7dbbf63523
Routes (additiv unter /api/v1/marketplace/*): - POST/GET /authors/me — eigenes Author-Profil anlegen/updaten/lesen - GET /authors/:slug — public Profile-Lookup (banned-reason gestrippt) - POST /decks — Deck-Init (Slug-Validation + Pflicht-Author-Profil + CHECK auf paid + Pro-License) - POST /decks/:slug/publish — Versions-Snapshot mit per-Karte cardContentHash aus @cards/domain, per-Version-Hash, AI-Mod-Stub-Log, atomarer latest_version_id-Bump in Drizzle-Transaction - PATCH /decks/:slug — Metadaten-Update (Owner-Only) - GET /decks/:slug — Public-Detail mit optional-auth-Middleware Geport aus cards-decommission-base:services/cards-server/, mit Greenfield-Anpassungen: - Hashing über @cards/domain.cardContentHash (gemeinsame SoT zwischen privatem cards.cards und marketplace.deck_cards), per- Version-Hash als SHA-256 über sortierte Karten-Hashes mit Ord-Prefix - AI-Moderation als R2-Stub (pass+rationale+model='stub'), echte mana-llm-Anbindung in späterer Welle - Auth-Middleware-Shape an Greenfield (userId/tier/authMode in c.get(...) statt user-Object), optional-auth als Schwester für anonymen Public-Read - Hono-typing: outer Marketplace-Decks-Router ist Partial<AuthVars> weil Public-GET kein JWT braucht; Auth-Subroute ist strict Lese-Referenz: - 3331 LOC altes cards-server-Code (routes, services, middleware, lib) unter docs/marketplace/archive/code/ archiviert. Read-only, nicht im Build-Path. Verifikation: - 16 neue Vitest-Tests (Slug + Version-Hash), 72 gesamt grün - type-check 0 errors - E2E-Smoke gegen lokale cards-api: Cardecky-Author + Deck r2-stoische-ethik mit 3 Karten v1.0.0 (basic + basic + cloze), per-Karten-Hashes geschrieben, ai_moderation_log-Row da, semver-409 + paid-422-Errors verifiziert. Smoke-Daten danach aufgeräumt. Verbleibend für R3+: Discovery (explore + search), Engagement (stars/ subscribe/fork), Smart-Merge mit FSRS-State-Erhalt; danach R4 PRs + Card-Discussions, R5 Frontend-Routes. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
56 lines
1.5 KiB
TypeScript
56 lines
1.5 KiB
TypeScript
/**
|
|
* JWT authentication middleware — validates Bearer tokens via JWKS from
|
|
* mana-auth (EdDSA, jose). Sets `c.set('user', { userId, email, role })`
|
|
* on success.
|
|
*
|
|
* Mirrors the mana-credits middleware almost verbatim. Kept in-tree
|
|
* rather than shared so we can evolve auth-related concerns (e.g.
|
|
* audience claims) per service without coordination overhead.
|
|
*/
|
|
|
|
import type { MiddlewareHandler } from 'hono';
|
|
import { createRemoteJWKSet, jwtVerify } from 'jose';
|
|
import { UnauthorizedError } from '../lib/errors';
|
|
|
|
let jwks: ReturnType<typeof createRemoteJWKSet> | null = null;
|
|
|
|
function getJwks(authUrl: string) {
|
|
if (!jwks) {
|
|
jwks = createRemoteJWKSet(new URL('/api/auth/jwks', authUrl));
|
|
}
|
|
return jwks;
|
|
}
|
|
|
|
export interface AuthUser {
|
|
userId: string;
|
|
email: string;
|
|
role: string;
|
|
}
|
|
|
|
export function jwtAuth(authUrl: string): MiddlewareHandler {
|
|
return async (c, next) => {
|
|
const authHeader = c.req.header('Authorization');
|
|
if (!authHeader?.startsWith('Bearer ')) {
|
|
throw new UnauthorizedError('Missing or invalid Authorization header');
|
|
}
|
|
|
|
const token = authHeader.slice(7);
|
|
try {
|
|
const { payload } = await jwtVerify(token, getJwks(authUrl), {
|
|
issuer: authUrl,
|
|
audience: 'mana',
|
|
});
|
|
|
|
const user: AuthUser = {
|
|
userId: payload.sub || '',
|
|
email: (payload.email as string) || '',
|
|
role: (payload.role as string) || 'user',
|
|
};
|
|
|
|
c.set('user', user);
|
|
await next();
|
|
} catch {
|
|
throw new UnauthorizedError('Invalid or expired token');
|
|
}
|
|
};
|
|
}
|