diff --git a/functions/api/auth/mobile/token.ts b/functions/api/auth/mobile/token.ts new file mode 100644 index 0000000..d7217d8 --- /dev/null +++ b/functions/api/auth/mobile/token.ts @@ -0,0 +1,59 @@ +import { jsonError } from "../../../common.js"; + +export async function onRequestGet(context: RequestContext) { + const { current_user: currentUser } = context.data; + + if (!currentUser) return jsonError("Unauthorized", 401); + + const header = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"; + + const cookies = (context.request.headers.get("cookie") as string).split("; "); + const sessionCookie = cookies.find((c) => c.startsWith("_s=")) as string; + + const claimSet = btoa( + JSON.stringify({ + email: currentUser.email, + email_verified: true, + exp: Math.floor(currentUser.refresh_at / 1000), + iat: Math.floor(Date.now() / 1000), + iss: "https://carcrushers.cc/auth/mobile/token", + jti: sessionCookie.replace("_s=", ""), + name: currentUser.username, + sub: currentUser.id, + }), + ) + .replaceAll("+", "-") + .replaceAll("/", "_") + .replaceAll("=", ""); + + const key = await crypto.subtle.importKey( + "raw", + // @ts-ignore + Uint8Array.from( + atob( + context.env.JWT_SIGNING_KEY.replaceAll("-", "+").replaceAll("_", "/"), + ), + (m) => m.codePointAt(0), + ), + { hash: "SHA-256", name: "HMAC" }, + false, + ["sign"], + ); + + const signature = await crypto.subtle.sign( + "HMAC", + key, + new TextEncoder().encode(`${header}.${claimSet}`), + ); + + const encodedSignature = btoa( + String.fromCodePoint(...new Uint8Array(signature)), + ) + .replaceAll("+", "-") + .replaceAll("/", "_") + .replaceAll("=", ""); + + return Response.redirect( + `com.carcrushers.app://login-callback?assertion=${header}.${claimSet}.${encodedSignature}`, + ); +}