spwmini-shitless/dist/middleware.mjs

Shitless SPWorlds Miniapp creation toolkit

// src/middleware.ts
import { createHash, createHmac } from "crypto";
var JSON_HEADER = { "content-type": "application/json" };
var validate = (token, options) => (req, res) => {
  const checkPostMethod = !options || options.checkPostMethod !== false;
  if (checkPostMethod && req.method !== "POST") {
    res.writeHead(405).end("Method is not allowed");
    return;
  }
  let data = "";
  req.on("data", (chunk) => data += String(chunk));
  req.on("end", () => {
    if (!data)
      return res.writeHead(400, JSON_HEADER).end(JSON.stringify({ error: "No user provided" }));
    try {
      const user = JSON.parse(data);
      const isUserValid = checkUser(user, token);
      return res.writeHead(200).end(isUserValid ? "1" : "0");
    } catch (error) {
      if (error instanceof Error)
        res.writeHead(500, JSON_HEADER).end(JSON.stringify({ error: error.message }));
      else res.writeHead(500, JSON_HEADER).end(JSON.stringify({ error: String(error) }));
      console.error(error);
    }
  });
};
var checkUser = ({ hash, ...user }, token) => {
  const checkString = Object.keys(user).sort().filter((key) => user[key] && key !== "hash").map((key) => `${key}=${user[key]}`).join("\n");
  const secret = createHash("sha256").update(token).digest();
  const hmac = createHmac("sha256", secret).update(checkString).digest("hex");
  return hmac === hash;
};
export {
  checkUser,
  validate
};