diff options
Diffstat (limited to 'src/server/falx.rs')
-rw-r--r-- | src/server/falx.rs | 40 |
1 files changed, 30 insertions, 10 deletions
diff --git a/src/server/falx.rs b/src/server/falx.rs index 1efffdc..9783cef 100644 --- a/src/server/falx.rs +++ b/src/server/falx.rs @@ -1,3 +1,5 @@ +use std::time::SystemTime; + use axum::{ body::Body, extract::{Path, State}, @@ -22,7 +24,7 @@ async fn check_( Path((token, scope)): Path<(String, String)>, State(store): State<Store>, ) -> Response { - let Some(name) = store.check_token(&token).await else { + let Some((name, _)) = store.check_token(&token).await else { return StatusCode::UNAUTHORIZED.into_response(); }; let Some(account) = store.get_account(&name).await else { @@ -39,6 +41,7 @@ async fn check_( async fn handoff( jar: CookieJar, State(Handoffs(handoffs)): State<Handoffs>, + State(store): State<Store>, headers: HeaderMap, ) -> Response { let Some(origin_header) = headers.get("Origin") else { @@ -55,14 +58,31 @@ async fn handoff( if !handoffs.contains(&origin) { return (StatusCode::FORBIDDEN, "Origin not registered for handoff").into_response(); } - let Some(token) = jar.get("dissociate-token") else { - return (StatusCode::UNAUTHORIZED, "Authenticate cookie missing").into_response(); - }; - return Response::builder() - .status(StatusCode::OK) + + let builder = Response::builder() .header("Access-Control-Allow-Credentials", "true") - .header("Access-Control-Allow-Methods", "GET") - .header("Access-Control-Allow-Origin", origin_header) - .body(Body::from(token.value().to_string())) - .unwrap(); + .header("Access-Control-Allow-Origin", origin_header); + + if let Some(token) = jar.get("dissociate-token") { + if let Some((_, expires)) = store.check_token(token.value()).await { + let expires_in = expires + .duration_since(SystemTime::now()) + .unwrap_or_default() + .as_secs(); + + return builder + .status(StatusCode::OK) + .body(Body::from(format!( + r#"{{"token":"{}","expiresIn":{}}}"#, + token.value().to_string(), + expires_in, + ))) + .unwrap(); + } + } + + builder + .status(StatusCode::UNAUTHORIZED) + .body(Body::empty()) + .unwrap() } |