From b31d77983cbcc74e626f464586ca498a6cfb40b8 Mon Sep 17 00:00:00 2001
From: creations <creations@creations.works>
Date: Thu, 22 May 2025 17:52:20 -0400
Subject: [PATCH] add session fix cors, add session

---
 config/index.ts            |  2 ++
 src/routes/auth/session.ts | 38 ++++++++++++++++++++++++++++++++++++++
 src/server.ts              | 29 +++++++++++++++++++++++++++++
 types/config.d.ts          |  1 +
 4 files changed, 70 insertions(+)
 create mode 100644 src/routes/auth/session.ts

diff --git a/config/index.ts b/config/index.ts
index bdd2845..ad67386 100644
--- a/config/index.ts
+++ b/config/index.ts
@@ -8,6 +8,8 @@ const environment: Environment = {
 	development:
 		process.env.NODE_ENV === "development" || process.argv.includes("--dev"),
 	fqdn: normalizeFqdn(process.env.FQDN) || "http://localhost:8080",
+	frontendUrl:
+		normalizeFqdn(process.env.FRONTEND_URL) || "http://localhost:8080",
 };
 
 const dataType: { type: string; path: string | undefined } = {
diff --git a/src/routes/auth/session.ts b/src/routes/auth/session.ts
new file mode 100644
index 0000000..a087358
--- /dev/null
+++ b/src/routes/auth/session.ts
@@ -0,0 +1,38 @@
+const routeDef: RouteDef = {
+	method: "GET",
+	accepts: "*/*",
+	returns: "application/json",
+};
+
+async function handler(request: ExtendedRequest): Promise<Response> {
+	if (!request.session) {
+		return Response.json(
+			{
+				success: false,
+				code: 403,
+				error: "Not logged in",
+			},
+			{ status: 403 },
+		);
+	}
+
+	const { session } = request;
+
+	if ((session as ApiUserSession).is_api === true) {
+		return Response.json(
+			{
+				success: false,
+				code: 403,
+				error: "You cannot use this endpoint with an authorization token",
+			},
+			{ status: 403 },
+		);
+	}
+
+	return Response.json({
+		success: true,
+		session,
+	});
+}
+
+export { routeDef, handler };
diff --git a/src/server.ts b/src/server.ts
index e9d7c15..6a381cf 100644
--- a/src/server.ts
+++ b/src/server.ts
@@ -116,6 +116,19 @@ class ServerHandler {
 		request: Request,
 		server: BunServer,
 	): Promise<Response> {
+		if (request.method === "OPTIONS") {
+			return new Response(null, {
+				status: 204,
+				headers: {
+					"Access-Control-Allow-Origin": environment.frontendUrl,
+					"Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+					"Access-Control-Allow-Credentials": "true",
+					"Access-Control-Allow-Headers":
+						request.headers.get("Access-Control-Request-Headers") || "*",
+				},
+			});
+		}
+
 		const extendedRequest: ExtendedRequest = request as ExtendedRequest;
 		extendedRequest.startPerf = performance.now();
 
@@ -258,6 +271,22 @@ class ServerHandler {
 			);
 		}
 
+		if (response?.headers) {
+			response.headers.set(
+				"Access-Control-Allow-Origin",
+				environment.frontendUrl,
+			);
+			response.headers.set(
+				"Access-Control-Allow-Methods",
+				"GET, POST, PUT, DELETE, OPTIONS",
+			);
+			response.headers.set("Access-Control-Allow-Credentials", "true");
+			response.headers.set(
+				"Access-Control-Allow-Headers",
+				request.headers.get("Access-Control-Request-Headers") || "Content-Type",
+			);
+		}
+
 		return response;
 	}
 }
diff --git a/types/config.d.ts b/types/config.d.ts
index 2d0f7dd..e65c147 100644
--- a/types/config.d.ts
+++ b/types/config.d.ts
@@ -3,6 +3,7 @@ type Environment = {
 	host: string;
 	development: boolean;
 	fqdn: string;
+	frontendUrl: string;
 };
 
 type UserValidation = {