sophie/trillium
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
trillium/server/src/session.ts
sophie 983f0aa9e2
All checks were successful
/ build (push) Successful in 14s
Details
cancer finally fixed
2024-05-23 17:57:17 +03:00

86 lines
2.1 KiB
TypeScript
Raw Blame History

import Elysia from "elysia";
import { User, Session, verifyRequestOrigin } from "lucia";
import { lucia } from "./db";
import type { Generator } from "elysia-rate-limit";
export const ipGenerator = () => {
let gen: Generator<any>;
if (process.env.DETECT_IP == "fwf") {
gen = (req, server) => {
let fwf = req.headers.get("x-forwarded-for")!;
if (!fwf) {
console.log(
"!!! x-forwarded-for missing on request, while DETECT_IP is set to fwf! falling back to server IP !!!"
);
fwf = server?.requestIP(req)?.address!;
}
return fwf;
};
} else {
gen = (req, server) => {
return server?.requestIP(req)?.address!;
};
}
return gen;
};
export default new Elysia({
name: "session",
}).derive(
{ as: "global" },
async (
context
): Promise<{
user: User | null;
session: Session | null;
}> => {
// CSRF check
if (context.request.method !== "GET") {
const originHeader = context.request.headers.get("Origin");
// NOTE: You may need to use `X-Forwarded-Host` instead
if (
!originHeader ||
!verifyRequestOrigin(originHeader, ["chat.sad.ovh", "localhost:5173"])
) {
return {
user: null,
session: null,
};
}
}
// use headers instead of Cookie API to prevent type coercion
const cookieHeader = context.request.headers.get("Cookie") ?? "";
const sessionId = lucia.readSessionCookie(cookieHeader);
if (!sessionId) {
return {
user: null,
session: null,
};
}
const { session, user } = await lucia.validateSession(sessionId);
if (session && session.fresh) {
const sessionCookie = lucia.createSessionCookie(session.id);
context.cookie[sessionCookie.name].set({
value: sessionCookie.value,
...sessionCookie.attributes,
});
}
if (!session) {
const sessionCookie = lucia.createBlankSessionCookie();
context.cookie[sessionCookie.name].set({
value: sessionCookie.value,
...sessionCookie.attributes,
});
}
return {
user,
session,
};
}
);
Reference in a new issue View git blame Copy permalink