diff --git a/functions/api/auth/mobile/token.ts b/functions/api/auth/mobile/token.ts index bc9874f..8dc426e 100644 --- a/functions/api/auth/mobile/token.ts +++ b/functions/api/auth/mobile/token.ts @@ -1,4 +1,5 @@ import { jsonError } from "../../../common.js"; +import tokenPrefixes from "../../../../data/token_prefixes.json"; export async function onRequestGet(context: RequestContext) { const { current_user: currentUser } = context.data; @@ -6,18 +7,43 @@ export async function onRequestGet(context: RequestContext) { if (!currentUser) return jsonError("Unauthorized", 401); const header = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"; + const tokenStart = + tokenPrefixes[Math.round(Math.random() * (tokenPrefixes.length - 1))] + "_"; + const tokenId = + tokenStart + + `${crypto.randomUUID()}${crypto.randomUUID()}${crypto.randomUUID()}${crypto.randomUUID()}`.replaceAll( + "-", + "", + ); - const cookies = (context.request.headers.get("cookie") as string).split("; "); - const sessionCookie = cookies.find((c) => c.startsWith("_s=")) as string; + await context.env.DATA.put( + `auth_${btoa( + String.fromCharCode( + ...new Uint8Array( + await crypto.subtle.digest( + "SHA-512", + new TextEncoder().encode(tokenId), + ), + ), + ), + ) + .replaceAll("+", "-") + .replaceAll("/", "_") + .replaceAll("=", "")}`, + JSON.stringify(currentUser), + { + expirationTtl: currentUser.expires_in + 1209600, + }, + ); const claimSet = btoa( JSON.stringify({ email: currentUser.email, email_verified: true, - exp: Math.floor(currentUser.refresh_at / 1000), + exp: Math.floor(Date.now() / 1000) + currentUser.expires_in, iat: Math.floor(Date.now() / 1000), iss: "https://carcrushers.cc/auth/mobile/token", - jti: sessionCookie.replace("_s=", ""), + jti: tokenId, name: currentUser.username, permissions: currentUser.permissions, picture: currentUser.avatar ?? "https://carcrushers.cc/files/logo192.png",