From a28b5b275c7b8cf3ee22d56a01e0a5083cc67e5a Mon Sep 17 00:00:00 2001 From: flashwave Date: Mon, 14 Feb 2022 20:52:09 +0000 Subject: [PATCH] An attempt at adding the token fetching thing to Misuzu. --- public/index.php | 1 + src/Http/Handlers/SockChatHandler.php | 32 +++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/public/index.php b/public/index.php index 6f6e67c4..27f45b2f 100644 --- a/public/index.php +++ b/public/index.php @@ -57,6 +57,7 @@ Router::addRoutes( Route::get('/resolve', 'resolve'), Route::post('/bump', 'bump'), Route::post('/verify', 'verify'), + Route::create(['GET', 'OPTIONS'], '/token', 'token'), Route::get('/bans', 'bans')->addChildren( Route::get('/check', 'checkBan'), Route::post('/create', 'createBan'), diff --git a/src/Http/Handlers/SockChatHandler.php b/src/Http/Handlers/SockChatHandler.php index 161a5896..29a3a5ff 100644 --- a/src/Http/Handlers/SockChatHandler.php +++ b/src/Http/Handlers/SockChatHandler.php @@ -393,4 +393,36 @@ final class SockChatHandler extends Handler { 'perms' => self::calculatePermissions($userInfo), ]; } + + public function token(HttpResponse $response, HttpRequest $request) { + $httpOrigin = $request->getHeaderLine('Origin'); + + if(!empty($httpOrigin)) { + $whitelist = Config::get('sockChat.origins', Config::TYPE_ARR, []); + + if(!in_array($httpOrigin, $whitelist)) + return 403; + + $request->setHeader('Access-Control-Allow-Origin', $httpOrigin); + $request->setHeader('Access-Control-Allow-Methods', 'OPTIONS, GET'); + $request->setHeader('Access-Control-Allow-Credentials', 'true'); + $request->setHeader('Vary', 'Origin'); + } + + if($request->getMethod() === 'OPTIONS') + return 204; + + if(!UserSession::hasCurrent()) + return ['ok' => false]; + + $session = UserSession::getCurrent(); + $user = $session->getUser(); + $token = AuthToken::create($user, $session); + + return [ + 'ok' => true, + 'usr' => $user->getId(), + 'tkn' => $token->pack(), + ]; + } }