diff options
Diffstat (limited to 'frontend/app')
| -rw-r--r-- | frontend/app/routes/dashboard.tsx | 22 | ||||
| -rw-r--r-- | frontend/app/routes/login.tsx | 31 | ||||
| -rw-r--r-- | frontend/app/services/auth.server.ts | 141 | ||||
| -rw-r--r-- | frontend/app/services/session.server.ts | 13 |
4 files changed, 207 insertions, 0 deletions
diff --git a/frontend/app/routes/dashboard.tsx b/frontend/app/routes/dashboard.tsx new file mode 100644 index 0000000..be274eb --- /dev/null +++ b/frontend/app/routes/dashboard.tsx @@ -0,0 +1,22 @@ +import type { LoaderFunctionArgs } from "@remix-run/node"; +import { isAuthenticated } from "../services/auth.server"; +import { useLoaderData } from "@remix-run/react"; + +export async function loader({ request }: LoaderFunctionArgs) { + return await isAuthenticated(request, { + failureRedirect: "/login", + }); +} + +export default function Dashboard() { + const user = useLoaderData<typeof loader>()!; + + return ( + <div> + <h1> + #{user.userId} {user.displayUsername} (@{user.username}) + </h1> + {user.isAdmin && <p>Admin</p>} + </div> + ); +} diff --git a/frontend/app/routes/login.tsx b/frontend/app/routes/login.tsx new file mode 100644 index 0000000..cf5be14 --- /dev/null +++ b/frontend/app/routes/login.tsx @@ -0,0 +1,31 @@ +import type { ActionFunctionArgs, LoaderFunctionArgs } from "@remix-run/node"; +import { Form } from "@remix-run/react"; +import { authenticator } from "../services/auth.server"; + +export async function loader({ request }: LoaderFunctionArgs) { + return await authenticator.isAuthenticated(request, { + successRedirect: "/dashboard", + }); +} + +export async function action({ request }: ActionFunctionArgs) { + return await authenticator.authenticate("default", request, { + successRedirect: "/dashboard", + failureRedirect: "/login", + }); +} + +export default function Login() { + return ( + <Form method="post"> + <input type="username" name="username" required /> + <input + type="password" + name="password" + autoComplete="current-password" + required + /> + <button>Log In</button> + </Form> + ); +} diff --git a/frontend/app/services/auth.server.ts b/frontend/app/services/auth.server.ts new file mode 100644 index 0000000..144a7cd --- /dev/null +++ b/frontend/app/services/auth.server.ts @@ -0,0 +1,141 @@ +import { Authenticator } from "remix-auth"; +import { FormStrategy } from "remix-auth-form"; +import { sessionStorage } from "./session.server"; +import { jwtDecode } from "jwt-decode"; +import type { Session } from "@remix-run/server-runtime"; + +export const authenticator = new Authenticator<string>(sessionStorage); + +async function login(username: string, password: string): Promise<string> { + const res = await fetch(`http://api-server/api/login`, { + method: "POST", + headers: { + "Content-Type": "application/json", + }, + body: JSON.stringify({ username, password }), + }); + if (!res.ok) { + throw new Error("Invalid username or password"); + } + const user = await res.json(); + return user.token; +} + +authenticator.use( + new FormStrategy(async ({ form }) => { + const username = String(form.get("username")); + const password = String(form.get("password")); + return await login(username, password); + }), + "default", +); + +type JwtPayload = { + user_id: number; + username: string; + display_username: string; + icon_path: string | null; + is_admin: boolean; +}; + +export type User = { + userId: number; + username: string; + displayUsername: string; + iconPath: string | null; + isAdmin: boolean; +}; + +export async function isAuthenticated( + request: Request | Session, + options?: { + successRedirect?: never; + failureRedirect?: never; + headers?: never; + }, +): Promise<User | null>; +export async function isAuthenticated( + request: Request | Session, + options: { + successRedirect: string; + failureRedirect?: never; + headers?: HeadersInit; + }, +): Promise<null>; +export async function isAuthenticated( + request: Request | Session, + options: { + successRedirect?: never; + failureRedirect: string; + headers?: HeadersInit; + }, +): Promise<User>; +export async function isAuthenticated( + request: Request | Session, + options: { + successRedirect: string; + failureRedirect: string; + headers?: HeadersInit; + }, +): Promise<null>; +export async function isAuthenticated( + request: Request | Session, + options: + | { + successRedirect?: never; + failureRedirect?: never; + headers?: never; + } + | { + successRedirect: string; + failureRedirect?: never; + headers?: HeadersInit; + } + | { + successRedirect?: never; + failureRedirect: string; + headers?: HeadersInit; + } + | { + successRedirect: string; + failureRedirect: string; + headers?: HeadersInit; + } = {}, +): Promise<User | null> { + let jwt; + + // This function's signature should be compatible with `authenticator.isAuthenticated` but TypeScript does not infer it correctly. + const { successRedirect, failureRedirect, headers } = options; + if (successRedirect && failureRedirect) { + jwt = await authenticator.isAuthenticated(request, { + successRedirect, + failureRedirect, + headers, + }); + } else if (!successRedirect && failureRedirect) { + jwt = await authenticator.isAuthenticated(request, { + failureRedirect, + headers, + }); + } else if (successRedirect && !failureRedirect) { + jwt = await authenticator.isAuthenticated(request, { + successRedirect, + headers, + }); + } else { + jwt = await authenticator.isAuthenticated(request); + } + + if (!jwt) { + return null; + } + // TODO: runtime type check + const payload = jwtDecode<JwtPayload>(jwt); + return { + userId: payload.user_id, + username: payload.username, + displayUsername: payload.display_username, + iconPath: payload.icon_path, + isAdmin: payload.is_admin, + }; +} diff --git a/frontend/app/services/session.server.ts b/frontend/app/services/session.server.ts new file mode 100644 index 0000000..2000853 --- /dev/null +++ b/frontend/app/services/session.server.ts @@ -0,0 +1,13 @@ +import { createCookieSessionStorage } from "@remix-run/node"; + +export const sessionStorage = createCookieSessionStorage({ + cookie: { + name: "albatross_session", + sameSite: "lax", + path: "/", + httpOnly: true, + secrets: ["TODO"], + // secure: process.env.NODE_ENV === "production", + secure: false, // TODO + }, +}); |