From e6570dd7ec5d7aea3c3d0c0235476a1227bbe71f Mon Sep 17 00:00:00 2001
From: MohamedBassem <me@mbassem.com>
Date: Tue, 5 Mar 2024 18:27:38 +0000
Subject: extension: Instead of manually creating api keys, let users exchange
 their username passwords for one

---
 packages/trpc/routers/apiKeys.ts | 41 ++++++++++++++++++++++++++++++----------
 1 file changed, 31 insertions(+), 10 deletions(-)

(limited to 'packages/trpc')

diff --git a/packages/trpc/routers/apiKeys.ts b/packages/trpc/routers/apiKeys.ts
index d13f87fb..3093b433 100644
--- a/packages/trpc/routers/apiKeys.ts
+++ b/packages/trpc/routers/apiKeys.ts
@@ -1,8 +1,16 @@
-import { generateApiKey } from "../auth";
-import { authedProcedure, router } from "../index";
+import { generateApiKey, validatePassword } from "../auth";
+import { authedProcedure, publicProcedure, router } from "../index";
 import { z } from "zod";
 import { apiKeys } from "@hoarder/db/schema";
 import { eq, and } from "drizzle-orm";
+import { TRPCError } from "@trpc/server";
+
+const zApiKeySchema = z.object({
+  id: z.string(),
+  name: z.string(),
+  key: z.string(),
+  createdAt: z.date(),
+});
 
 export const apiKeysAppRouter = router({
   create: authedProcedure
@@ -11,14 +19,7 @@ export const apiKeysAppRouter = router({
         name: z.string(),
       }),
     )
-    .output(
-      z.object({
-        id: z.string(),
-        name: z.string(),
-        key: z.string(),
-        createdAt: z.date(),
-      }),
-    )
+    .output(zApiKeySchema)
     .mutation(async ({ input, ctx }) => {
       return await generateApiKey(input.name, ctx.user.id);
     }),
@@ -58,4 +59,24 @@ export const apiKeysAppRouter = router({
       });
       return { keys: resp };
     }),
+  // Exchange the username and password with an API key.
+  // Homemade oAuth. This is used by the extension.
+  exchange: publicProcedure
+    .input(
+      z.object({
+        keyName: z.string(),
+        email: z.string(),
+        password: z.string(),
+      }),
+    )
+    .output(zApiKeySchema)
+    .mutation(async ({ input }) => {
+      let user;
+      try {
+        user = await validatePassword(input.email, input.password);
+      } catch (e) {
+        throw new TRPCError({ code: "UNAUTHORIZED" });
+      }
+      return await generateApiKey(input.keyName, user.id);
+    }),
 });
-- 
cgit v1.2.3-70-g09d2