From b31d77983cbcc74e626f464586ca498a6cfb40b8 Mon Sep 17 00:00:00 2001 From: creations Date: Thu, 22 May 2025 17:52:20 -0400 Subject: [PATCH] add session fix cors, add session --- config/index.ts | 2 ++ src/routes/auth/session.ts | 38 ++++++++++++++++++++++++++++++++++++++ src/server.ts | 29 +++++++++++++++++++++++++++++ types/config.d.ts | 1 + 4 files changed, 70 insertions(+) create mode 100644 src/routes/auth/session.ts diff --git a/config/index.ts b/config/index.ts index bdd2845..ad67386 100644 --- a/config/index.ts +++ b/config/index.ts @@ -8,6 +8,8 @@ const environment: Environment = { development: process.env.NODE_ENV === "development" || process.argv.includes("--dev"), fqdn: normalizeFqdn(process.env.FQDN) || "http://localhost:8080", + frontendUrl: + normalizeFqdn(process.env.FRONTEND_URL) || "http://localhost:8080", }; const dataType: { type: string; path: string | undefined } = { diff --git a/src/routes/auth/session.ts b/src/routes/auth/session.ts new file mode 100644 index 0000000..a087358 --- /dev/null +++ b/src/routes/auth/session.ts @@ -0,0 +1,38 @@ +const routeDef: RouteDef = { + method: "GET", + accepts: "*/*", + returns: "application/json", +}; + +async function handler(request: ExtendedRequest): Promise { + if (!request.session) { + return Response.json( + { + success: false, + code: 403, + error: "Not logged in", + }, + { status: 403 }, + ); + } + + const { session } = request; + + if ((session as ApiUserSession).is_api === true) { + return Response.json( + { + success: false, + code: 403, + error: "You cannot use this endpoint with an authorization token", + }, + { status: 403 }, + ); + } + + return Response.json({ + success: true, + session, + }); +} + +export { routeDef, handler }; diff --git a/src/server.ts b/src/server.ts index e9d7c15..6a381cf 100644 --- a/src/server.ts +++ b/src/server.ts @@ -116,6 +116,19 @@ class ServerHandler { request: Request, server: BunServer, ): Promise { + if (request.method === "OPTIONS") { + return new Response(null, { + status: 204, + headers: { + "Access-Control-Allow-Origin": environment.frontendUrl, + "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS", + "Access-Control-Allow-Credentials": "true", + "Access-Control-Allow-Headers": + request.headers.get("Access-Control-Request-Headers") || "*", + }, + }); + } + const extendedRequest: ExtendedRequest = request as ExtendedRequest; extendedRequest.startPerf = performance.now(); @@ -258,6 +271,22 @@ class ServerHandler { ); } + if (response?.headers) { + response.headers.set( + "Access-Control-Allow-Origin", + environment.frontendUrl, + ); + response.headers.set( + "Access-Control-Allow-Methods", + "GET, POST, PUT, DELETE, OPTIONS", + ); + response.headers.set("Access-Control-Allow-Credentials", "true"); + response.headers.set( + "Access-Control-Allow-Headers", + request.headers.get("Access-Control-Request-Headers") || "Content-Type", + ); + } + return response; } } diff --git a/types/config.d.ts b/types/config.d.ts index 2d0f7dd..e65c147 100644 --- a/types/config.d.ts +++ b/types/config.d.ts @@ -3,6 +3,7 @@ type Environment = { host: string; development: boolean; fqdn: string; + frontendUrl: string; }; type UserValidation = {