import { getCookies } from 'jsr:@std/http/cookie'; import { SESSIONS } from '../models/session.ts'; import { verifyTotp } from 'jsr:@stdext/crypto/totp'; import { USERS } from '../models/user.ts'; import { PERMISSIONS_STORE } from '../models/user_permissions.ts'; import { CANNED_RESPONSES } from './canned_responses.ts'; export type PRECHECK = (req: Request, meta: Record) => Promise | Response | undefined; export type PRECHECK_TABLE = Record; export const SESSION_ID_TOKEN: string = Deno.env.get('SESSION_ID_TOKEN') ?? 'session_id'; export const SESSION_SECRET_TOKEN: string = Deno.env.get('SESSION_SECRET_TOKEN') ?? 'session_secret'; export const TOTP_TOKEN: string = Deno.env.get('TOTP_TOKEN') ?? 'totp'; export async function get_session(request: Request, meta: Record): Promise { meta.now = meta.now ?? Date.now(); meta.cookies = meta.cookies ?? getCookies(request.headers); meta.session_id = request.headers.get(`x-${SESSION_ID_TOKEN}`) ?? meta.cookies[SESSION_ID_TOKEN] ?? ''; meta.session = meta.session_id?.length ? await SESSIONS.get(meta.session_id) : null; meta.valid_session = !!meta.session && meta.now < new Date(meta.session.timestamps.expires).valueOf(); meta.request_totp = request.headers.get(`x-${TOTP_TOKEN}`) ?? meta.cookies[TOTP_TOKEN] ?? ''; meta.valid_totp = meta.valid_session && meta.session && meta.request_totp ? await verifyTotp(meta.request_totp, meta.session.secret) : false; } export async function get_user(request: Request, meta: Record): Promise { meta.now = meta.now ?? Date.now(); meta.cookies = meta.cookies ?? getCookies(request.headers); meta.user = meta.valid_totp && meta.session ? await USERS.get(meta.session.user_id) : null; meta.user_permissions = meta.valid_totp && meta.session ? await PERMISSIONS_STORE.get(meta.session.user_id) : null; } export function require_user( _request: Request, meta: Record ): undefined | Response { if (!meta.user) { return CANNED_RESPONSES.permission_denied(); } }