4 files changed, 241 insertions, 0 deletions
diff --git a/frontend/app/.server/api/client.ts b/frontend/app/.server/api/client.ts
new file mode 100644
index 0000000..12f2fc6
--- /dev/null
+++ b/frontend/app/.server/api/client.ts
@@ -0,0 +1,4 @@
+import createClient from "openapi-fetch";
+import type { paths } from "./schema";
+
+export const apiClient = createClient<paths>({ baseUrl: "http://api-server/" });
diff --git a/frontend/app/.server/api/schema.d.ts b/frontend/app/.server/api/schema.d.ts
new file mode 100644
index 0000000..815731e
--- /dev/null
+++ b/frontend/app/.server/api/schema.d.ts
@@ -0,0 +1,91 @@
+/**
+ * This file was auto-generated by openapi-typescript.
+ * Do not make direct changes to the file.
+ */
+
+export interface paths {
+    "/api/login": {
+        parameters: {
+            query?: never;
+            header?: never;
+            path?: never;
+            cookie?: never;
+        };
+        get?: never;
+        put?: never;
+        /** User login */
+        post: {
+            parameters: {
+                query?: never;
+                header?: never;
+                path?: never;
+                cookie?: never;
+            };
+            requestBody: {
+                content: {
+                    "application/json": {
+                        /** @example john */
+                        username: string;
+                        /** @example password123 */
+                        password: string;
+                    };
+                };
+            };
+            responses: {
+                /** @description Successfully authenticated */
+                200: {
+                    headers: {
+                        [name: string]: unknown;
+                    };
+                    content: {
+                        "application/json": {
+                            /** @example xxxxx.xxxxx.xxxxx */
+                            token: string;
+                        };
+                    };
+                };
+                /** @description Invalid username or password */
+                401: {
+                    headers: {
+                        [name: string]: unknown;
+                    };
+                    content: {
+                        "application/json": {
+                            /** @example Invalid credentials */
+                            message: string;
+                        };
+                    };
+                };
+            };
+        };
+        delete?: never;
+        options?: never;
+        head?: never;
+        patch?: never;
+        trace?: never;
+    };
+}
+export type webhooks = Record<string, never>;
+export interface components {
+    schemas: {
+        JwtPayload: {
+            /** @example 123 */
+            user_id: number;
+            /** @example john */
+            username: string;
+            /** @example John Doe */
+            display_username: string;
+            /** @example /images/john.jpg */
+            icon_path?: string | null;
+            /** @example false */
+            is_admin: boolean;
+        };
+    };
+    responses: never;
+    parameters: never;
+    requestBodies: never;
+    headers: never;
+    pathItems: never;
+}
+export type $defs = Record<string, never>;
+export type operations = Record<string, never>;
diff --git a/frontend/app/.server/auth.ts b/frontend/app/.server/auth.ts
new file mode 100644
index 0000000..9696e90
--- /dev/null
+++ b/frontend/app/.server/auth.ts
@@ -0,0 +1,133 @@
+import { Authenticator } from "remix-auth";
+import { FormStrategy } from "remix-auth-form";
+import { jwtDecode } from "jwt-decode";
+import type { Session } from "@remix-run/server-runtime";
+import { sessionStorage } from "./session";
+import { apiClient } from "./api/client";
+import { components } from "./api/schema";
+
+export const authenticator = new Authenticator<string>(sessionStorage);
+
+async function login(username: string, password: string): Promise<string> {
+  const { data, error } = await apiClient.POST("/api/login", {
+    body: {
+      username,
+      password,
+    },
+  });
+  if (error) {
+    throw new Error(error.message);
+  }
+  return data.token;
+}
+
+authenticator.use(
+  new FormStrategy(async ({ form }) => {
+    const username = String(form.get("username"));
+    const password = String(form.get("password"));
+    return await login(username, password);
+  }),
+  "default",
+);
+
+type JwtPayload = components["schemas"]["JwtPayload"];
+
+export type User = {
+  userId: number;
+  username: string;
+  displayUsername: string;
+  iconPath: string | null;
+  isAdmin: boolean;
+};
+
+export async function isAuthenticated(
+  request: Request | Session,
+  options?: {
+    successRedirect?: never;
+    failureRedirect?: never;
+    headers?: never;
+  },
+): Promise<User | null>;
+export async function isAuthenticated(
+  request: Request | Session,
+  options: {
+    successRedirect: string;
+    failureRedirect?: never;
+    headers?: HeadersInit;
+  },
+): Promise<null>;
+export async function isAuthenticated(
+  request: Request | Session,
+  options: {
+    successRedirect?: never;
+    failureRedirect: string;
+    headers?: HeadersInit;
+  },
+): Promise<User>;
+export async function isAuthenticated(
+  request: Request | Session,
+  options: {
+    successRedirect: string;
+    failureRedirect: string;
+    headers?: HeadersInit;
+  },
+): Promise<null>;
+export async function isAuthenticated(
+  request: Request | Session,
+  options:
+    | {
+        successRedirect?: never;
+        failureRedirect?: never;
+        headers?: never;
+      }
+    | {
+        successRedirect: string;
+        failureRedirect?: never;
+        headers?: HeadersInit;
+      }
+    | {
+        successRedirect?: never;
+        failureRedirect: string;
+        headers?: HeadersInit;
+      }
+    | {
+        successRedirect: string;
+        failureRedirect: string;
+        headers?: HeadersInit;
+      } = {},
+): Promise<User | null> {
+  // This function's signature should be compatible with `authenticator.isAuthenticated` but TypeScript does not infer it correctly.
+  let jwt;
+  const { successRedirect, failureRedirect, headers } = options;
+  if (successRedirect && failureRedirect) {
+    jwt = await authenticator.isAuthenticated(request, {
+      successRedirect,
+      failureRedirect,
+      headers,
+    });
+  } else if (!successRedirect && failureRedirect) {
+    jwt = await authenticator.isAuthenticated(request, {
+      failureRedirect,
+      headers,
+    });
+  } else if (successRedirect && !failureRedirect) {
+    jwt = await authenticator.isAuthenticated(request, {
+      successRedirect,
+      headers,
+    });
+  } else {
+    jwt = await authenticator.isAuthenticated(request);
+  }
+
+  if (!jwt) {
+    return null;
+  }
+  const payload = jwtDecode<JwtPayload>(jwt);
+  return {
+    userId: payload.user_id,
+    username: payload.username,
+    displayUsername: payload.display_username,
+    iconPath: payload.icon_path ?? null,
+    isAdmin: payload.is_admin,
+  };
+}
diff --git a/frontend/app/.server/session.ts b/frontend/app/.server/session.ts
new file mode 100644
index 0000000..2000853
--- /dev/null
+++ b/frontend/app/.server/session.ts
@@ -0,0 +1,13 @@
+import { createCookieSessionStorage } from "@remix-run/node";
+
+export const sessionStorage = createCookieSessionStorage({
+  cookie: {
+    name: "albatross_session",
+    sameSite: "lax",
+    path: "/",
+    httpOnly: true,
+    secrets: ["TODO"],
+    // secure: process.env.NODE_ENV === "production",
+    secure: false, // TODO
+  },
+});