🗝
summary refs log tree commit diff
path: root/src/server/falx.rs
diff options
context:
space:
mode:
Diffstat (limited to 'src/server/falx.rs')
-rw-r--r--src/server/falx.rs40
1 files changed, 30 insertions, 10 deletions
diff --git a/src/server/falx.rs b/src/server/falx.rs
index 1efffdc..9783cef 100644
--- a/src/server/falx.rs
+++ b/src/server/falx.rs
@@ -1,3 +1,5 @@
+use std::time::SystemTime;
+
 use axum::{
     body::Body,
     extract::{Path, State},
@@ -22,7 +24,7 @@ async fn check_(
     Path((token, scope)): Path<(String, String)>,
     State(store): State<Store>,
 ) -> Response {
-    let Some(name) = store.check_token(&token).await else {
+    let Some((name, _)) = store.check_token(&token).await else {
         return StatusCode::UNAUTHORIZED.into_response();
     };
     let Some(account) = store.get_account(&name).await else {
@@ -39,6 +41,7 @@ async fn check_(
 async fn handoff(
     jar: CookieJar,
     State(Handoffs(handoffs)): State<Handoffs>,
+    State(store): State<Store>,
     headers: HeaderMap,
 ) -> Response {
     let Some(origin_header) = headers.get("Origin") else {
@@ -55,14 +58,31 @@ async fn handoff(
     if !handoffs.contains(&origin) {
         return (StatusCode::FORBIDDEN, "Origin not registered for handoff").into_response();
     }
-    let Some(token) = jar.get("dissociate-token") else {
-        return (StatusCode::UNAUTHORIZED, "Authenticate cookie missing").into_response();
-    };
-    return Response::builder()
-        .status(StatusCode::OK)
+
+    let builder = Response::builder()
         .header("Access-Control-Allow-Credentials", "true")
-        .header("Access-Control-Allow-Methods", "GET")
-        .header("Access-Control-Allow-Origin", origin_header)
-        .body(Body::from(token.value().to_string()))
-        .unwrap();
+        .header("Access-Control-Allow-Origin", origin_header);
+
+    if let Some(token) = jar.get("dissociate-token") {
+        if let Some((_, expires)) = store.check_token(token.value()).await {
+            let expires_in = expires
+                .duration_since(SystemTime::now())
+                .unwrap_or_default()
+                .as_secs();
+
+            return builder
+                .status(StatusCode::OK)
+                .body(Body::from(format!(
+                    r#"{{"token":"{}","expiresIn":{}}}"#,
+                    token.value().to_string(),
+                    expires_in,
+                )))
+                .unwrap();
+        }
+    }
+
+    builder
+        .status(StatusCode::UNAUTHORIZED)
+        .body(Body::empty())
+        .unwrap()
 }