| 135dfe5 | | | 1 | import type { FastifyInstance } from "fastify"; |
| 135dfe5 | | | 2 | import { z } from "zod"; |
| 3c994d3 | | | 3 | import { createHash } from "crypto"; |
| 135dfe5 | | | 4 | import { |
| 135dfe5 | | | 5 | generateRegistrationOptions, |
| 135dfe5 | | | 6 | verifyRegistrationResponse, |
| 135dfe5 | | | 7 | generateAuthenticationOptions, |
| 135dfe5 | | | 8 | verifyAuthenticationResponse, |
| 135dfe5 | | | 9 | } from "@simplewebauthn/server"; |
| 135dfe5 | | | 10 | import type { |
| 135dfe5 | | | 11 | RegistrationResponseJSON, |
| 135dfe5 | | | 12 | AuthenticationResponseJSON, |
| 135dfe5 | | | 13 | AuthenticatorTransportFuture, |
| 135dfe5 | | | 14 | } from "@simplewebauthn/server"; |
| 135dfe5 | | | 15 | |
| 135dfe5 | | | 16 | const RP_NAME = "Grove"; |
| 135dfe5 | | | 17 | const RP_ID = process.env.RP_ID ?? "localhost"; |
| a33b2b6 | | | 18 | const ORIGIN_ENV = process.env.ORIGIN ?? "http://localhost:3000"; |
| a33b2b6 | | | 19 | const EXPECTED_ORIGINS = ORIGIN_ENV.split(",") |
| a33b2b6 | | | 20 | .map((origin) => origin.trim()) |
| a33b2b6 | | | 21 | .filter(Boolean); |
| a33b2b6 | | | 22 | const EXPECTED_ORIGIN = EXPECTED_ORIGINS.length === 1 |
| a33b2b6 | | | 23 | ? EXPECTED_ORIGINS[0] |
| a33b2b6 | | | 24 | : EXPECTED_ORIGINS; |
| 135dfe5 | | | 25 | const CHALLENGE_TTL = 5 * 60 * 1000; |
| 135dfe5 | | | 26 | |
| 135dfe5 | | | 27 | const registerBeginSchema = z.object({ |
| 135dfe5 | | | 28 | username: z.string().min(2).max(39).regex(/^[a-zA-Z0-9_-]+$/), |
| 135dfe5 | | | 29 | display_name: z.string().optional(), |
| 135dfe5 | | | 30 | }); |
| 135dfe5 | | | 31 | |
| 135dfe5 | | | 32 | export async function authRoutes(app: FastifyInstance) { |
| 135dfe5 | | | 33 | const db = (app as any).db; |
| 135dfe5 | | | 34 | const challenges = (app as any).challenges as Map< |
| 135dfe5 | | | 35 | string, |
| 135dfe5 | | | 36 | { username?: string; displayName?: string; userId?: number; expiresAt: number } |
| 135dfe5 | | | 37 | >; |
| 135dfe5 | | | 38 | |
| 135dfe5 | | | 39 | // ── Registration Step 1: Generate challenge ────────────────────── |
| 135dfe5 | | | 40 | |
| 135dfe5 | | | 41 | app.post("/register/begin", async (request, reply) => { |
| 135dfe5 | | | 42 | const parsed = registerBeginSchema.safeParse(request.body); |
| 135dfe5 | | | 43 | if (!parsed.success) { |
| 135dfe5 | | | 44 | return reply.code(400).send({ error: parsed.error.flatten() }); |
| 135dfe5 | | | 45 | } |
| 135dfe5 | | | 46 | |
| 135dfe5 | | | 47 | const { username, display_name } = parsed.data; |
| 135dfe5 | | | 48 | |
| 135dfe5 | | | 49 | const existing = db |
| 135dfe5 | | | 50 | .prepare("SELECT id FROM users WHERE username = ?") |
| 135dfe5 | | | 51 | .get(username); |
| 79efd41 | | | 52 | const orgExists = db |
| 79efd41 | | | 53 | .prepare("SELECT 1 FROM orgs WHERE name = ?") |
| 79efd41 | | | 54 | .get(username); |
| 135dfe5 | | | 55 | |
| 79efd41 | | | 56 | if (existing || orgExists) { |
| 135dfe5 | | | 57 | return reply.code(409).send({ error: "Username already taken" }); |
| 135dfe5 | | | 58 | } |
| 135dfe5 | | | 59 | |
| 135dfe5 | | | 60 | const options = await generateRegistrationOptions({ |
| 135dfe5 | | | 61 | rpName: RP_NAME, |
| 135dfe5 | | | 62 | rpID: RP_ID, |
| 135dfe5 | | | 63 | userName: username, |
| 135dfe5 | | | 64 | userDisplayName: display_name ?? username, |
| 135dfe5 | | | 65 | attestationType: "none", |
| 135dfe5 | | | 66 | authenticatorSelection: { |
| 135dfe5 | | | 67 | residentKey: "preferred", |
| 135dfe5 | | | 68 | userVerification: "preferred", |
| 135dfe5 | | | 69 | }, |
| 135dfe5 | | | 70 | }); |
| 135dfe5 | | | 71 | |
| 135dfe5 | | | 72 | challenges.set(options.challenge, { |
| 135dfe5 | | | 73 | username, |
| 135dfe5 | | | 74 | displayName: display_name ?? username, |
| 135dfe5 | | | 75 | expiresAt: Date.now() + CHALLENGE_TTL, |
| 135dfe5 | | | 76 | }); |
| 135dfe5 | | | 77 | |
| 135dfe5 | | | 78 | return { options }; |
| 135dfe5 | | | 79 | }); |
| 135dfe5 | | | 80 | |
| 135dfe5 | | | 81 | // ── Registration Step 2: Verify attestation ────────────────────── |
| 135dfe5 | | | 82 | |
| 135dfe5 | | | 83 | app.post("/register/complete", async (request, reply) => { |
| 135dfe5 | | | 84 | const body = request.body as { |
| 135dfe5 | | | 85 | response: RegistrationResponseJSON; |
| 135dfe5 | | | 86 | challenge: string; |
| 135dfe5 | | | 87 | }; |
| 135dfe5 | | | 88 | |
| 135dfe5 | | | 89 | const stored = challenges.get(body.challenge); |
| 135dfe5 | | | 90 | if (!stored || stored.expiresAt < Date.now()) { |
| 135dfe5 | | | 91 | return reply.code(400).send({ error: "Challenge expired or invalid" }); |
| 135dfe5 | | | 92 | } |
| 135dfe5 | | | 93 | |
| 135dfe5 | | | 94 | try { |
| 135dfe5 | | | 95 | const verification = await verifyRegistrationResponse({ |
| 135dfe5 | | | 96 | response: body.response, |
| 135dfe5 | | | 97 | expectedChallenge: body.challenge, |
| a33b2b6 | | | 98 | expectedOrigin: EXPECTED_ORIGIN, |
| 135dfe5 | | | 99 | expectedRPID: RP_ID, |
| 135dfe5 | | | 100 | }); |
| 135dfe5 | | | 101 | |
| 135dfe5 | | | 102 | if (!verification.verified || !verification.registrationInfo) { |
| 135dfe5 | | | 103 | return reply.code(400).send({ error: "Registration verification failed" }); |
| 135dfe5 | | | 104 | } |
| 135dfe5 | | | 105 | |
| 135dfe5 | | | 106 | const { credential, credentialDeviceType, credentialBackedUp } = |
| 135dfe5 | | | 107 | verification.registrationInfo; |
| 135dfe5 | | | 108 | |
| 135dfe5 | | | 109 | const userResult = db |
| 135dfe5 | | | 110 | .prepare("INSERT INTO users (username, display_name) VALUES (?, ?)") |
| 135dfe5 | | | 111 | .run(stored.username, stored.displayName); |
| 135dfe5 | | | 112 | |
| 135dfe5 | | | 113 | const userId = userResult.lastInsertRowid; |
| 135dfe5 | | | 114 | |
| 135dfe5 | | | 115 | db.prepare(` |
| 135dfe5 | | | 116 | INSERT INTO credentials (id, user_id, public_key, counter, transports, device_type, backed_up) |
| 135dfe5 | | | 117 | VALUES (?, ?, ?, ?, ?, ?, ?) |
| 135dfe5 | | | 118 | `).run( |
| 135dfe5 | | | 119 | credential.id, |
| 135dfe5 | | | 120 | userId, |
| 135dfe5 | | | 121 | Buffer.from(credential.publicKey), |
| 135dfe5 | | | 122 | credential.counter, |
| 135dfe5 | | | 123 | JSON.stringify(credential.transports ?? []), |
| 135dfe5 | | | 124 | credentialDeviceType, |
| 135dfe5 | | | 125 | credentialBackedUp ? 1 : 0 |
| 135dfe5 | | | 126 | ); |
| 135dfe5 | | | 127 | |
| 135dfe5 | | | 128 | challenges.delete(body.challenge); |
| 135dfe5 | | | 129 | |
| 3c994d3 | | | 130 | const token = app.jwt.sign({ |
| 3c994d3 | | | 131 | id: Number(userId), |
| 3c994d3 | | | 132 | username: stored.username!, |
| 3c994d3 | | | 133 | display_name: stored.displayName, |
| 3c994d3 | | | 134 | type: "session", |
| 3c994d3 | | | 135 | }); |
| 135dfe5 | | | 136 | |
| 135dfe5 | | | 137 | return reply.code(201).send({ |
| 135dfe5 | | | 138 | token, |
| 135dfe5 | | | 139 | user: { |
| 135dfe5 | | | 140 | id: Number(userId), |
| 135dfe5 | | | 141 | username: stored.username, |
| 135dfe5 | | | 142 | display_name: stored.displayName, |
| 135dfe5 | | | 143 | }, |
| 135dfe5 | | | 144 | }); |
| 135dfe5 | | | 145 | } catch (err: any) { |
| 135dfe5 | | | 146 | return reply.code(400).send({ error: err.message }); |
| 135dfe5 | | | 147 | } |
| 135dfe5 | | | 148 | }); |
| 135dfe5 | | | 149 | |
| 135dfe5 | | | 150 | // ── Login Step 1: Generate challenge ───────────────────────────── |
| 135dfe5 | | | 151 | |
| 135dfe5 | | | 152 | app.post("/login/begin", async (request, reply) => { |
| 135dfe5 | | | 153 | let allowCredentials: { id: string; transports?: AuthenticatorTransportFuture[] }[] | undefined; |
| 135dfe5 | | | 154 | |
| 135dfe5 | | | 155 | const body = (request.body ?? {}) as { username?: string }; |
| 135dfe5 | | | 156 | |
| 135dfe5 | | | 157 | if (body.username) { |
| 135dfe5 | | | 158 | const user = db |
| 135dfe5 | | | 159 | .prepare("SELECT id FROM users WHERE username = ?") |
| 135dfe5 | | | 160 | .get(body.username) as any; |
| 135dfe5 | | | 161 | |
| 135dfe5 | | | 162 | if (!user) { |
| 135dfe5 | | | 163 | return reply.code(404).send({ error: "User not found" }); |
| 135dfe5 | | | 164 | } |
| 135dfe5 | | | 165 | |
| 135dfe5 | | | 166 | const creds = db |
| 135dfe5 | | | 167 | .prepare("SELECT id, transports FROM credentials WHERE user_id = ?") |
| 135dfe5 | | | 168 | .all(user.id) as any[]; |
| 135dfe5 | | | 169 | |
| 135dfe5 | | | 170 | allowCredentials = creds.map((c) => ({ |
| 135dfe5 | | | 171 | id: c.id, |
| 135dfe5 | | | 172 | transports: JSON.parse(c.transports || "[]") as AuthenticatorTransportFuture[], |
| 135dfe5 | | | 173 | })); |
| 135dfe5 | | | 174 | } |
| 135dfe5 | | | 175 | |
| 135dfe5 | | | 176 | const options = await generateAuthenticationOptions({ |
| 135dfe5 | | | 177 | rpID: RP_ID, |
| 135dfe5 | | | 178 | allowCredentials, |
| 135dfe5 | | | 179 | }); |
| 135dfe5 | | | 180 | |
| 135dfe5 | | | 181 | challenges.set(options.challenge, { |
| 135dfe5 | | | 182 | username: body.username, |
| 135dfe5 | | | 183 | expiresAt: Date.now() + CHALLENGE_TTL, |
| 135dfe5 | | | 184 | }); |
| 135dfe5 | | | 185 | |
| 135dfe5 | | | 186 | return { options }; |
| 135dfe5 | | | 187 | }); |
| 135dfe5 | | | 188 | |
| 135dfe5 | | | 189 | // ── Login Step 2: Verify assertion ─────────────────────────────── |
| 135dfe5 | | | 190 | |
| 135dfe5 | | | 191 | app.post("/login/complete", async (request, reply) => { |
| 135dfe5 | | | 192 | const body = request.body as { |
| 135dfe5 | | | 193 | response: AuthenticationResponseJSON; |
| 135dfe5 | | | 194 | challenge: string; |
| 135dfe5 | | | 195 | }; |
| 135dfe5 | | | 196 | |
| 135dfe5 | | | 197 | const stored = challenges.get(body.challenge); |
| 135dfe5 | | | 198 | if (!stored || stored.expiresAt < Date.now()) { |
| 135dfe5 | | | 199 | return reply.code(400).send({ error: "Challenge expired or invalid" }); |
| 135dfe5 | | | 200 | } |
| 135dfe5 | | | 201 | |
| 135dfe5 | | | 202 | const credentialId = body.response.id; |
| 135dfe5 | | | 203 | const credRow = db |
| 135dfe5 | | | 204 | .prepare(` |
| 135dfe5 | | | 205 | SELECT c.*, u.username, u.display_name |
| 135dfe5 | | | 206 | FROM credentials c |
| 135dfe5 | | | 207 | JOIN users u ON c.user_id = u.id |
| 135dfe5 | | | 208 | WHERE c.id = ? |
| 135dfe5 | | | 209 | `) |
| 135dfe5 | | | 210 | .get(credentialId) as any; |
| 135dfe5 | | | 211 | |
| 135dfe5 | | | 212 | if (!credRow) { |
| 135dfe5 | | | 213 | return reply.code(400).send({ error: "Unknown credential" }); |
| 135dfe5 | | | 214 | } |
| 135dfe5 | | | 215 | |
| 135dfe5 | | | 216 | try { |
| 135dfe5 | | | 217 | const verification = await verifyAuthenticationResponse({ |
| 135dfe5 | | | 218 | response: body.response, |
| 135dfe5 | | | 219 | expectedChallenge: body.challenge, |
| a33b2b6 | | | 220 | expectedOrigin: EXPECTED_ORIGIN, |
| 135dfe5 | | | 221 | expectedRPID: RP_ID, |
| 135dfe5 | | | 222 | credential: { |
| 135dfe5 | | | 223 | id: credRow.id, |
| 135dfe5 | | | 224 | publicKey: new Uint8Array(credRow.public_key), |
| 135dfe5 | | | 225 | counter: credRow.counter, |
| 135dfe5 | | | 226 | transports: JSON.parse(credRow.transports || "[]"), |
| 135dfe5 | | | 227 | }, |
| 135dfe5 | | | 228 | }); |
| 135dfe5 | | | 229 | |
| 135dfe5 | | | 230 | if (!verification.verified) { |
| 135dfe5 | | | 231 | return reply.code(400).send({ error: "Authentication failed" }); |
| 135dfe5 | | | 232 | } |
| 135dfe5 | | | 233 | |
| 135dfe5 | | | 234 | db.prepare("UPDATE credentials SET counter = ? WHERE id = ?") |
| 135dfe5 | | | 235 | .run(verification.authenticationInfo.newCounter, credRow.id); |
| 135dfe5 | | | 236 | |
| 135dfe5 | | | 237 | challenges.delete(body.challenge); |
| 135dfe5 | | | 238 | |
| 135dfe5 | | | 239 | const token = app.jwt.sign({ |
| 135dfe5 | | | 240 | id: credRow.user_id, |
| 135dfe5 | | | 241 | username: credRow.username, |
| 3c994d3 | | | 242 | display_name: credRow.display_name, |
| 3c994d3 | | | 243 | type: "session", |
| 135dfe5 | | | 244 | }); |
| 135dfe5 | | | 245 | |
| 135dfe5 | | | 246 | return { |
| 135dfe5 | | | 247 | token, |
| 135dfe5 | | | 248 | user: { |
| 135dfe5 | | | 249 | id: credRow.user_id, |
| 135dfe5 | | | 250 | username: credRow.username, |
| 135dfe5 | | | 251 | display_name: credRow.display_name, |
| 135dfe5 | | | 252 | }, |
| 135dfe5 | | | 253 | }; |
| 135dfe5 | | | 254 | } catch (err: any) { |
| 135dfe5 | | | 255 | return reply.code(400).send({ error: err.message }); |
| 135dfe5 | | | 256 | } |
| 135dfe5 | | | 257 | }); |
| 135dfe5 | | | 258 | |
| 135dfe5 | | | 259 | // ── Get current user ───────────────────────────────────────────── |
| 135dfe5 | | | 260 | |
| 135dfe5 | | | 261 | app.get("/me", { |
| 135dfe5 | | | 262 | preHandler: [(app as any).authenticate], |
| 135dfe5 | | | 263 | handler: async (request) => { |
| 135dfe5 | | | 264 | const payload = request.user as any; |
| 135dfe5 | | | 265 | |
| 135dfe5 | | | 266 | const user = db |
| 135dfe5 | | | 267 | .prepare("SELECT id, username, display_name, created_at FROM users WHERE id = ?") |
| 135dfe5 | | | 268 | .get(payload.id); |
| 135dfe5 | | | 269 | |
| 135dfe5 | | | 270 | return { user }; |
| 135dfe5 | | | 271 | }, |
| 135dfe5 | | | 272 | }); |
| 3c994d3 | | | 273 | |
| a9b2860 | | | 274 | // ── Refresh session token ──────────────────────────────────────── |
| a9b2860 | | | 275 | |
| a9b2860 | | | 276 | app.post("/refresh", { |
| a9b2860 | | | 277 | preHandler: [(app as any).authenticate], |
| a9b2860 | | | 278 | handler: async (request, reply) => { |
| a9b2860 | | | 279 | const payload = request.user as any; |
| a9b2860 | | | 280 | |
| a9b2860 | | | 281 | if (payload.type !== "session") { |
| a9b2860 | | | 282 | return reply.code(403).send({ error: "Only session tokens can be refreshed" }); |
| a9b2860 | | | 283 | } |
| a9b2860 | | | 284 | |
| a9b2860 | | | 285 | const user = db |
| a9b2860 | | | 286 | .prepare("SELECT id, username, display_name FROM users WHERE id = ?") |
| a9b2860 | | | 287 | .get(payload.id) as any; |
| a9b2860 | | | 288 | |
| a9b2860 | | | 289 | if (!user) { |
| a9b2860 | | | 290 | return reply.code(401).send({ error: "User not found" }); |
| a9b2860 | | | 291 | } |
| a9b2860 | | | 292 | |
| a9b2860 | | | 293 | const token = app.jwt.sign({ |
| a9b2860 | | | 294 | id: user.id, |
| a9b2860 | | | 295 | username: user.username, |
| a9b2860 | | | 296 | display_name: user.display_name, |
| a9b2860 | | | 297 | type: "session", |
| a9b2860 | | | 298 | }); |
| a9b2860 | | | 299 | |
| a9b2860 | | | 300 | return { token, user: { id: user.id, username: user.username, display_name: user.display_name } }; |
| a9b2860 | | | 301 | }, |
| a9b2860 | | | 302 | }); |
| a9b2860 | | | 303 | |
| 3c994d3 | | | 304 | // ── Personal Access Tokens (PATs) ───────────────────────────────── |
| 3c994d3 | | | 305 | |
| 3c994d3 | | | 306 | const createTokenSchema = z.object({ |
| 3c994d3 | | | 307 | name: z.string().min(1).max(100), |
| 3c994d3 | | | 308 | expires_in: z.enum(["30d", "90d", "1y"]).default("1y"), |
| 3c994d3 | | | 309 | }); |
| 3c994d3 | | | 310 | |
| 3c994d3 | | | 311 | const EXPIRY_MAP: Record<string, string> = { |
| 3c994d3 | | | 312 | "30d": "30d", |
| 3c994d3 | | | 313 | "90d": "90d", |
| 3c994d3 | | | 314 | "1y": "365d", |
| 3c994d3 | | | 315 | }; |
| 3c994d3 | | | 316 | |
| 3c994d3 | | | 317 | app.post("/tokens", { |
| 3c994d3 | | | 318 | preHandler: [(app as any).authenticate], |
| 3c994d3 | | | 319 | handler: async (request, reply) => { |
| 3c994d3 | | | 320 | const parsed = createTokenSchema.safeParse(request.body); |
| 3c994d3 | | | 321 | if (!parsed.success) { |
| 3c994d3 | | | 322 | return reply.code(400).send({ error: parsed.error.flatten() }); |
| 3c994d3 | | | 323 | } |
| 3c994d3 | | | 324 | |
| 3c994d3 | | | 325 | const payload = request.user as any; |
| 3c994d3 | | | 326 | const { name, expires_in } = parsed.data; |
| 3c994d3 | | | 327 | |
| 3c994d3 | | | 328 | const user = db |
| 3c994d3 | | | 329 | .prepare("SELECT id, username, display_name FROM users WHERE id = ?") |
| 3c994d3 | | | 330 | .get(payload.id) as any; |
| 3c994d3 | | | 331 | |
| 3c994d3 | | | 332 | if (!user) { |
| 3c994d3 | | | 333 | return reply.code(404).send({ error: "User not found" }); |
| 3c994d3 | | | 334 | } |
| 3c994d3 | | | 335 | |
| 3c994d3 | | | 336 | const token = app.jwt.sign( |
| 3c994d3 | | | 337 | { |
| 3c994d3 | | | 338 | id: user.id, |
| 3c994d3 | | | 339 | username: user.username, |
| 3c994d3 | | | 340 | display_name: user.display_name, |
| 3c994d3 | | | 341 | type: "pat", |
| 3c994d3 | | | 342 | }, |
| 3c994d3 | | | 343 | { expiresIn: EXPIRY_MAP[expires_in] } |
| 3c994d3 | | | 344 | ); |
| 3c994d3 | | | 345 | |
| 3c994d3 | | | 346 | const tokenHash = createHash("sha256").update(token).digest("hex"); |
| 3c994d3 | | | 347 | const expiresAt = new Date( |
| 3c994d3 | | | 348 | Date.now() + parseInt(EXPIRY_MAP[expires_in]) * 24 * 60 * 60 * 1000 |
| 3c994d3 | | | 349 | ).toISOString(); |
| 3c994d3 | | | 350 | |
| 3c994d3 | | | 351 | const result = db |
| 3c994d3 | | | 352 | .prepare( |
| 3c994d3 | | | 353 | "INSERT INTO api_tokens (user_id, name, token_hash, expires_at) VALUES (?, ?, ?, ?)" |
| 3c994d3 | | | 354 | ) |
| 3c994d3 | | | 355 | .run(user.id, name, tokenHash, expiresAt); |
| 3c994d3 | | | 356 | |
| 3c994d3 | | | 357 | return reply.code(201).send({ |
| 3c994d3 | | | 358 | token, |
| 3c994d3 | | | 359 | api_token: { |
| 3c994d3 | | | 360 | id: result.lastInsertRowid, |
| 3c994d3 | | | 361 | name, |
| 3c994d3 | | | 362 | expires_at: expiresAt, |
| 3c994d3 | | | 363 | created_at: new Date().toISOString(), |
| 3c994d3 | | | 364 | }, |
| 3c994d3 | | | 365 | }); |
| 3c994d3 | | | 366 | }, |
| 3c994d3 | | | 367 | }); |
| 3c994d3 | | | 368 | |
| 3c994d3 | | | 369 | app.get("/tokens", { |
| 3c994d3 | | | 370 | preHandler: [(app as any).authenticate], |
| 3c994d3 | | | 371 | handler: async (request) => { |
| 3c994d3 | | | 372 | const payload = request.user as any; |
| 3c994d3 | | | 373 | |
| 3c994d3 | | | 374 | const tokens = db |
| 3c994d3 | | | 375 | .prepare( |
| 3c994d3 | | | 376 | "SELECT id, name, expires_at, last_used_at, created_at FROM api_tokens WHERE user_id = ? ORDER BY created_at DESC" |
| 3c994d3 | | | 377 | ) |
| 3c994d3 | | | 378 | .all(payload.id); |
| 3c994d3 | | | 379 | |
| 3c994d3 | | | 380 | return { tokens }; |
| 3c994d3 | | | 381 | }, |
| 3c994d3 | | | 382 | }); |
| 3c994d3 | | | 383 | |
| 3c994d3 | | | 384 | app.delete("/tokens/:id", { |
| 3c994d3 | | | 385 | preHandler: [(app as any).authenticate], |
| 3c994d3 | | | 386 | handler: async (request, reply) => { |
| 3c994d3 | | | 387 | const payload = request.user as any; |
| 3c994d3 | | | 388 | const { id } = request.params as { id: string }; |
| 3c994d3 | | | 389 | |
| 3c994d3 | | | 390 | const result = db |
| 3c994d3 | | | 391 | .prepare("DELETE FROM api_tokens WHERE id = ? AND user_id = ?") |
| 3c994d3 | | | 392 | .run(id, payload.id); |
| 3c994d3 | | | 393 | |
| 3c994d3 | | | 394 | if (result.changes === 0) { |
| 3c994d3 | | | 395 | return reply.code(404).send({ error: "Token not found" }); |
| 3c994d3 | | | 396 | } |
| 3c994d3 | | | 397 | |
| 3c994d3 | | | 398 | return reply.code(204).send(); |
| 3c994d3 | | | 399 | }, |
| 3c994d3 | | | 400 | }); |
| 135dfe5 | | | 401 | } |