From 7fe09e136ebb690fc46d06c8c49c9886d913b19d Mon Sep 17 00:00:00 2001
From: regalijan <r@regalijan.com>
Date: Thu, 19 Oct 2023 16:51:08 -0400
Subject: [PATCH] Create jwt endpoint

---
 functions/api/auth/mobile/token.ts | 59 ++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 functions/api/auth/mobile/token.ts

diff --git a/functions/api/auth/mobile/token.ts b/functions/api/auth/mobile/token.ts
new file mode 100644
index 0000000..d7217d8
--- /dev/null
+++ b/functions/api/auth/mobile/token.ts
@@ -0,0 +1,59 @@
+import { jsonError } from "../../../common.js";
+
+export async function onRequestGet(context: RequestContext) {
+  const { current_user: currentUser } = context.data;
+
+  if (!currentUser) return jsonError("Unauthorized", 401);
+
+  const header = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9";
+
+  const cookies = (context.request.headers.get("cookie") as string).split("; ");
+  const sessionCookie = cookies.find((c) => c.startsWith("_s=")) as string;
+
+  const claimSet = btoa(
+    JSON.stringify({
+      email: currentUser.email,
+      email_verified: true,
+      exp: Math.floor(currentUser.refresh_at / 1000),
+      iat: Math.floor(Date.now() / 1000),
+      iss: "https://carcrushers.cc/auth/mobile/token",
+      jti: sessionCookie.replace("_s=", ""),
+      name: currentUser.username,
+      sub: currentUser.id,
+    }),
+  )
+    .replaceAll("+", "-")
+    .replaceAll("/", "_")
+    .replaceAll("=", "");
+
+  const key = await crypto.subtle.importKey(
+    "raw",
+    // @ts-ignore
+    Uint8Array.from(
+      atob(
+        context.env.JWT_SIGNING_KEY.replaceAll("-", "+").replaceAll("_", "/"),
+      ),
+      (m) => m.codePointAt(0),
+    ),
+    { hash: "SHA-256", name: "HMAC" },
+    false,
+    ["sign"],
+  );
+
+  const signature = await crypto.subtle.sign(
+    "HMAC",
+    key,
+    new TextEncoder().encode(`${header}.${claimSet}`),
+  );
+
+  const encodedSignature = btoa(
+    String.fromCodePoint(...new Uint8Array(signature)),
+  )
+    .replaceAll("+", "-")
+    .replaceAll("/", "_")
+    .replaceAll("=", "");
+
+  return Response.redirect(
+    `com.carcrushers.app://login-callback?assertion=${header}.${claimSet}.${encodedSignature}`,
+  );
+}