server for auth, more goodies

2026-04-19 00:54:39 +07:00 · 2026-04-19 00:54:39 +07:00 · 7cebe39a14
commit 7cebe39a14
parent f83bce8e2b
7 changed files with 80 additions and 24 deletions
--- a/server/auth.ts
+++ b/server/auth.ts
@ -4,6 +4,7 @@ import {
  generateAuthenticationOptions,
  verifyAuthenticationResponse,
 } from "@simplewebauthn/server";
+import { runtimeConfig, resolveOrigin, resolveRpId } from "./config";
 import { isoBase64URL } from "@simplewebauthn/server/helpers";
 import type {
  RegistrationResponseJSON,
@ -37,16 +38,6 @@ setInterval(() => {
  }
 }, 60_000);

-function getRpId(req: Request): string {
-  const url = new URL(req.url);
-  return url.hostname;
-}
-
-function getOrigin(req: Request): string {
-  const url = new URL(req.url);
-  return url.origin;
-}
-
 function getCookie(req: Request, name: string): string | undefined {
  const cookies = req.headers.get("cookie");
  if (!cookies) return undefined;
@ -55,11 +46,11 @@ function getCookie(req: Request, name: string): string | undefined {
 }

 function sessionCookie(token: string, maxAge = 7 * 24 * 60 * 60): string {
-  return `session=${token}; HttpOnly; SameSite=Strict; Path=/; Max-Age=${maxAge}`;
+  return `session=${token}; HttpOnly; SameSite=Strict; Path=/; Max-Age=${maxAge}${runtimeConfig.sessionCookieSecure ? "; Secure" : ""}`;
 }

 function challengeCookie(key: string): string {
-  return `challenge_key=${key}; HttpOnly; SameSite=Strict; Path=/; Max-Age=120`;
+  return `challenge_key=${key}; HttpOnly; SameSite=Strict; Path=/; Max-Age=120${runtimeConfig.sessionCookieSecure ? "; Secure" : ""}`;
 }

 function clearChallengeCookie(): string {
@ -86,7 +77,7 @@ export async function registerOptions(req: Request): Promise<Response> {
  // Create user
  const user = await createUser(username);

-  const rpID = getRpId(req);
+  const rpID = resolveRpId(req);
  const options = await generateRegistrationOptions({
    rpName: RP_NAME,
    rpID,
@ -131,8 +122,8 @@ export async function registerVerify(req: Request): Promise<Response> {
  }
  challenges.delete(challengeKey);

-  const rpID = getRpId(req);
-  const origin = getOrigin(req);
+  const rpID = resolveRpId(req);
+  const origin = resolveOrigin(req);

  let verification;
  try {
@ -178,7 +169,7 @@ export async function registerVerify(req: Request): Promise<Response> {
 }

 export async function loginOptions(req: Request): Promise<Response> {
-  const rpID = getRpId(req);
+  const rpID = resolveRpId(req);

  const options = await generateAuthenticationOptions({
    rpID,
@ -221,8 +212,8 @@ export async function loginVerify(req: Request): Promise<Response> {
    return Response.json({ error: "Unknown credential" }, { status: 400 });
  }

-  const rpID = getRpId(req);
-  const origin = getOrigin(req);
+  const rpID = resolveRpId(req);
+  const origin = resolveOrigin(req);

  let verification;
  try {
--- a/server/config.ts
+++ b/server/config.ts
@ -0,0 +1,53 @@
+const DEFAULT_PORT = 5174
+const DEFAULT_SQLITE_PATH = './leo-typing.db'
+
+function parsePort(value: string | undefined): number {
+  if (!value) return DEFAULT_PORT
+
+  const port = Number.parseInt(value, 10)
+  if (Number.isNaN(port) || port < 1 || port > 65535) {
+    throw new Error(`Invalid PORT value: ${value}`)
+  }
+
+  return port
+}
+
+function parseBoolean(value: string | undefined, fallback: boolean): boolean {
+  if (!value) return fallback
+
+  switch (value.toLowerCase()) {
+    case '1':
+    case 'true':
+    case 'yes':
+    case 'on':
+      return true
+    case '0':
+    case 'false':
+    case 'no':
+    case 'off':
+      return false
+    default:
+      throw new Error(`Invalid boolean value: ${value}`)
+  }
+}
+
+const appOrigin = process.env.APP_ORIGIN ? new URL(process.env.APP_ORIGIN) : null
+
+export const runtimeConfig = {
+  host: process.env.HOST || '127.0.0.1',
+  port: parsePort(process.env.PORT),
+  sqlitePath: process.env.SQLITE_PATH || DEFAULT_SQLITE_PATH,
+  appOrigin,
+  sessionCookieSecure: parseBoolean(
+    process.env.SESSION_COOKIE_SECURE,
+    appOrigin?.protocol === 'https:',
+  ),
+}
+
+export function resolveOrigin(req: Request): string {
+  return runtimeConfig.appOrigin?.origin || new URL(req.url).origin
+}
+
+export function resolveRpId(req: Request): string {
+  return runtimeConfig.appOrigin?.hostname || new URL(req.url).hostname
+}
--- a/server/db.ts
+++ b/server/db.ts
@ -1,8 +1,9 @@
 import { SQL } from "bun"
+import { runtimeConfig } from "./config"

 const db = new SQL({
  adapter: "sqlite",
-  filename: "./leo-typing.db",
+  filename: runtimeConfig.sqlitePath,
  create: true,
  strict: true,
 })