WorkshopTasker/server/middleware/auth.ts

46 lines
1.2 KiB
TypeScript

import { defineEventHandler, getCookie } from "h3";
import { createError } from "#imports";
import { database, type data } from "~/server/utils/database";
const endpointsWithoutAuth: string[] = [
"/dbtest",
"/echo",
"/hi",
"/login",
"/logout",
"/firstRun",
];
export default defineEventHandler(async (e) => {
const endpoint = e.path?.match(/^\/api(\/.*)/)?.[1];
// if client does not access api
if (!endpoint) return;
for (const i of endpointsWithoutAuth)
// if accessed endpoint doesn't require auth
if (endpoint.startsWith(i)) return;
const token = getCookie(e, "token");
if (!await isAuthorised(token))
throw createError({ statusCode: 401, message: "Unauthorized" });
});
/**
* Checks if the token is authorised
* @param token the token to ckeck
*/
export async function isAuthorised(token: string | undefined): Promise<boolean> {
if (!token) return false;
try {
const [[session]] = await database.query(
"SELECT EXISTS(SELECT `id` FROM `sessions` WHERE `id` = ? AND `expiry_date` >= NOW()) as `logged_in`",
[token],
) as unknown as data<{logged_in: number}>;
return session.logged_in === 1;
} catch {
return false;
}
}