UNPKG

@paroicms/server

Version:

The ParoiCMS server

gitlab.com/paroi/opensource/paroicms

47 lines 1.67 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
import { parseSqliteDateTime } from "@paroicms/internal-server-lib"; import { ApiError } from "@paroicms/public-server-lib"; import { type } from "arktype"; import { hashToken, updateLastUsedAt } from "./pat.service.js"; const PatAuthRowAT = type({ id: "number", accountId: "number", email: "string", active: "number", expiresAt: "string|number|Date|null", accountActive: "number", "+": "reject", }).pipe((r) => ({ id: String(r.id), accountId: String(r.accountId), email: r.email, active: Boolean(r.active), expiresAt: parseSqliteDateTime(r.expiresAt), accountActive: Boolean(r.accountActive), })); export async function authenticateWithPat(cn, token) { const tokenHash = hashToken(token); const row = await cn("PaPersonalAccessToken as p") .select("p.id", "p.accountId", "p.active", "p.expiresAt", "a.email", cn.raw("a.active as accountActive")) .innerJoin("PaAccount as a", "a.id", "p.accountId") .where("p.tokenHash", tokenHash) .first(); if (!row) { throw new ApiError("Invalid or expired token", 401); } const validated = PatAuthRowAT.assert(row); if (!validated.active) { throw new ApiError("Token is inactive", 401); } if (!validated.accountActive) { throw new ApiError("Account is inactive", 401); } if (validated.expiresAt && validated.expiresAt < new Date()) { throw new ApiError("Token has expired", 401); } await updateLastUsedAt(cn, tokenHash, new Date()); return { accountId: validated.accountId, email: validated.email, }; } //# sourceMappingURL=pat-auth.helper.js.map