CaZzzer/vpgen
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: CaZzzer:feature/ci
Branches Tags
CaZzzer:develop CaZzzer:feature/wg-quick CaZzzer:feature/invite CaZzzer:feature/auth CaZzzer:feature/auth-1 CaZzzer:feature/ci CaZzzer:feature/api CaZzzer:feature/provider-interface-1 CaZzzer:feature/provider-interface CaZzzer:feature/logging CaZzzer:feature/qrcode CaZzzer:feature/trailing-slashes CaZzzer:feature/opnsense CaZzzer:master
..
compare: CaZzzer:43007296388169454230406b92c41980f05dbf84
Branches Tags
CaZzzer:feature/wg-quick CaZzzer:develop CaZzzer:feature/invite CaZzzer:feature/auth CaZzzer:feature/auth-1 CaZzzer:feature/ci CaZzzer:feature/api CaZzzer:feature/provider-interface-1 CaZzzer:feature/provider-interface CaZzzer:feature/logging CaZzzer:feature/qrcode CaZzzer:feature/trailing-slashes CaZzzer:feature/opnsense CaZzzer:master

2 Commits
feature/ci ... 4300729638

Author SHA1 Message Date
Yuri Tatishchev
4300729638 ci: add woodpecker ci for container image builds
All checks were successful
ci/woodpecker/push/build-image Pipeline was successful
Details
2025-04-23 18:43:54 -07:00
Yuri Tatishchev
73ef39770e fix docker builds 2025-04-23 18:42:47 -07:00
8 changed files with 88 additions and 82 deletions
Expand all files Collapse all files

2
.woodpecker/build-image.yml
View File

@@ -6,7 +6,7 @@ steps:
settings:
registry: gitea.cazzzer.com
repo: ${CI_REPO,,}
# replace invalid characters in branch name
# replace '/' in branch name
tags: ${CI_COMMIT_BRANCH/\//-}
cache: true
username:

13
README.md
View File

@@ -18,7 +18,7 @@ and [wg-quick](https://www.wireguard.com/quickstart/) for standalone setups.
## Development
Development uses bun.
An additional prepare step is needed to set up typia for type validation.
An additional prepare step is needed to set up typia for type validation.
For example .env settings, see [.env.example](.env.example)
@@ -27,14 +27,3 @@ bun install
bun run prepare
bun run dev
```
## To Do
- [ ] Proper invite page
- [ ] Proper error page for login without invite
- [ ] Support file provider (for wg-quick)
- [ ] Fix accessibility issues (lighthouse)
- [ ] Add title to profile page (lighthouse)
- [ ] wg-quick scripts (maybe?)
- [ ] Get rid of api routes (maybe?)
- [ ] Get rid of custom result types (maybe?)

32
src/lib/components/app/auth-form/auth-form.svelte
View File

@@ -4,21 +4,21 @@
import { cn } from '$lib/utils.js';
import googleIcon from '$lib/assets/google.svg';
let { inviteToken, class: className, ...rest }: {
inviteToken?: string;
class?: string;
rest?: { [p: string]: unknown }
} = $props();
let { inviteToken, class: className, ...rest }: { inviteToken?: string; class?: string; rest?: { [p: string]: unknown } } = $props();
let submitted = $state(false);
let isLoading = $state(false);
</script>
<div class={cn('flex gap-6', className)} {...rest}>
<form method="get" onsubmit={() => submitted = true}
action="/auth/authentik{inviteToken ? `?invite=${inviteToken}` : ''}">
<form method="get" action="/auth/authentik{inviteToken ? `?invite=${inviteToken}` : ''}">
<input type="hidden" value={inviteToken} name="invite" />
<Button type="submit" disabled={submitted}>
{#if submitted}
<Button
type="submit"
onclick={() => {
isLoading = true;
}}
>
{#if isLoading}
<LucideLoaderCircle class="mr-2 h-4 w-4 animate-spin" />
{:else}
<img
@@ -30,11 +30,15 @@
Sign in with Authentik
</Button>
</form>
<form method="get" onsubmit={() => submitted = true}
action="/auth/google{inviteToken ? `?invite=${inviteToken}` : ''}">
<form method="get" action="/auth/google">
<input type="hidden" value={inviteToken} name="invite" />
<Button type="submit" disabled={submitted}>
{#if submitted}
<Button
type="submit"
onclick={() => {
isLoading = true;
}}
>
{#if isLoading}
<LucideLoaderCircle class="mr-2 h-4 w-4 animate-spin" />
{:else}
<img

21
src/lib/server/auth.ts
View File

@@ -3,7 +3,7 @@ import { sha256 } from '@oslojs/crypto/sha2';
import { encodeBase32LowerCaseNoPadding, encodeHexLowerCase } from '@oslojs/encoding';
import { db } from '$lib/server/db';
import * as table from '$lib/server/db/schema';
import type { Cookies } from '@sveltejs/kit';
import type { RequestEvent } from '@sveltejs/kit';
import { dev } from '$app/environment';
import { env } from '$env/dynamic/private';
@@ -22,14 +22,14 @@ export async function createSession(userId: string): Promise<table.Session> {
const session: table.Session = {
id: sessionId,
userId,
expiresAt: new Date(Date.now() + DAY_IN_MS * 30),
expiresAt: new Date(Date.now() + DAY_IN_MS * 30)
};
await db.insert(table.sessions).values(session);
return session;
}
export function setSessionTokenCookie(cookies: Cookies, sessionId: string, expiresAt: Date) {
cookies.set(sessionCookieName, sessionId, {
export function setSessionTokenCookie(event: RequestEvent, sessionId: string, expiresAt: Date) {
event.cookies.set(sessionCookieName, sessionId, {
path: '/',
sameSite: 'lax',
httpOnly: true,
@@ -42,21 +42,16 @@ export async function invalidateSession(sessionId: string): Promise<void> {
await db.delete(table.sessions).where(eq(table.sessions.id, sessionId));
}
export function deleteSessionTokenCookie(cookies: Cookies) {
cookies.delete(sessionCookieName, { path: '/' });
export function deleteSessionTokenCookie(event: RequestEvent) {
event.cookies.delete(sessionCookieName, { path: '/' });
}
export async function validateSession(sessionId: string) {
const [result] = await db
.select({
// Adjust user table here to tweak returned data
user: {
id: table.users.id,
authSource: table.users.authSource,
username: table.users.username,
name: table.users.name,
},
session: table.sessions,
user: { id: table.users.id, authSource: table.users.authSource, username: table.users.username, name: table.users.name },
session: table.sessions
})
.from(table.sessions)
.innerJoin(table.users, eq(table.sessions.userId, table.users.id))

18
src/routes/auth/+page.server.ts
View File

@@ -1,14 +1,14 @@
import { fail, redirect } from '@sveltejs/kit';
import { invalidateSession, deleteSessionTokenCookie } from '$lib/server/auth';
import type { Actions } from './$types';
import { fail, redirect } from "@sveltejs/kit";
import { invalidateSession, deleteSessionTokenCookie } from "$lib/server/auth";
import type { Actions } from "./$types";
export const actions: Actions = {
logout: async ({ locals, cookies }) => {
if (locals.session === null) {
logout: async (event) => {
if (event.locals.session === null) {
return fail(401);
}
await invalidateSession(locals.session.id);
deleteSessionTokenCookie(cookies);
redirect(302, '/');
},
await invalidateSession(event.locals.session.id);
deleteSessionTokenCookie(event);
return redirect(302, "/");
}
};

4
src/routes/auth/authentik/callback/+server.ts
View File

@@ -48,7 +48,7 @@ export async function GET(event: RequestEvent): Promise<Response> {
if (existingUser) {
const session = await createSession(existingUser.id);
setSessionTokenCookie(event.cookies, session.id, session.expiresAt);
setSessionTokenCookie(event, session.id, session.expiresAt);
return new Response(null, {
status: 302,
headers: {
@@ -67,7 +67,7 @@ export async function GET(event: RequestEvent): Promise<Response> {
try {
await db.insert(table.users).values(user);
const session = await createSession(user.id);
setSessionTokenCookie(event.cookies, session.id, session.expiresAt);
setSessionTokenCookie(event, session.id, session.expiresAt);
} catch (e) {
console.error('failed to create user', e);
return new Response(null, {

8
src/routes/auth/google/+server.ts
View File

@@ -8,7 +8,7 @@ export const GET: RequestHandler = ({ url, cookies }) => {
const state = generateState();
const codeVerifier = generateCodeVerifier();
const scopes = ['openid', 'profile', 'email'];
const authUrl = google.createAuthorizationURL(state + inviteToken, codeVerifier, scopes);
const authUrl = google.createAuthorizationURL(state, codeVerifier, scopes);
cookies.set('google_oauth_state', state, {
path: '/',
@@ -22,6 +22,12 @@ export const GET: RequestHandler = ({ url, cookies }) => {
maxAge: 60 * 10, // 10 minutes
sameSite: 'lax',
});
if (inviteToken !== null) cookies.set('invite_token', inviteToken, {
path: '/',
httpOnly: true,
maxAge: 60 * 10, // 10 minutes
sameSite: 'lax',
});
return new Response(null, {
status: 302,

72
src/routes/auth/google/callback/+page.server.ts → src/routes/auth/google/callback/+server.ts
View File

@@ -1,30 +1,25 @@
import { createSession, isValidInviteToken, setSessionTokenCookie } from '$lib/server/auth';
import { db } from '$lib/server/db';
import * as table from '$lib/server/db/schema';
import { google } from '$lib/server/oauth';
import { error, redirect } from '@sveltejs/kit';
import type { OAuth2Tokens } from 'arctic';
import type { RequestHandler } from './$types';
import * as arctic from 'arctic';
import { google } from '$lib/server/oauth';
import { db } from '$lib/server/db';
import { eq } from 'drizzle-orm';
import * as table from '$lib/server/db/schema';
import { createSession, isValidInviteToken, setSessionTokenCookie } from '$lib/server/auth';
import type { OAuth2Tokens } from 'arctic';
import { assertGuard } from 'typia';
import type { PageServerLoad } from './$types';
export const load: PageServerLoad = async (event) => {
export const GET: RequestHandler = async (event) => {
const { url, cookies } = event;
const code = url.searchParams.get('code');
const state = url.searchParams.get('state');
const storedState = cookies.get('google_oauth_state') ?? null;
const codeVerifier = cookies.get('google_code_verifier') ?? null;
const codeVerifier = cookies.get('google_code_verifier', ) ?? null;
const inviteToken = cookies.get('invite_token') ?? null;
if (code === null || state === null || storedState === null || codeVerifier === null) {
error(400, 'Missing url parameters');
}
const stateGeneratedToken = state.slice(0, storedState.length);
const stateInviteToken = state.slice(storedState.length);
if (stateGeneratedToken !== storedState) {
error(400, 'Invalid state in url');
return new Response(null, {
status: 400,
});
}
let tokens: OAuth2Tokens;
@@ -33,14 +28,20 @@ export const load: PageServerLoad = async (event) => {
} catch (e) {
if (e instanceof arctic.OAuth2RequestError) {
console.debug('Arctic: OAuth: invalid authorization code, credentials, or redirect URI', e);
throw error(400, 'Invalid authorization code');
return new Response(null, {
status: 400,
});
}
if (e instanceof arctic.ArcticFetchError) {
console.debug('Arctic: failed to call `fetch()`', e);
error(400, 'Failed to validate authorization code');
return new Response(null, {
status: 400,
});
}
console.error('Unxepcted error validating authorization code', code, e);
error(500);
return new Response(null, {
status: 500,
});
}
const idToken = tokens.idToken();
@@ -59,14 +60,20 @@ export const load: PageServerLoad = async (event) => {
if (existingUser) {
const session = await createSession(existingUser.id);
setSessionTokenCookie(cookies, session.id, session.expiresAt);
redirect(302, '/');
setSessionTokenCookie(event, session.id, session.expiresAt);
return new Response(null, {
status: 302,
headers: {
Location: '/',
},
});
}
if (!isValidInviteToken(stateInviteToken)) {
const message =
stateInviteToken.length === 0 ? 'sign up with an invite link first' : 'invalid invite link';
error(403, 'Not Authorized: ' + message);
// TODO: proper error page
if (inviteToken === null || !isValidInviteToken(inviteToken)) {
return new Response(null, {
status: 400,
});
}
const user: table.User = {
@@ -78,11 +85,16 @@ export const load: PageServerLoad = async (event) => {
// TODO: proper error handling, delete cookies
await db.insert(table.users).values(user);
console.log('created user', user, 'with invite token', stateInviteToken);
console.log('created user', user, 'with invite token', inviteToken);
const session = await createSession(user.id);
setSessionTokenCookie(cookies, session.id, session.expiresAt);
setSessionTokenCookie(event, session.id, session.expiresAt);
redirect(302, '/');
return new Response(null, {
status: 302,
headers: {
Location: '/',
},
});
};