git-mirrors/out-of-your-element
1
0
Fork 0
mirror of https://gitdab.com/cadence/out-of-your-element.git synced 2025-09-09 11:53:04 +02:00
Code Issues Projects Releases Packages Wiki Activity
out-of-your-element/src/web/routes/log-in-with-matrix.js
Cadence Ember b2078620be Code coverage for matrix log in & guild settings
2025-02-08 16:05:35 +13:00

127 lines
4.2 KiB
JavaScript
Raw Blame History

// @ts-check
const {z} = require("zod")
const {randomUUID} = require("crypto")
const {defineEventHandler, getValidatedQuery, sendRedirect, readValidatedBody, useSession, createError, getRequestHeader, H3Event} = require("h3")
const {LRUCache} = require("lru-cache")
const {as, db} = require("../../passthrough")
const {reg} = require("../../matrix/read-registration")
const {sync} = require("../../passthrough")
const assert = require("assert").strict
/** @type {import("../pug-sync")} */
const pugSync = sync.require("../pug-sync")
const schema = {
form: z.object({
mxid: z.string()
}),
token: z.object({
token: z.string()
})
}
/**
* @param {H3Event} event
* @returns {import("../../matrix/api")}
*/
function getAPI(event) {
/* c8 ignore next */
return event.context.api || sync.require("../../matrix/api")
}
/** @type {LRUCache<string, string>} token to mxid */
const validToken = new LRUCache({max: 200})
/*
1st request, GET, they clicked the button, need to input their mxid
2nd request, POST, they input their mxid and we need to send a link
3rd request, GET, they clicked the link and we need to set the session data (just their mxid)
*/
as.router.get("/log-in-with-matrix", defineEventHandler(async event => {
const parsed = await getValidatedQuery(event, schema.token.safeParse)
if (!parsed.success) {
// We are in the first request and need to tell them to input their mxid
return pugSync.render(event, "log-in-with-matrix.pug", {})
}
const userAgent = getRequestHeader(event, "User-Agent")
if (userAgent?.match(/bot/)) throw createError({status: 400, data: "Sorry URL previewer, you can't have this URL."})
const token = parsed.data.token
if (!validToken.has(token)) return sendRedirect(event, `${reg.ooye.bridge_origin}/log-in-with-matrix`, 302)
const session = await useSession(event, {password: reg.as_token})
const mxid = validToken.get(token)
assert(mxid)
validToken.delete(token)
const matrixGuilds = db.prepare("SELECT guild_id FROM guild_space INNER JOIN member_cache ON space_id = room_id WHERE mxid = ? AND power_level >= 50").pluck().all(mxid)
await session.update({mxid, matrixGuilds})
return sendRedirect(event, "./", 302) // open to homepage where they can see they're logged in
}))
as.router.post("/api/log-in-with-matrix", defineEventHandler(async event => {
const api = getAPI(event)
const {mxid} = await readValidatedBody(event, schema.form.parse)
let roomID = null
// Don't extend a duplicate invite for the same user
for (const alreadyInvited of validToken.values()) {
if (mxid === alreadyInvited) {
return sendRedirect(event, "../ok?msg=We already sent you a link on Matrix. Please click it!", 302)
}
}
// See if we can reuse an existing room from account data
let directData = {}
try {
directData = await api.getAccountData("m.direct")
} catch (e) {}
const rooms = directData[mxid] || []
for (const candidate of rooms) {
// Check that the person is/still in the room
let member
try {
member = await api.getStateEvent(candidate, "m.room.member", mxid)
} catch (e) {}
if (!member || member.membership === "leave") {
// We can reinvite them back to the same room!
await api.inviteToRoom(candidate, mxid)
roomID = candidate
} else {
// Member is in this room
roomID = candidate
}
if (roomID) break // no need to check other candidates
}
// No candidates available, create a new room and invite
if (!roomID) {
roomID = await api.createRoom({
invite: [mxid],
is_direct: true,
preset: "trusted_private_chat"
})
// Store the newly created room in account data (Matrix doesn't do this for us automatically, sigh...)
;(directData[mxid] ??= []).push(roomID)
await api.setAccountData("m.direct", directData)
}
const token = randomUUID()
validToken.set(token, mxid)
console.log(`web log in requested for ${mxid}`)
const body = `Hi, this is Out Of Your Element! You just clicked the "log in" button on the website.\nOpen this link to finish: ${reg.ooye.bridge_origin}/log-in-with-matrix?token=${token}\nThe link can be used once.`
await api.sendEvent(roomID, "m.room.message", {
msgtype: "m.text",
body
})
return sendRedirect(event, "../ok?msg=Please check your inbox on Matrix!&spot=SpotMailXL", 302)
}))
Reference in a new issue View git blame Copy permalink