7dbbf63523
Routes (additiv unter /api/v1/marketplace/*): - POST/GET /authors/me — eigenes Author-Profil anlegen/updaten/lesen - GET /authors/:slug — public Profile-Lookup (banned-reason gestrippt) - POST /decks — Deck-Init (Slug-Validation + Pflicht-Author-Profil + CHECK auf paid + Pro-License) - POST /decks/:slug/publish — Versions-Snapshot mit per-Karte cardContentHash aus @cards/domain, per-Version-Hash, AI-Mod-Stub-Log, atomarer latest_version_id-Bump in Drizzle-Transaction - PATCH /decks/:slug — Metadaten-Update (Owner-Only) - GET /decks/:slug — Public-Detail mit optional-auth-Middleware Geport aus cards-decommission-base:services/cards-server/, mit Greenfield-Anpassungen: - Hashing über @cards/domain.cardContentHash (gemeinsame SoT zwischen privatem cards.cards und marketplace.deck_cards), per- Version-Hash als SHA-256 über sortierte Karten-Hashes mit Ord-Prefix - AI-Moderation als R2-Stub (pass+rationale+model='stub'), echte mana-llm-Anbindung in späterer Welle - Auth-Middleware-Shape an Greenfield (userId/tier/authMode in c.get(...) statt user-Object), optional-auth als Schwester für anonymen Public-Read - Hono-typing: outer Marketplace-Decks-Router ist Partial<AuthVars> weil Public-GET kein JWT braucht; Auth-Subroute ist strict Lese-Referenz: - 3331 LOC altes cards-server-Code (routes, services, middleware, lib) unter docs/marketplace/archive/code/ archiviert. Read-only, nicht im Build-Path. Verifikation: - 16 neue Vitest-Tests (Slug + Version-Hash), 72 gesamt grün - type-check 0 errors - E2E-Smoke gegen lokale cards-api: Cardecky-Author + Deck r2-stoische-ethik mit 3 Karten v1.0.0 (basic + basic + cloze), per-Karten-Hashes geschrieben, ai_moderation_log-Row da, semver-409 + paid-422-Errors verifiziert. Smoke-Daten danach aufgeräumt. Verbleibend für R3+: Discovery (explore + search), Engagement (stars/ subscribe/fork), Smart-Merge mit FSRS-State-Erhalt; danach R4 PRs + Card-Discussions, R5 Frontend-Routes. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
51 lines
1.7 KiB
TypeScript
51 lines
1.7 KiB
TypeScript
/**
|
|
* Optional JWT — sets `c.get('user')` when a valid Bearer token is
|
|
* present, but never rejects the request. Routes that need an
|
|
* authenticated user fall back to `null` and decide what to do
|
|
* (most public endpoints just hide private fields; mutation endpoints
|
|
* still throw 401 explicitly).
|
|
*
|
|
* Why a separate middleware? `jwtAuth` is the strict gate for write
|
|
* paths — same JWKS, same algo, but rejecting early. `optionalAuth`
|
|
* is the read-path companion: it lets cardecky-api.mana.how serve the
|
|
* marketplace surface to anonymous browsers (search engines, anti-
|
|
* link-rot, share-link previews) while still recognising signed-in
|
|
* users for star/follow state.
|
|
*/
|
|
|
|
import type { MiddlewareHandler } from 'hono';
|
|
import { createRemoteJWKSet, jwtVerify } from 'jose';
|
|
import type { AuthUser } from './jwt-auth';
|
|
|
|
let jwks: ReturnType<typeof createRemoteJWKSet> | null = null;
|
|
function getJwks(authUrl: string) {
|
|
if (!jwks) jwks = createRemoteJWKSet(new URL('/api/auth/jwks', authUrl));
|
|
return jwks;
|
|
}
|
|
|
|
export function optionalAuth(authUrl: string): MiddlewareHandler {
|
|
return async (c, next) => {
|
|
const authHeader = c.req.header('Authorization');
|
|
if (!authHeader?.startsWith('Bearer ')) {
|
|
await next();
|
|
return;
|
|
}
|
|
const token = authHeader.slice(7);
|
|
try {
|
|
const { payload } = await jwtVerify(token, getJwks(authUrl), {
|
|
issuer: authUrl,
|
|
audience: 'mana',
|
|
});
|
|
const user: AuthUser = {
|
|
userId: payload.sub || '',
|
|
email: (payload.email as string) || '',
|
|
role: (payload.role as string) || 'user',
|
|
};
|
|
c.set('user', user);
|
|
} catch {
|
|
// Bad token = anonymous; the strict middleware rejects on
|
|
// write paths.
|
|
}
|
|
await next();
|
|
};
|
|
}
|