| import { Router } from "express"; |
| import type express from "express"; |
| import { |
| resolveUser, |
| extractToken, |
| handleOAuthAuthorize, |
| handleOAuthCallback, |
| handleOAuthLogout, |
| } from "../auth.js"; |
| import { setUserToken, ensureDatasetExists } from "../hf-storage.js"; |
| import { ensurePublishedRestored } from "../persistence.js"; |
|
|
| export interface AuthContext { |
| oauthEnabled: boolean; |
| } |
|
|
| |
| |
| |
| |
| export function createRequireEditor(ctx: AuthContext): express.RequestHandler { |
| return async (req, res, next) => { |
| if (!ctx.oauthEnabled) return next(); |
| const token = extractToken(req.headers.cookie); |
| const user = await resolveUser(token); |
| if (!user || !user.canEdit) { |
| res.status(403).json({ error: "Unauthorized" }); |
| return; |
| } |
| next(); |
| }; |
| } |
|
|
| export function createAuthRouter(ctx: AuthContext): Router { |
| const router = Router(); |
|
|
| if (ctx.oauthEnabled) { |
| router.get("/oauth/authorize", handleOAuthAuthorize); |
| router.get("/auth/callback", handleOAuthCallback); |
| |
| |
| |
| router.post("/api/auth/logout", handleOAuthLogout); |
| router.get("/api/auth/logout", handleOAuthLogout); |
| } |
|
|
| router.get("/api/auth/status", async (req, res) => { |
| if (!ctx.oauthEnabled) { |
| res.json({ authenticated: true, canEdit: true, user: null }); |
| return; |
| } |
|
|
| const token = extractToken(req.headers.cookie); |
| const user = await resolveUser(token); |
|
|
| if (!user) { |
| res.json({ authenticated: false, canEdit: false, user: null, loginUrl: "/oauth/authorize" }); |
| return; |
| } |
|
|
| if (user.canEdit && token) { |
| setUserToken(token); |
| ensurePublishedRestored(token).catch(() => {}); |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| ensureDatasetExists(token).catch((err) => { |
| console.warn("[auth] eager ensureDatasetExists failed:", (err as Error).message); |
| }); |
| } |
|
|
| res.json({ |
| authenticated: true, |
| canEdit: user.canEdit, |
| user: { |
| name: user.name, |
| fullName: user.fullName, |
| avatarUrl: user.avatarUrl, |
| }, |
| }); |
| }); |
|
|
| return router; |
| } |
|
|