Val Town Code SearchReturn to Val Town

1// F:\zApps\valtown.servers\APIServer\src\middleware\backendChains.ts
2import type { Context, Next } from "hono";
3import zidTrackingMiddleware from "./zTracker.ts";

1// F:\zApps\valtown.servers\APIServer\src\middleware\auth.session.ts
2import { Context, Next } from "hono";
3import { deleteCookie, getCookie, setCookie } from "hono/cookie";

1// F:\zApps\valtown.servers\APIServer\src\middleware\auth.oauth.ts
2/**
3 * OAuth Authentication Middleware for Val.town/Deno

1// F:\zApps\valtown.servers\APIServer\src\middleware\auth.jwt.ts
2import { Context, Next } from "hono";
3import { HTTPException } from "hono/http-exception";
12import { getClientIP } from "@/utils/ipUtils.ts";
13
14const jwtApiConfig = AUTH_CONFIG.jwt.API;
15
16/**
22    return await signJwt(
23      restPayload as Record<string, unknown>, // Ensure payload matches helper expectation
24      jwtApiConfig.secretKey,
25      jwtApiConfig.algorithm,
26      {
27        issuer: jwtApiConfig.issuer,
28        audience: jwtApiConfig.audience,
29        expiresIn: jwtApiConfig.expiresIn,
30        subject: payload.sub || payload.id,
31        issuedAt: true,
48    const payload = await verifyJwt<AppJwtPayload>(
49      token,
50      customSecret || jwtApiConfig.secretKey,
51      {
52        issuer: jwtApiConfig.issuer,
53        audience: jwtApiConfig.audience,
54        algorithms: [jwtApiConfig.algorithm],
55      },
56    );
77  customSecret?: string,
78): Promise<AuthResult> {
79  if (!jwtApiConfig.enabled) {
80    return {
81      success: false,
237    return await signJwt(
238      refreshPayload as Record<string, unknown>,
239      jwtApiConfig.secretKey,
240      jwtApiConfig.algorithm,
241      {
242        issuer: jwtApiConfig.issuer,
243        audience: jwtApiConfig.audience,
244        expiresIn: jwtApiConfig.refreshExpiresIn,
245        subject: payload.sub || payload.id,
246        issuedAt: true,

1// F:\zApps\valtown.servers\APIServer\src\middleware\auth.internal.ts
2import { Context, Next } from "hono";
3import { AUTH_CONFIG } from "../core/authConfig.ts";

1// F:\zApps\valtown.servers\APIServer\src\middleware\authentication.ts
2import { Context, Next } from "hono";
3import { AUTH_CONFIG } from "../core/authConfig.ts";
13// Import authentication methods
14import { applyJwtAuth } from "./authJWT.ts";
15import { applyApiKeyAuth } from "./authApiKey.ts";
16import { applySessionAuth } from "./authSession.ts";
17import { applyOAuthAuth } from "./authOauth.ts"; // Restored import
20// Re-export all auth modules
21export * from "./authJWT.ts";
22export * from "./authApiKey.ts";
23export * from "./authSession.ts";
24export * from "./authOauth.ts"; // Ensure this file exists and exports applyOAuthAuth
38  switch (method) {
39    case "jwt":
40      if (!AUTH_CONFIG.jwt.API.enabled) {
41        return {
42          success: false,
43          error: { code: "JWT_API_DISABLED", message: "JWT (API) authentication is disabled" },
44        };
45      }
46      return await applyJwtAuth(c.req.raw);
47
48    case "apiKey":
49      if (!AUTH_CONFIG.methods.API_KEY.enabled) {
50        return {
51          success: false,
52          error: { code: "API_KEY_DISABLED", message: "API key authentication is disabled" },
53        };
54      }
55      return applyApiKeyAuth(c.req.raw);
56
57    case "session":
96export function createAuthMiddleware(options: AuthMiddlewareOptions = {}) {
97  const defaultAuthTypes: AuthMethod[] = [
98    AUTH_CONFIG.jwt.API.enabled && "jwt",
99    AUTH_CONFIG.methods.SESSION.enabled && "session",
100    AUTH_CONFIG.methods.API_KEY.enabled && "apiKey",
101    AUTH_CONFIG.methods.BASIC.enabled && "basic",
102    AUTH_CONFIG.oauth.enabled && "oauth",
110    for (const authType of authTypesToTry) {
111      if (
112        !["jwt", "session", "apiKey", "basic", "oauth", "internal", "webhook", "none"].includes(
113          authType,
114        )
211 * Preset authentication middlewares
212 */
213export const apiAuthMiddleware = createAuthMiddleware({
214  methods: ["jwt", "apiKey"],
215});
216
225
226export const optionalAuthMiddleware = createAuthMiddleware({
227  methods: ["jwt", "session", "apiKey"],
228  optional: true,
229});
230
231export const serviceAuthMiddleware = createAuthMiddleware({
232  methods: ["apiKey"],
233});
234
276 */
277export const requireJWT = createAuthMiddleware({ methods: ["jwt"] });
278export const requireAPIKey = createAuthMiddleware({ methods: ["apiKey"] });
279export const requireSession = createAuthMiddleware({ methods: ["session"] });
280export const requireBasicAuth = createAuthMiddleware({ methods: ["basic"] });
286export const authenticationMiddleware = createAuthMiddleware({
287  methods: [
288    AUTH_CONFIG.jwt.API.enabled && "jwt",
289    AUTH_CONFIG.methods.SESSION.enabled && "session",
290    AUTH_CONFIG.methods.API_KEY.enabled && "apiKey",
291    AUTH_CONFIG.methods.BASIC.enabled && "basic",
292    AUTH_CONFIG.oauth.enabled && "oauth",

1/**
2 * API Key Authentication Middleware for Val.town/Deno
3 * Handles API key validation from headers and query parameters
4 */
5
13
14/**
15 * Validates API key against configured valid keys
16 */
17export function validateApiKey(apiKey: string): boolean {
18  if (!apiKey) return false;
19
20  const { keys } = AUTH_CONFIG.methods.API_KEY;
21  return apiKey === keys.internal ||
22    apiKey === keys.serviceToService ||
23    apiKey === keys.webhook;
24}
25
26/**
27 * Validates internal API key for server-to-server communication
28 */
29export function validateInternalApiKey(apiKey: string): boolean {
30  return apiKey === AUTH_CONFIG.methods.API_KEY.keys.internal;
31}
32
35 */
36export function validateWebhookSecret(secret: string): boolean {
37  return secret === AUTH_CONFIG.methods.API_KEY.keys.webhook;
38}
39
40/**
41 * Validates service-to-service API key
42 */
43export function validateServiceKey(serviceKey: string): boolean {
44  return serviceKey === AUTH_CONFIG.methods.API_KEY.keys.serviceToService;
45}
46
47/**
48 * API Key authentication middleware
49 */
50export async function apiKeyAuthMiddleware(
51  c: Context<{ Variables: Variables }>,
52  next: () => Promise<void>,
53): Promise<Response | void> {
54  const authResult = applyApiKeyAuth(c.req.raw);
55
56  if (!authResult.success) {
78
79/**
80 * API Key authentication logic
81 */
82export function applyApiKeyAuth(request: Request): AuthResult {
83  const apiKeyConfig = AUTH_CONFIG.methods.API_KEY;
84
85  if (!apiKeyConfig.enabled) {
86    return {
87      success: false,
88      error: { code: "API_KEY_DISABLED", message: "API key authentication is disabled" },
89      response: createResponse(
90        {
91          success: false,
92          error: { code: "API_KEY_DISABLED", message: "API key authentication is disabled" },
93        },
94        503,
98
99  const url = new URL(request.url);
100  let apiKey = "";
101
102  // Check headers
103  for (const headerName of apiKeyConfig.headerNames) {
104    const headerValue = request.headers.get(headerName);
105    if (headerValue) {
106      apiKey = headerName === "Authorization" ? headerValue.replace("Bearer ", "") : headerValue;
107      break;
108    }
110
111  // Check query parameters if no header found
112  if (!apiKey) {
113    for (const paramName of apiKeyConfig.queryParamNames) {
114      const paramValue = url.searchParams.get(paramName);
115      if (paramValue) {
116        apiKey = paramValue;
117        break;
118      }
120  }
121
122  if (!validateApiKey(apiKey)) {
123    logSecurityEvent(
124      "Authentication Failure",
125      {
126        method: "API-Key",
127        reason: "invalid_or_missing_key",
128        endpoint: url.pathname,
129      },
130      "warn",
131      "api-key-validator",
132      {
133        ip: getClientIP(request),
140      error: {
141        code: "UNAUTHORIZED",
142        message: "Invalid or missing API key",
143      },
144      response: createResponse(
147          error: {
148            code: "UNAUTHORIZED",
149            message: "Invalid or missing API key",
150          },
151        },
157  // Determine which key was used
158  let keyType = "unknown";
159  if (apiKey === apiKeyConfig.keys.internal) keyType = "internal";
160  else if (apiKey === apiKeyConfig.keys.serviceToService) keyType = "service";
161  else if (apiKey === apiKeyConfig.keys.webhook) keyType = "webhook";
162
163  return {
164    success: true,
165    context: {
166      type: "apiKey",
167      user: `api-client-${keyType}`,
168      scopes: apiKeyConfig.defaultScopes,
169      authType: "apiKey",
170      metadata: { keyType },
171    },

1/**
2 * JWT authentication middleware for Hono-based API server.
3 * Provides JWT token creation, verification, and middleware functions.
4 */
31}
32
33const jwtApiConfig = AUTH_CONFIG.jwt.API;
34
35/**
45    return await signJwt(
46      restPayload as Record<string, unknown>,
47      jwtApiConfig.secretKey,
48      jwtApiConfig.algorithm,
49      {
50        issuer: jwtApiConfig.issuer,
51        audience: jwtApiConfig.audience,
52        expiresIn: jwtApiConfig.expiresIn,
53        subject: payload.sub || payload.id,
54        issuedAt: true,
74    const payload = await verifyJwt<AppJwtPayload>(
75      token,
76      customSecret || jwtApiConfig.secretKey,
77      {
78        issuer: jwtApiConfig.issuer,
79        audience: jwtApiConfig.audience,
80        algorithms: [jwtApiConfig.algorithm],
81      },
82    );
110  customSecret?: string,
111): Promise<AuthResult> {
112  if (!jwtApiConfig.enabled) {
113    return {
114      success: false,
270    return await signJwt(
271      refreshPayload as Record<string, unknown>,
272      jwtApiConfig.secretKey,
273      jwtApiConfig.algorithm,
274      {
275        issuer: jwtApiConfig.issuer,
276        audience: jwtApiConfig.audience,
277        expiresIn: jwtApiConfig.refreshExpiresIn,
278        subject: payload.sub || payload.id,
279        issuedAt: true,

12interface SqlServiceConfig {
13  readonly baseUrl: string;
14  readonly apiVersion: string;
15  readonly timeout: number;
16  readonly retryAttempts: number;
23 */
24const DEFAULT_SQL_CONFIG: SqlServiceConfig = {
25  baseUrl: "https://api.val.town",
26  apiVersion: "v1",
27  timeout: 30000,
28  retryAttempts: 3,
63
64/**
65 * SQLite value types supported by the API.
66 */
67type TursoValue = string | number | boolean | null | Uint8Array;
341
342/**
343 * Creates HTTP headers for SQL API requests.
344 *
345 * @param bearerToken - Bearer token for authentication
359
360/**
361 * Builds URL for SQL API endpoints.
362 *
363 * @param endpoint - The API endpoint path
364 * @returns Complete URL for the API request
365 *
366 * @example
370 */
371function buildSqlUrl(endpoint: string): string {
372  return `${DEFAULT_SQL_CONFIG.baseUrl}/${DEFAULT_SQL_CONFIG.apiVersion}${endpoint}`;
373}
374
383 * @example
384 * ```typescript
385 * const response = await makeSqlRequest('https://api.val.town/v1/sqlite/execute', {
386 *   method: 'POST',
387 *   headers: createSqlHeaders('token'),
432 * @param options - Authentication options
433 * @returns Promise resolving to query result
434 * @throws {SqlServiceError} On validation or API error
435 *
436 * @example
494 * @param options - Authentication and batch options
495 * @returns Promise resolving to array of query results
496 * @throws {SqlServiceError} On validation or API error
497 *
498 * @example
1725    // Auto-detect token from environment if not provided
1726    const token = config.token || Deno.env.get("VALTOWN_TOKEN") ||
1727      Deno.env.get("VALTOWN_API_KEY") || "";
1728
1729    if (!token) {
1730      throw new SqlServiceError(
1731        "Bearer token is required. Set VALTOWN_TOKEN, VALTOWN_API_KEY environment variable or pass token in config.",
1732        SQL_STATUS_CODES.UNAUTHORIZED,
1733      );
1764
1765  /**
1766   * Execute SQL statement with the exact old API signature for backward compatibility.
1767   *
1768   * @param statement - SQL statement as string or object

640    console.log(`[OAuthDbService] Processing OAuth user: ${provider}:${profile.id}`);
641
642    // Check if Val.town API key is available
643    const apiKey = Deno.env.get("VALTOWN_API_KEY") || Deno.env.get("VALTOWN_TOKEN");
644    if (!apiKey) {
645      console.error("🚨 [OAuthDbService] VALTOWN_API_KEY not set - cannot process OAuth user");
646      console.error(`🚨 [OAuthDbService] Provider: ${provider}, Profile ID: ${profile.id}`);
647      throw new Error("Database access unavailable - OAuth requires valid API key");
648    }
649