Replace legacy checkBodyType with Zod

Start matchmaking integration Start rooms API Move existing room scene locations to roomtypes file Auth checkExpired util for client refreshing
2025-03-25 21:54:08 -04:00
parent de3d653446
commit 463e3ef71b
14 changed files with 287 additions and 110 deletions
--- a/src/routes/user.ts
+++ b/src/routes/user.ts
@@ -1,10 +1,12 @@
 import { APIUtils, getSrcIpDefault, NoBody } from "../apiutils.ts";
 // @ts-types = "npm:@types/express"
 import express from "express";
-import { User } from "../data/users.ts";
+import { User, UserTokenFormat } from "../data/users.ts";
 import { Config } from "../config.ts";
 import crypto from "node:crypto";
 import Logging from "@proxnet/undead-logging";
+import { decode } from "@gz/jwt";
+import z from "zod";

 const log = new Logging("UserRoute");

@@ -25,22 +27,27 @@ interface AuthRequestRoot {
    pubkey: string;
 }

+const AuthRequestSecSchema = z.object({
+    timestamp: z.number(),
+    nonce: z.string(),
+    server_id: z.string(),
+});
+
+const AuthRequestRootSchema = z.object({
+    client_id: z.string(),
+    message: AuthRequestSecSchema,
+    signature: z.string(),
+    pubkey: z.string(),
+});
+
 const rateLimit = new APIUtils.RateLimiter(60, 1);

-route.router.post(
-    "/auth",
+route.router.post("/auth",
+
    rateLimit.middle(),
    express.json(),
-    APIUtils.checkBodyTypes<AuthRequestRoot>({
-        client_id: "asdf",
-        message: {
-            timestamp: 0,
-            nonce: "asdf",
-            server_id: "asdf",
-        },
-        signature: "asdf",
-        pubkey: "asdf",
-    }),
+    APIUtils.validateRequestBody(AuthRequestRootSchema),
+
    async (
        rq: express.Request<NoBody, NoBody, AuthRequestRoot>,
        rs: express.Response,
@@ -101,6 +108,7 @@ route.router.post(
                pubkey: rq.body.pubkey,
            });
            if (obj == null) {
+                log.w(`Obj null`);
                rs.sendStatus(500);
                return;
            } else user = obj;
@@ -118,3 +126,22 @@ route.router.post(
        rs.json({ token: token });
    },
 );
+
+const checkRateLimit = new APIUtils.RateLimiter(10, 3);
+
+route.router.get('/checkExpired', checkRateLimit.middle(), async (rq, rs) => {
+
+    const token = rq.header('GalvanicAuth');
+    if (!token) {
+        rs.json(true);
+        return;
+    }
+
+    try {
+        const decodedToken = await decode<UserTokenFormat>(token, config.auth.secret, { algorithm: "HS512", leeway: 31536000 }); // 1 year leeway
+        rs.json(decodedToken.exp < Math.round(Date.now() / 1000));
+    } catch {
+        rs.json(true);
+    }
+
+});