Convert login endpoint to new login method

2025-09-13 13:03:26 +00:00 · 2023-11-04 09:43:19 +00:00
parent 5d32933ba0
commit d5837f7609
1 changed files with 55 additions and 15 deletions
--- a/src/routes/auth/login.ts
+++ b/src/routes/auth/login.ts
@@ -1,22 +1,62 @@
+import { ChallengeCode } from '@/db/models/ChallengeCode';
 import { formatSession } from '@/db/models/Session';
 import { User } from '@/db/models/User';
+import { assertChallengeCode } from '@/services/challenge';
 import { StatusError } from '@/services/error';
 import { handle } from '@/services/handler';
 import { makeRouter } from '@/services/router';
 import { makeSession, makeSessionToken } from '@/services/session';
 import { z } from 'zod';

-const loginSchema = z.object({
-  id: z.string(),
+const startSchema = z.object({
+  publicKey: z.string(),
+});
+
+const completeSchema = z.object({
+  publicKey: z.string(),
+  challenge: z.object({
+    code: z.string(),
+    signature: z.string(),
+  }),
  device: z.string().max(500).min(1),
 });

 export const loginAuthRouter = makeRouter((app) => {
  app.post(
-    '/auth/login',
-    { schema: { body: loginSchema } },
+    '/auth/login/start',
+    { schema: { body: startSchema } },
+    handle(async ({ em, body }) => {
+      const user = await em.findOne(User, { publicKey: body.publicKey });
+
+      if (user == null) {
+        throw new StatusError('User cannot be found', 401);
+      }
+
+      const challenge = new ChallengeCode();
+      challenge.authType = 'mnemonic';
+      challenge.flow = 'login';
+
+      await em.persistAndFlush(challenge);
+
+      return {
+        challenge: challenge.code,
+      };
+    }),
+  ),
+    app.post(
+      '/auth/login/complete',
+      { schema: { body: completeSchema } },
      handle(async ({ em, body, req }) => {
-      const user = await em.findOne(User, { id: body.id });
+        await assertChallengeCode(
+          em,
+          body.challenge.code,
+          body.publicKey,
+          body.challenge.signature,
+          'login',
+          'mnemonic',
+        );
+
+        const user = await em.findOne(User, { publicKey: body.publicKey });

        if (user == null) {
          throw new StatusError('User cannot be found', 401);