From cb74c3346428d5e352b66d1f7982f77e0e8b8621 Mon Sep 17 00:00:00 2001 From: mia Date: Tue, 23 Apr 2024 19:50:24 -0700 Subject: add expires data to token handoff --- src/server/falx.rs | 40 ++++++++++++++++++++++++++++++---------- src/server/mod.rs | 2 +- src/server/store.rs | 4 ++-- 3 files changed, 33 insertions(+), 13 deletions(-) (limited to 'src/server') diff --git a/src/server/falx.rs b/src/server/falx.rs index 1efffdc..9783cef 100644 --- a/src/server/falx.rs +++ b/src/server/falx.rs @@ -1,3 +1,5 @@ +use std::time::SystemTime; + use axum::{ body::Body, extract::{Path, State}, @@ -22,7 +24,7 @@ async fn check_( Path((token, scope)): Path<(String, String)>, State(store): State, ) -> Response { - let Some(name) = store.check_token(&token).await else { + let Some((name, _)) = store.check_token(&token).await else { return StatusCode::UNAUTHORIZED.into_response(); }; let Some(account) = store.get_account(&name).await else { @@ -39,6 +41,7 @@ async fn check_( async fn handoff( jar: CookieJar, State(Handoffs(handoffs)): State, + State(store): State, headers: HeaderMap, ) -> Response { let Some(origin_header) = headers.get("Origin") else { @@ -55,14 +58,31 @@ async fn handoff( if !handoffs.contains(&origin) { return (StatusCode::FORBIDDEN, "Origin not registered for handoff").into_response(); } - let Some(token) = jar.get("dissociate-token") else { - return (StatusCode::UNAUTHORIZED, "Authenticate cookie missing").into_response(); - }; - return Response::builder() - .status(StatusCode::OK) + + let builder = Response::builder() .header("Access-Control-Allow-Credentials", "true") - .header("Access-Control-Allow-Methods", "GET") - .header("Access-Control-Allow-Origin", origin_header) - .body(Body::from(token.value().to_string())) - .unwrap(); + .header("Access-Control-Allow-Origin", origin_header); + + if let Some(token) = jar.get("dissociate-token") { + if let Some((_, expires)) = store.check_token(token.value()).await { + let expires_in = expires + .duration_since(SystemTime::now()) + .unwrap_or_default() + .as_secs(); + + return builder + .status(StatusCode::OK) + .body(Body::from(format!( + r#"{{"token":"{}","expiresIn":{}}}"#, + token.value().to_string(), + expires_in, + ))) + .unwrap(); + } + } + + builder + .status(StatusCode::UNAUTHORIZED) + .body(Body::empty()) + .unwrap() } diff --git a/src/server/mod.rs b/src/server/mod.rs index 81dc519..a583f85 100644 --- a/src/server/mod.rs +++ b/src/server/mod.rs @@ -161,6 +161,6 @@ impl Nevermind for Option { async fn account_auth(jar: &CookieJar, store: &Store) -> Option { let cookie = jar.get("dissociate-token")?; let token = cookie.value(); - let name = store.check_token(token).await?; + let (name, _) = store.check_token(token).await?; Some(name) } diff --git a/src/server/store.rs b/src/server/store.rs index 98c1bcc..0911090 100644 --- a/src/server/store.rs +++ b/src/server/store.rs @@ -166,7 +166,7 @@ impl Store { } } - pub async fn check_token(&self, token: &str) -> Option { + pub async fn check_token(&self, token: &str) -> Option<(String, SystemTime)> { let guard = self.0.read().await; let Some((name, expires)) = guard.token_map.get(token) else { return None; @@ -174,7 +174,7 @@ impl Store { if *expires < SystemTime::now() { return None; } - Some(name.clone()) + Some((name.clone(), expires.clone())) } pub async fn create_invite(&self) -> std::io::Result { -- cgit 1.4.1