diff options
| author | MohamedBassem <me@mbassem.com> | 2024-03-05 18:27:38 +0000 |
|---|---|---|
| committer | MohamedBassem <me@mbassem.com> | 2024-03-05 18:44:15 +0000 |
| commit | e6570dd7ec5d7aea3c3d0c0235476a1227bbe71f (patch) | |
| tree | 69ee48d5dc6a5e5b95a1ff7f91ea90c8a66e97e4 /packages/trpc/routers | |
| parent | 56c5236245359987e7a729979de3892bbee70852 (diff) | |
| download | karakeep-e6570dd7ec5d7aea3c3d0c0235476a1227bbe71f.tar.zst | |
extension: Instead of manually creating api keys, let users exchange their username passwords for one
Diffstat (limited to 'packages/trpc/routers')
| -rw-r--r-- | packages/trpc/routers/apiKeys.ts | 41 |
1 files changed, 31 insertions, 10 deletions
diff --git a/packages/trpc/routers/apiKeys.ts b/packages/trpc/routers/apiKeys.ts index d13f87fb..3093b433 100644 --- a/packages/trpc/routers/apiKeys.ts +++ b/packages/trpc/routers/apiKeys.ts @@ -1,8 +1,16 @@ -import { generateApiKey } from "../auth"; -import { authedProcedure, router } from "../index"; +import { generateApiKey, validatePassword } from "../auth"; +import { authedProcedure, publicProcedure, router } from "../index"; import { z } from "zod"; import { apiKeys } from "@hoarder/db/schema"; import { eq, and } from "drizzle-orm"; +import { TRPCError } from "@trpc/server"; + +const zApiKeySchema = z.object({ + id: z.string(), + name: z.string(), + key: z.string(), + createdAt: z.date(), +}); export const apiKeysAppRouter = router({ create: authedProcedure @@ -11,14 +19,7 @@ export const apiKeysAppRouter = router({ name: z.string(), }), ) - .output( - z.object({ - id: z.string(), - name: z.string(), - key: z.string(), - createdAt: z.date(), - }), - ) + .output(zApiKeySchema) .mutation(async ({ input, ctx }) => { return await generateApiKey(input.name, ctx.user.id); }), @@ -58,4 +59,24 @@ export const apiKeysAppRouter = router({ }); return { keys: resp }; }), + // Exchange the username and password with an API key. + // Homemade oAuth. This is used by the extension. + exchange: publicProcedure + .input( + z.object({ + keyName: z.string(), + email: z.string(), + password: z.string(), + }), + ) + .output(zApiKeySchema) + .mutation(async ({ input }) => { + let user; + try { + user = await validatePassword(input.email, input.password); + } catch (e) { + throw new TRPCError({ code: "UNAUTHORIZED" }); + } + return await generateApiKey(input.keyName, user.id); + }), }); |