move login logic around

tetrahedral-tech · Dec 19, 2023 · ab3885b · ab3885b
1 parent 7518f7c
commit ab3885b
Show file tree

Hide file tree

Showing 6 changed files with 99 additions and 96 deletions.
diff --git a/src/lib/identity.server.js b/src/lib/identity.server.js
diff --git a/src/routes/dashboard/Sidebar.svelte b/src/routes/dashboard/Sidebar.svelte
@@ -29,11 +29,11 @@
 		bg-section-200 overflow-hidden transition-all duration-1000`}
 		style="transition-timing-function: cubic-bezier(0.83, 0.0, 0.17, 1.0)"
 	>
-		<h1 class="text-2xl mb-3">Add a bot</h1>
+		<h1 class="mb-3 text-2xl">Add a bot</h1>
 		<form method="post" class="flex flex-col gap-2" use:enhance>
 			<input class="hidden" type="text" name="id" placeholder="ID" />
 			<input type="number" name="strengthToUSD" placeholder="1.0 Strength -> USD" />
-			<Dropdown placeholder="Algorithm" class="w-full" contents={["rsi"]}/>
+			<Dropdown placeholder="Algorithm" class="w-full" contents={['rsi']} />
 			{#if $user.admin}
 				<input type="text" name="privateKey" placeholder="Private Key Override" />
 			{/if}
@@ -74,7 +74,8 @@
 						<span class="hidden lg:inline">Net Worth:</span>
 						{balance} USD
 					</p>
-					{#if privateKey} <!-- uncommented so that eslint doesn't get mad at me //nk-->
+					{#if privateKey}
+						<!-- uncommented so that eslint doesn't get mad at me //nk-->
 						<!-- ill find a way to incorporate this better later //nk-->
 						<!-- <p class="private truncate">{privateKey}</p> -->
 					{/if}

diff --git a/src/routes/identity/+page.server.js b/src/routes/identity/+page.server.js
@@ -1,56 +1,15 @@
-import { error, redirect } from '@sveltejs/kit';
+import jwt from 'jsonwebtoken';
+import { error } from '@sveltejs/kit';
+import { Issuer } from 'openid-client';
+
 import {
 	GOOGLE_OAUTH_CLIENT_ID,
 	GOOGLE_OAUTH_CLIENT_SECRET,
 	DISCORD_OAUTH_CLIENT_ID,
 	DISCORD_OAUTH_CLIENT_SECRET,
-	CODE_VERIFIER_SECRET,
 	JWT_SECRET
 } from '$env/static/private';
-import jwt from 'jsonwebtoken';
-import { Issuer, generators } from 'openid-client';
-import { randomBytes, createCipheriv } from 'crypto';
-import { handleSignin } from '$lib/identity.server.js';
-
-const cookieOptions = {
-	path: '/identity/',
-	maxAge: 2.5 * 60,
-	httpOnly: true,
-	session: true,
-	secure: false // @TODO change this to true later
-};
-
-const handleOAuth = ({ cookies, client, scope, resource, verifierType = 'state' }) => {
-	let verifier;
-	if (verifierType === 'code_challenge') {
-		// Encrypt code verifier and store it
-		const codeVerifier = generators.codeVerifier();
-		const iv = randomBytes(16);
-		const cipher = createCipheriv('aes-256-cbc', Buffer.from(CODE_VERIFIER_SECRET, 'hex'), iv);
-		let encrypted = cipher.update(codeVerifier);
-		encrypted = Buffer.concat([encrypted, cipher.final()]);
-		cookies.set(
-			'code_verifier',
-			`${iv.toString('hex')}:${encrypted.toString('hex')}`,
-			cookieOptions
-		);
-
-		verifier = generators.codeChallenge(codeVerifier);
-	} else {
-		verifier = randomBytes(8).toString('hex');
-		cookies.set('state', verifier, cookieOptions);
-	}
-
-	const authorizationUrl = client.authorizationUrl({
-		scope,
-		resource,
-		...(verifierType === 'code_challenge'
-			? { code_challenge: verifier, code_challenge_method: 'S256' }
-			: { state: verifier })
-	});
-
-	throw redirect(302, authorizationUrl);
-};
+import { handleSignin, handleOAuth } from './signin.js';
 
 export const actions = {
 	force: async ({ cookies, request }) => {

diff --git a/src/routes/identity/discord/+server.js b/src/routes/identity/discord/+server.js
@@ -1,8 +1,8 @@
 import { error } from '@sveltejs/kit';
-import { handleSignin } from '$lib/identity.server.js';
-import { DISCORD_OAUTH_CLIENT_ID, DISCORD_OAUTH_CLIENT_SECRET } from '$env/static/private';
 import { Issuer } from 'openid-client';
+import { DISCORD_OAUTH_CLIENT_ID, DISCORD_OAUTH_CLIENT_SECRET } from '$env/static/private';
 import { log } from '$lib/logging.server.js';
+import { handleSignin } from '../signin';
 
 const callback = 'http://localhost:5173/identity/discord/';
 

diff --git a/src/routes/identity/google/+server.js b/src/routes/identity/google/+server.js
@@ -1,13 +1,13 @@
 import { error } from '@sveltejs/kit';
-import { handleSignin } from '$lib/identity.server.js';
+import { Issuer } from 'openid-client';
+import { createDecipheriv } from 'crypto';
 import {
 	GOOGLE_OAUTH_CLIENT_ID,
 	GOOGLE_OAUTH_CLIENT_SECRET,
 	CODE_VERIFIER_SECRET
 } from '$env/static/private';
-import { Issuer } from 'openid-client';
-import { createDecipheriv } from 'crypto';
 import { log } from '$lib/logging.server.js';
+import { handleSignin } from '../signin';
 
 const callback = 'http://localhost:5173/identity/google/';
 

diff --git a/src/routes/identity/signin.js b/src/routes/identity/signin.js
@@ -0,0 +1,85 @@
+import jwt from 'jsonwebtoken';
+
+import { error, redirect } from '@sveltejs/kit';
+import { generators } from 'openid-client';
+import { randomBytes, createCipheriv } from 'crypto';
+
+import { CODE_VERIFIER_SECRET, JWT_SECRET } from '$env/static/private';
+import { Identity, User } from '$lib/models.server.js';
+
+const cookieOptions = {
+	path: '/identity/',
+	maxAge: 2.5 * 60,
+	httpOnly: true,
+	session: true,
+	secure: false // @TODO change this to true later
+};
+
+export const handleSignin = async (cookies, data) => {
+	let user = await User.findOne({ identity: data.id });
+
+	if (!user)
+		if (data.force) throw error(400, 'Bad Request');
+		else {
+			const identity = new Identity(data);
+
+			await identity.save();
+
+			user = new User({
+				admin: false,
+				identity: identity._id
+			});
+
+			await user.save();
+		}
+
+	user = await user.populate('identity');
+
+	const expiryDate = 60 * 60 * 24 * 15; // 15 days
+
+	const token = jwt.sign(user.toJSON(), JWT_SECRET, {
+		algorithm: 'HS256',
+		expiresIn: expiryDate
+	});
+
+	cookies.set('token', token, {
+		path: '/',
+		maxAge: expiryDate,
+		httpOnly: true,
+		secure: false // @TODO set this to true
+	});
+
+	throw redirect(303, '/dashboard');
+};
+
+export const handleOAuth = ({ cookies, client, scope, resource, verifierType = 'state' }) => {
+	let verifier;
+	if (verifierType === 'code_challenge') {
+		// Encrypt code verifier and store it
+		const codeVerifier = generators.codeVerifier();
+		const iv = randomBytes(16);
+		const cipher = createCipheriv('aes-256-cbc', Buffer.from(CODE_VERIFIER_SECRET, 'hex'), iv);
+		let encrypted = cipher.update(codeVerifier);
+		encrypted = Buffer.concat([encrypted, cipher.final()]);
+		cookies.set(
+			'code_verifier',
+			`${iv.toString('hex')}:${encrypted.toString('hex')}`,
+			cookieOptions
+		);
+
+		verifier = generators.codeChallenge(codeVerifier);
+	} else {
+		verifier = randomBytes(8).toString('hex');
+		cookies.set('state', verifier, cookieOptions);
+	}
+
+	const authorizationUrl = client.authorizationUrl({
+		scope,
+		resource,
+		...(verifierType === 'code_challenge'
+			? { code_challenge: verifier, code_challenge_method: 'S256' }
+			: { state: verifier })
+	});
+
+	throw redirect(302, authorizationUrl);
+};