From d5837f76093301741b400f864f561751d9a74ae5 Mon Sep 17 00:00:00 2001
From: William Oldham <wegg7250@gmail.com>
Date: Sat, 4 Nov 2023 09:43:19 +0000
Subject: [PATCH] Convert login endpoint to new login method

---
 src/routes/auth/login.ts | 70 +++++++++++++++++++++++++++++++---------
 1 file changed, 55 insertions(+), 15 deletions(-)

diff --git a/src/routes/auth/login.ts b/src/routes/auth/login.ts
index 4425988..fb11f50 100644
--- a/src/routes/auth/login.ts
+++ b/src/routes/auth/login.ts
@@ -1,39 +1,79 @@
+import { ChallengeCode } from '@/db/models/ChallengeCode';
 import { formatSession } from '@/db/models/Session';
 import { User } from '@/db/models/User';
+import { assertChallengeCode } from '@/services/challenge';
 import { StatusError } from '@/services/error';
 import { handle } from '@/services/handler';
 import { makeRouter } from '@/services/router';
 import { makeSession, makeSessionToken } from '@/services/session';
 import { z } from 'zod';
 
-const loginSchema = z.object({
-  id: z.string(),
+const startSchema = z.object({
+  publicKey: z.string(),
+});
+
+const completeSchema = z.object({
+  publicKey: z.string(),
+  challenge: z.object({
+    code: z.string(),
+    signature: z.string(),
+  }),
   device: z.string().max(500).min(1),
 });
 
 export const loginAuthRouter = makeRouter((app) => {
   app.post(
-    '/auth/login',
-    { schema: { body: loginSchema } },
-    handle(async ({ em, body, req }) => {
-      const user = await em.findOne(User, { id: body.id });
+    '/auth/login/start',
+    { schema: { body: startSchema } },
+    handle(async ({ em, body }) => {
+      const user = await em.findOne(User, { publicKey: body.publicKey });
 
       if (user == null) {
         throw new StatusError('User cannot be found', 401);
       }
 
-      const session = makeSession(
-        user.id,
-        body.device,
-        req.headers['user-agent'],
-      );
+      const challenge = new ChallengeCode();
+      challenge.authType = 'mnemonic';
+      challenge.flow = 'login';
 
-      await em.persistAndFlush(session);
+      await em.persistAndFlush(challenge);
 
       return {
-        session: formatSession(session),
-        token: makeSessionToken(session),
+        challenge: challenge.code,
       };
     }),
-  );
+  ),
+    app.post(
+      '/auth/login/complete',
+      { schema: { body: completeSchema } },
+      handle(async ({ em, body, req }) => {
+        await assertChallengeCode(
+          em,
+          body.challenge.code,
+          body.publicKey,
+          body.challenge.signature,
+          'login',
+          'mnemonic',
+        );
+
+        const user = await em.findOne(User, { publicKey: body.publicKey });
+
+        if (user == null) {
+          throw new StatusError('User cannot be found', 401);
+        }
+
+        const session = makeSession(
+          user.id,
+          body.device,
+          req.headers['user-agent'],
+        );
+
+        await em.persistAndFlush(session);
+
+        return {
+          session: formatSession(session),
+          token: makeSessionToken(session),
+        };
+      }),
+    );
 });