ugly-app 0.1.299 → 0.1.300
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/version.d.ts +1 -1
- package/dist/cli/version.js +1 -1
- package/dist/server/Auth.d.ts.map +1 -1
- package/dist/server/Auth.js +27 -8
- package/dist/server/Auth.js.map +1 -1
- package/package.json +1 -1
- package/src/cli/version.ts +1 -1
- package/src/server/Auth.ts +27 -7
package/dist/cli/version.d.ts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export declare const CLI_VERSION = "0.1.
|
|
1
|
+
export declare const CLI_VERSION = "0.1.300";
|
|
2
2
|
//# sourceMappingURL=version.d.ts.map
|
package/dist/cli/version.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Auth.d.ts","sourceRoot":"","sources":["../../src/server/Auth.ts"],"names":[],"mappings":"AACA,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAS3D,wBAAsB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,
|
|
1
|
+
{"version":3,"file":"Auth.d.ts","sourceRoot":"","sources":["../../src/server/Auth.ts"],"names":[],"mappings":"AACA,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAS3D,wBAAsB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CA6BhE;AAED,MAAM,WAAW,YAAY;IAG3B,MAAM,CACJ,IAAI,EAAE,MAAM,GACX,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAE/C,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;IAEhC,cAAc,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;CAC/C;AAED,eAAO,MAAM,mBAAmB,EAAE,YAyBjC,CAAC;AAGF,MAAM,MAAM,YAAY,GAAG,CACzB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,EACxC,EAAE,EAAE,OAAO,CAAC,GAAG,CAAC,KACb,OAAO,CAAC,IAAI,CAAC,CAAC;AAInB,eAAO,MAAM,cAAc,EAAE,UAAU,CAAC,GAAG,CAY1C,CAAC;AAIF,wBAAgB,gBAAgB,CAAC,QAAQ,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC;AAE1E,wBAAgB,gBAAgB,CAE9B,EAAE,EAAE,OAAO,CAAC,GAAG,CAAC,EAEhB,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,EAC3B,YAAY,EAAE,YAAY,EAC1B,QAAQ,CAAC,EAAE,YAAY,GACtB,OAAO,CAAC,MAAM,CAAC"}
|
package/dist/server/Auth.js
CHANGED
|
@@ -10,12 +10,18 @@ export async function verifyToken(token) {
|
|
|
10
10
|
// or for tests (TEST_JWT_SECRET set)
|
|
11
11
|
const jwtSecret = process.env['JWT_SECRET'] ?? process.env['TEST_JWT_SECRET'];
|
|
12
12
|
if (jwtSecret) {
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
13
|
+
try {
|
|
14
|
+
const { jwtVerify } = await import('jose');
|
|
15
|
+
const secret = new TextEncoder().encode(jwtSecret);
|
|
16
|
+
const { payload } = await jwtVerify(token, secret);
|
|
17
|
+
if (!payload.sub)
|
|
18
|
+
throw new AuthError('Invalid token');
|
|
19
|
+
return payload.sub;
|
|
20
|
+
}
|
|
21
|
+
catch {
|
|
22
|
+
// Local verification failed — token may have been signed by ugly.bot OAuth.
|
|
23
|
+
// Fall through to remote verification.
|
|
24
|
+
}
|
|
19
25
|
}
|
|
20
26
|
const verifyUrl = `${getUglyBotUrl()}/verify`;
|
|
21
27
|
const res = await fetch(verifyUrl, {
|
|
@@ -104,7 +110,20 @@ userHelper, onUserCreate, provider) {
|
|
|
104
110
|
if (!verifyResult.token) {
|
|
105
111
|
throw new Error('Auth provider did not return a token');
|
|
106
112
|
}
|
|
107
|
-
|
|
113
|
+
// If JWT_SECRET is set, re-sign the token locally so subsequent verifications
|
|
114
|
+
// don't require a remote round-trip (the OAuth token is signed by ugly.bot's key).
|
|
115
|
+
let cookieToken = verifyResult.token;
|
|
116
|
+
const jwtSecret = process.env['JWT_SECRET'];
|
|
117
|
+
if (jwtSecret) {
|
|
118
|
+
const { SignJWT } = await import('jose');
|
|
119
|
+
const secret = new TextEncoder().encode(jwtSecret);
|
|
120
|
+
cookieToken = await new SignJWT({ sub: verifyResult.userId })
|
|
121
|
+
.setProtectedHeader({ alg: 'HS256' })
|
|
122
|
+
.setIssuedAt()
|
|
123
|
+
.setExpirationTime('30d')
|
|
124
|
+
.sign(secret);
|
|
125
|
+
}
|
|
126
|
+
res.cookie('auth_token', cookieToken, {
|
|
108
127
|
httpOnly: true,
|
|
109
128
|
secure: process.env.NODE_ENV === 'production',
|
|
110
129
|
sameSite: 'lax',
|
|
@@ -112,7 +131,7 @@ userHelper, onUserCreate, provider) {
|
|
|
112
131
|
path: '/',
|
|
113
132
|
});
|
|
114
133
|
console.log('[Auth] Login success, setting cookie');
|
|
115
|
-
res.json({ token:
|
|
134
|
+
res.json({ token: cookieToken });
|
|
116
135
|
}
|
|
117
136
|
catch (err) {
|
|
118
137
|
console.error('[Auth] OAuth verify failed', err);
|
package/dist/server/Auth.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Auth.js","sourceRoot":"","sources":["../../src/server/Auth.ts"],"names":[],"mappings":"AACA,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAExC,oDAAoD;AACpD,MAAM,sBAAsB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAEjD,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,KAAa;IAC7C,8EAA8E;IAC9E,qCAAqC;IACrC,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAC9E,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"Auth.js","sourceRoot":"","sources":["../../src/server/Auth.ts"],"names":[],"mappings":"AACA,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAExC,oDAAoD;AACpD,MAAM,sBAAsB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAEjD,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,KAAa;IAC7C,8EAA8E;IAC9E,qCAAqC;IACrC,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAC9E,IAAI,SAAS,EAAE,CAAC;QACd,IAAI,CAAC;YACH,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACnD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YACnD,IAAI,CAAC,OAAO,CAAC,GAAG;gBAAE,MAAM,IAAI,SAAS,CAAC,eAAe,CAAC,CAAC;YACvD,OAAO,OAAO,CAAC,GAAG,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,4EAA4E;YAC5E,uCAAuC;QACzC,CAAC;IACH,CAAC;IAED,MAAM,SAAS,GAAG,GAAG,aAAa,EAAE,SAAS,CAAC;IAC9C,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;QACjC,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE;KAC9C,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAC9C,OAAO,CAAC,KAAK,CAAC,gCAAgC,GAAG,CAAC,MAAM,IAAI,IAAI,QAAQ,SAAS,EAAE,CAAC,CAAC;QACrF,MAAM,IAAI,SAAS,CAAC,eAAe,CAAC,CAAC;IACvC,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAwB,CAAC;IACvD,IAAI,CAAC,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,SAAS,CAAC,eAAe,CAAC,CAAC;IACvD,OAAO,IAAI,CAAC,MAAM,CAAC;AACrB,CAAC;AAcD,MAAM,CAAC,MAAM,mBAAmB,GAAiB;IAC/C,OAAO,EAAE,CAAC,MAAc,EAAE,EAAE,CAC1B,GAAG,aAAa,EAAE,iBAAiB,kBAAkB,CAAC,MAAM,CAAC,EAAE;IACjE,MAAM,EAAE,KAAK,EAAE,IAAY,EAAE,EAAE;QAC7B,MAAM,SAAS,GAAG,GAAG,aAAa,EAAE,sBAAsB,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;QACrF,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,SAAS,CAAC,CAAC;QACjD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,CAAC;QACxC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACnD,OAAO,CAAC,KAAK,CAAC,qCAAqC,EAAE;gBACnD,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,GAAG,EAAE,SAAS;gBACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;aAC7B,CAAC,CAAC;YACH,MAAM,IAAI,KAAK,CAAC,wCAAwC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7E,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAGlC,CAAC;QACF,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,OAAO;YACpB,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC;IACJ,CAAC;CACF,CAAC;AASF,uFAAuF;AACvF,8DAA8D;AAC9D,MAAM,CAAC,MAAM,cAAc,GAAoB;IAC7C,4DAA4D;IAC5D,GAAG,EAAE,KAAK,IAAI,EAAE,CAAC,IAAI;IACrB,4DAA4D;IAC5D,GAAG,EAAE,KAAK,IAAI,EAAE,CAAC,KAAK;IACtB,4DAA4D;IAC5D,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;QAC9B,EAAE,EAAE,MAAM;QACV,OAAO,EAAE,CAAC;QACV,OAAO,EAAE,IAAI,IAAI,EAAE;QACnB,OAAO,EAAE,IAAI,IAAI,EAAE;KACpB,CAAC;CACH,CAAC;AACF,MAAM,gBAAgB,GAAiB,KAAK,IAAI,EAAE,GAAE,CAAC,CAAC;AAatD,MAAM,UAAU,gBAAgB;AAC9B,8DAA8D;AAC9D,YAA0C;AAC1C,8DAA8D;AAC9D,UAA4B,EAC5B,YAA2B,EAC3B,QAAuB;IAEvB,gFAAgF;IAChF,8DAA8D;IAC9D,IAAI,EAAgB,CAAC;IACrB,IAAI,gBAA8B,CAAC;IACnC,8DAA8D;IAC9D,MAAM,cAAc,GAAG,CAAC,CAAU,EAAqB,EAAE,CACvD,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI,IAAI,QAAQ,IAAI,CAAC,IAAI,SAAS,IAAI,CAAC,CAAC;IAEzE,IAAI,YAAY,KAAK,SAAS,IAAI,cAAc,CAAC,YAAY,CAAC,EAAE,CAAC;QAC/D,EAAE,GAAG,aAAa,CAAC,YAAY,CAAC,CAAC;QACjC,gBAAgB,GAAG,YAAY,IAAI,mBAAmB,CAAC;IACzD,CAAC;SAAM,CAAC;QACN,EAAE,GAAG,YAAY,CAAC;QAClB,gBAAgB,GAAG,QAAQ,IAAI,mBAAmB,CAAC;IACrD,CAAC;IACD,MAAM,kBAAkB,GAAG,UAAU,IAAI,cAAc,CAAC;IACxD,MAAM,oBAAoB,GAAG,YAAY,IAAI,gBAAgB,CAAC;IAE9D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,+FAA+F;IAC/F,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QAChE,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,IAAyB,CAAC;YAC/C,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;gBAChD,OAAO;YACT,CAAC;YACD,MAAM,YAAY,GAAG,MAAM,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACzD,OAAO,CAAC,GAAG,CAAC,+BAA+B,EAAE,YAAY,CAAC,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;YACrG,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;gBACxB,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;YAC1D,CAAC;YAED,8EAA8E;YAC9E,mFAAmF;YACnF,IAAI,WAAW,GAAG,YAAY,CAAC,KAAK,CAAC;YACrC,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YAC5C,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;gBACzC,MAAM,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBACnD,WAAW,GAAG,MAAM,IAAI,OAAO,CAAC,EAAE,GAAG,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC;qBAC1D,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;qBACpC,WAAW,EAAE;qBACb,iBAAiB,CAAC,KAAK,CAAC;qBACxB,IAAI,CAAC,MAAM,CAAC,CAAC;YAClB,CAAC;YAED,GAAG,CAAC,MAAM,CAAC,YAAY,EAAE,WAAW,EAAE;gBACpC,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;gBAC7C,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,sBAAsB,GAAG,IAAI;gBACrC,IAAI,EAAE,GAAG;aACV,CAAC,CAAC;YACH,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;YACpD,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,GAAG,CAAC,CAAC;YACjD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,uEAAuE;IACvE,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QAC9D,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,EAAE,UAAgC,CAAC;QAC5D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC;YAC9C,OAAO;QACT,CAAC;QACD,IAAI,CAAC;YACH,yCAAyC;YACzC,MAAM,WAAW,CAAC,KAAK,CAAC,CAAC;YACzB,kCAAkC;YAClC,GAAG,CAAC,MAAM,CAAC,YAAY,EAAE,KAAK,EAAE;gBAC9B,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;gBAC7C,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,sBAAsB,GAAG,IAAI;gBACrC,IAAI,EAAE,GAAG;aACV,CAAC,CAAC;YACH,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QACtB,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;YAC9B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;QACrD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,6CAA6C;IAC7C,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,IAAa,EAAE,GAAa,EAAE,EAAE;QAC3D,GAAG,CAAC,WAAW,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;QAC7C,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,6DAA6D;IAC7D,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;QACtD,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAuB,CAAC;QACzD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;YAClD,OAAO;QACT,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,gBAAgB,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,wCAAwC;IACxC,IAAI,gBAAgB,CAAC,cAAc,EAAE,CAAC;QACpC,gBAAgB,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
package/package.json
CHANGED
package/src/cli/version.ts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
1
|
// Auto-generated by prebuild — do not edit manually
|
|
2
|
-
export const CLI_VERSION = "0.1.
|
|
2
|
+
export const CLI_VERSION = "0.1.300";
|
package/src/server/Auth.ts
CHANGED
|
@@ -14,11 +14,16 @@ export async function verifyToken(token: string): Promise<string> {
|
|
|
14
14
|
// or for tests (TEST_JWT_SECRET set)
|
|
15
15
|
const jwtSecret = process.env['JWT_SECRET'] ?? process.env['TEST_JWT_SECRET'];
|
|
16
16
|
if (jwtSecret) {
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
17
|
+
try {
|
|
18
|
+
const { jwtVerify } = await import('jose');
|
|
19
|
+
const secret = new TextEncoder().encode(jwtSecret);
|
|
20
|
+
const { payload } = await jwtVerify(token, secret);
|
|
21
|
+
if (!payload.sub) throw new AuthError('Invalid token');
|
|
22
|
+
return payload.sub;
|
|
23
|
+
} catch {
|
|
24
|
+
// Local verification failed — token may have been signed by ugly.bot OAuth.
|
|
25
|
+
// Fall through to remote verification.
|
|
26
|
+
}
|
|
22
27
|
}
|
|
23
28
|
|
|
24
29
|
const verifyUrl = `${getUglyBotUrl()}/verify`;
|
|
@@ -150,7 +155,22 @@ export function createAuthRoutes(
|
|
|
150
155
|
if (!verifyResult.token) {
|
|
151
156
|
throw new Error('Auth provider did not return a token');
|
|
152
157
|
}
|
|
153
|
-
|
|
158
|
+
|
|
159
|
+
// If JWT_SECRET is set, re-sign the token locally so subsequent verifications
|
|
160
|
+
// don't require a remote round-trip (the OAuth token is signed by ugly.bot's key).
|
|
161
|
+
let cookieToken = verifyResult.token;
|
|
162
|
+
const jwtSecret = process.env['JWT_SECRET'];
|
|
163
|
+
if (jwtSecret) {
|
|
164
|
+
const { SignJWT } = await import('jose');
|
|
165
|
+
const secret = new TextEncoder().encode(jwtSecret);
|
|
166
|
+
cookieToken = await new SignJWT({ sub: verifyResult.userId })
|
|
167
|
+
.setProtectedHeader({ alg: 'HS256' })
|
|
168
|
+
.setIssuedAt()
|
|
169
|
+
.setExpirationTime('30d')
|
|
170
|
+
.sign(secret);
|
|
171
|
+
}
|
|
172
|
+
|
|
173
|
+
res.cookie('auth_token', cookieToken, {
|
|
154
174
|
httpOnly: true,
|
|
155
175
|
secure: process.env.NODE_ENV === 'production',
|
|
156
176
|
sameSite: 'lax',
|
|
@@ -158,7 +178,7 @@ export function createAuthRoutes(
|
|
|
158
178
|
path: '/',
|
|
159
179
|
});
|
|
160
180
|
console.log('[Auth] Login success, setting cookie');
|
|
161
|
-
res.json({ token:
|
|
181
|
+
res.json({ token: cookieToken });
|
|
162
182
|
} catch (err) {
|
|
163
183
|
console.error('[Auth] OAuth verify failed', err);
|
|
164
184
|
res.status(401).json({ error: 'Authentication failed' });
|