalidUserOrPass"),
|
|
});
|
|
|
|
if (!authMek.user.enabled)
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: t("errors.auth.disabled"),
|
|
});
|
|
|
|
// LEGACY bcrypt
|
|
if (authMek.version == 1) {
|
|
const credentials = authMek.credentials as JsonArray | null;
|
|
const hash = credentials?.at(1)?.toString();
|
|
|
|
if (!hash)
|
|
throw createError({
|
|
statusCode: 500,
|
|
statusMessage: t("errors.auth.invalidPassState"),
|
|
});
|
|
|
|
if (!(await checkHashBcrypt(body.password, hash)))
|
|
throw createError({
|
|
statusCode: 401,
|
|
statusMessage: t("errors.auth.invalidUserOrPass"),
|
|
});
|
|
|
|
// TODO: send user to forgot password screen or something to force them to change their password to new system
|
|
const result = await sessionHandler.signin(
|
|
h3,
|
|
authMek.userId,
|
|
body.rememberMe,
|
|
);
|
|
if (result === "fail")
|
|
throw createError({
|
|
statusCode: 500,
|
|
message: "Failed to create session",
|
|
});
|
|
return { userId: authMek.userId, result };
|
|
}
|
|
|
|
// V2: argon2
|
|
const hash = authMek.credentials as string | undefined;
|
|
if (!hash || typeof hash !== "string")
|
|
throw createError({
|
|
statusCode: 500,
|
|
statusMessage: t("errors.auth.invalidPassState"),
|
|
});
|
|
|
|
if (!(await checkHashArgon2(body.password, hash)))
|
|
throw createError({
|
|
statusCode: 401,
|
|
statusMessage: t("errors.auth.invalidUserOrPass"),
|
|
});
|
|
|
|
const result = await sessionHandler.signin(
|
|
h3,
|
|
authMek.userId,
|
|
body.rememberMe,
|
|
);
|
|
if (result == "fail")
|
|
throw createError({ statusCode: 500, message: "Failed to create session" });
|
|
return { userId: authMek.userId, result };
|
|
});
|