6b9b04d1d0
- Change token format to reviq_<base58> prefix instead of raw hex - Add me.authStatus API endpoint for detailed auth information - Enhance CLI `reviq auth status` to show token details from API - Add comprehensive tests for token generation (18 tests) - Extract bootstrap logic to @reviq/db for reusability and testing - Remove default db export; callers must use createDb() directly Token changes: - New format: reviq_<base58-encoded-32-bytes> - Added parseToken() for validation - Added isValidTokenFormat() helper Auth status endpoint returns: - User profile information - Auth method (api_token or session) - Token/session details (name, expiration, last used) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
104 lines
2.2 KiB
TypeScript
104 lines
2.2 KiB
TypeScript
/**
|
|
* API context types for oRPC handlers
|
|
*/
|
|
|
|
import type { Database } from "@reviq/db-schema";
|
|
import type { Kysely } from "kysely";
|
|
|
|
/**
|
|
* Base API context available to all handlers
|
|
*/
|
|
export interface APIContext {
|
|
/** Database client */
|
|
db: Kysely<Database>;
|
|
/** Request origin (e.g., "http://localhost:6827") */
|
|
origin: string;
|
|
/** Allowed WebAuthn origins */
|
|
allowedOrigins: string[];
|
|
/** Relying party name for WebAuthn */
|
|
rpName: string;
|
|
/** Request headers (for reading cookies, auth headers) */
|
|
reqHeaders: Headers;
|
|
/** Response headers (for setting cookies) */
|
|
resHeaders: Headers;
|
|
}
|
|
|
|
/**
|
|
* User information from the session
|
|
*/
|
|
export interface SessionUser {
|
|
id: number;
|
|
email: string;
|
|
displayName: string | null;
|
|
emailVerifiedAt: Date | null;
|
|
isSuperuser: boolean;
|
|
}
|
|
|
|
/**
|
|
* Session information
|
|
*/
|
|
export interface Session {
|
|
/** Session ID (stored as bigint in DB, returned as string) */
|
|
id: string;
|
|
trustedMode: boolean;
|
|
createdAt: Date;
|
|
}
|
|
|
|
/**
|
|
* API token authentication info
|
|
*/
|
|
export interface ApiTokenAuth {
|
|
method: "api_token";
|
|
tokenId: string;
|
|
tokenName: string;
|
|
expiresAt: Date;
|
|
lastUsedAt: Date | null;
|
|
createdAt: Date;
|
|
}
|
|
|
|
/**
|
|
* Session authentication info
|
|
*/
|
|
export interface SessionAuth {
|
|
method: "session";
|
|
sessionId: string;
|
|
expiresAt: Date;
|
|
createdAt: Date;
|
|
}
|
|
|
|
/**
|
|
* Union type for authentication method info
|
|
*/
|
|
export type AuthInfo = ApiTokenAuth | SessionAuth;
|
|
|
|
/**
|
|
* Authenticated API context for protected handlers
|
|
*/
|
|
export interface AuthenticatedContext extends APIContext {
|
|
/** Current user from session */
|
|
user: SessionUser;
|
|
/** Current session */
|
|
session: Session;
|
|
/** Authentication method and details */
|
|
auth: AuthInfo;
|
|
}
|
|
|
|
/**
|
|
* Login request context (used during login flow)
|
|
*/
|
|
export interface LoginRequestContext extends APIContext {
|
|
/** Login request ID from cookie */
|
|
loginRequestId: number;
|
|
/** User associated with the login request */
|
|
user: SessionUser;
|
|
}
|
|
|
|
/**
|
|
* Superuser context for admin procedures
|
|
* Requires user to have is_superuser = true
|
|
*/
|
|
export interface SuperuserContext extends AuthenticatedContext {
|
|
/** User with superuser privileges */
|
|
user: SessionUser & { isSuperuser: true };
|
|
}
|