From 4c3f4d719f5e1b03134a088e6b9d80cdbb28a16f Mon Sep 17 00:00:00 2001 From: cirroskais Date: Fri, 2 Aug 2024 10:34:38 -0400 Subject: [PATCH] basic sharex stuff, api key auth --- src/hooks.server.js | 62 +++++++++++-------- src/lib/components/Forms/LoginForm.svelte | 2 +- src/lib/components/Forms/RegisterForm.svelte | 2 +- src/lib/components/Inputs/FormInput.svelte | 12 ++-- src/lib/server/database.ts | 25 ++++++++ src/lib/server/{ratelimit.js => ratelimit.ts} | 2 +- src/routes/(app)/documentation/+page.svelte | 38 ++++++++++++ 7 files changed, 107 insertions(+), 36 deletions(-) rename src/lib/server/{ratelimit.js => ratelimit.ts} (94%) diff --git a/src/hooks.server.js b/src/hooks.server.js index fbb3424..c879a79 100644 --- a/src/hooks.server.js +++ b/src/hooks.server.js @@ -1,40 +1,48 @@ -import { error, redirect } from '@sveltejs/kit'; -import { getSession } from '$lib/server/database'; +import { redirect } from '@sveltejs/kit'; +import { getSession, getUserApiKey } from '$lib/server/database'; import { COOKIE } from '$lib/config'; -const PUBLIC_RESOURCES = [ - '/', - '/api', - '/api/auth/register', - '/api/auth/login', - '/terms', - '/privacy' -]; - -/** @type {import('@sveltejs/kit').Handle} */ export async function handle({ event, resolve }) { - const { cookies, locals } = event; - const session = await getSession(cookies.get(COOKIE) || ''); + const { cookies, locals, request } = event; - if (session && session.user) { - locals.user = { - id: session.user.id, - username: session.user.username, - email: session.user.email, - maxUploadMB: session.user.maxUploadMB, - role: session.user.role - }; - } else { - if (event.route.id) { - if (event.route.id.includes('(app)')) return redirect(303, '/'); + let cookie = cookies.get(COOKIE); + let bearer = request.headers.get('Authorization'); + if (bearer) bearer = bearer.replace('Bearer ', ''); + + if (cookie) { + const session = await getSession(cookie); + if (session && session.user) { + locals.user = { + id: session.user.id, + username: session.user.username, + email: session.user.email, + maxUploadMB: session.user.maxUploadMB, + role: session.user.role + }; } } + if (bearer && !locals.user) { + const apiKey = await getUserApiKey(bearer); + if (apiKey && apiKey.user) { + locals.user = { + id: apiKey.user.id, + username: apiKey.user.username, + email: apiKey.user.email, + maxUploadMB: apiKey.user.maxUploadMB, + role: apiKey.user.role + }; + } + } + + if (!locals.user && event.route.id) { + if (event.route.id.includes('(app)')) return redirect(303, '/'); + } + return await resolve(event); } -/** @type {import('@sveltejs/kit').HandleServerError} */ -export async function handleError({ error, event, status, message }) { +export async function handleError({ error, status, message }) { console.log(error); return { diff --git a/src/lib/components/Forms/LoginForm.svelte b/src/lib/components/Forms/LoginForm.svelte index 7c7c268..e5126f4 100644 --- a/src/lib/components/Forms/LoginForm.svelte +++ b/src/lib/components/Forms/LoginForm.svelte @@ -60,7 +60,7 @@ type={'email'} name={'email'} id={'email'} - placeholder={'user@example.com'} + placeholder={'john@doefamily.com'} bind:value={email} required={true} > diff --git a/src/lib/components/Forms/RegisterForm.svelte b/src/lib/components/Forms/RegisterForm.svelte index 2359c4f..3807c3c 100644 --- a/src/lib/components/Forms/RegisterForm.svelte +++ b/src/lib/components/Forms/RegisterForm.svelte @@ -80,7 +80,7 @@ type={'email'} name={'email'} id={'email'} - placeholder={'user@example.com'} + placeholder={'jane@doefamily.com'} bind:value={email} required={true} > diff --git a/src/lib/components/Inputs/FormInput.svelte b/src/lib/components/Inputs/FormInput.svelte index e99a294..f5bbed5 100644 --- a/src/lib/components/Inputs/FormInput.svelte +++ b/src/lib/components/Inputs/FormInput.svelte @@ -11,8 +11,8 @@ --> {#if type === 'username'} -
-
+
+
{:else if type === 'email'} -
-
+
+
{:else if type === 'password'} -
-
+
+
+ import { page } from '$app/stores'; + import Button from '$lib/components/Inputs/Button.svelte'; + import { API_KEY_PERMISSIONS } from '$lib/config'; + import { get } from 'svelte/store'; + + let awesome = ''; + + async function click() { + const response = await fetch('/api/v1/keys'); + const body = (await response.json()) as { id: string; permissions: number }[]; + + const key = body.find((key) => key.permissions & API_KEY_PERMISSIONS.CREATE_UPLOADS); + if (!key) return (awesome = 'What the fuck did i tell you'); + + awesome = `{ + "Version": "14.0.0", + "Name": "cirros file uploader", + "DestinationType": "ImageUploader, FileUploader", + "RequestMethod": "POST", + "RequestURL": "${get(page).url.origin}/api/v1/upload", + "Headers": { + "Authorization": "Bearer ${key.id}", + }, + "Body": "MultipartFormData", + "FileFormName": "file", + "URL": "${get(page).url.origin}{response}", +}`; + } + + +

I'll make real documentation later but for now have this ShareX button

+

+ MAKE SURE TO HAVE A VALID API KEY WITH THE CREATE_UPLOADS PERMISSION ( 1 << 0 ) +

+ + +{awesome}