my own indieAuth provider!
indiko.dunkirk.sh/docs
indieauth
oauth2-server
feat: actually log out deactiveated users
+45
-19
+1
-1
src/client/admin-clients.ts
+1
-1
src/client/admin-clients.ts
+1
-1
src/client/admin-invites.ts
+1
-1
src/client/admin-invites.ts
+1
-1
src/client/admin.ts
+1
-1
src/client/admin.ts
+1
-1
src/client/apps.ts
+1
-1
src/client/apps.ts
+1
-1
src/client/index.ts
+1
-1
src/client/index.ts
+1
-1
src/client/profile.ts
+1
-1
src/client/profile.ts
+6
-2
src/routes/api.ts
+6
-2
src/routes/api.ts
···
12
12
// Look up session
13
13
const session = db
14
14
.query(
15
-
`SELECT s.expires_at, s.user_id, u.username, u.is_admin
15
+
`SELECT s.expires_at, s.user_id, u.username, u.is_admin, u.status
16
16
FROM sessions s
17
17
JOIN users u ON s.user_id = u.id
18
18
WHERE s.token = ?`,
19
19
)
20
20
.get(token) as
21
-
| { expires_at: number; user_id: number; username: string; is_admin: number }
21
+
| { expires_at: number; user_id: number; username: string; is_admin: number; status: string }
22
22
| undefined;
23
23
24
24
if (!session) {
···
28
28
const now = Math.floor(Date.now() / 1000);
29
29
if (session.expires_at < now) {
30
30
return Response.json({ error: "Session expired" }, { status: 401 });
31
+
}
32
+
33
+
if (session.status !== 'active') {
34
+
return Response.json({ error: "Account is suspended" }, { status: 403 });
31
35
}
32
36
33
37
return {
+17
-5
src/routes/auth.ts
+17
-5
src/routes/auth.ts
···
306
306
return Response.json({ error: "Username required" }, { status: 400 });
307
307
}
308
308
309
-
// Check if user exists
309
+
// Check if user exists and is active
310
310
const user = db
311
-
.query("SELECT id FROM users WHERE username = ?")
312
-
.get(username) as { id: number } | undefined;
311
+
.query("SELECT id, status FROM users WHERE username = ?")
312
+
.get(username) as { id: number; status: string } | undefined;
313
313
314
314
if (!user) {
315
315
return Response.json({ error: "User not found" }, { status: 404 });
316
+
}
317
+
318
+
if (user.status !== 'active') {
319
+
return Response.json({ error: "Account is suspended" }, { status: 403 });
316
320
}
317
321
318
322
// Get user's credentials (just to verify they exist)
···
371
375
372
376
const credentialWithUser = db
373
377
.query(
374
-
"SELECT c.credential_id, c.public_key, c.counter, c.user_id, u.username FROM credentials c JOIN users u ON c.user_id = u.id WHERE c.credential_id = ?",
378
+
"SELECT c.credential_id, c.public_key, c.counter, c.user_id, u.username, u.status FROM credentials c JOIN users u ON c.user_id = u.id WHERE c.credential_id = ?",
375
379
)
376
380
.get(Buffer.from(credentialIdString)) as
377
-
| { credential_id: Buffer; public_key: Buffer; counter: number; user_id: number; username: string }
381
+
| { credential_id: Buffer; public_key: Buffer; counter: number; user_id: number; username: string; status: string }
378
382
| undefined;
379
383
380
384
if (!credentialWithUser) {
381
385
return Response.json(
382
386
{ error: "Credential not found" },
383
387
{ status: 404 },
388
+
);
389
+
}
390
+
391
+
// Check if user account is active
392
+
if (credentialWithUser.status !== 'active') {
393
+
return Response.json(
394
+
{ error: "Account is suspended" },
395
+
{ status: 403 },
384
396
);
385
397
}
386
398
+6
-2
src/routes/clients.ts
+6
-2
src/routes/clients.ts
···
25
25
26
26
const session = db
27
27
.query(
28
-
`SELECT s.expires_at, s.user_id, u.username, u.is_admin
28
+
`SELECT s.expires_at, s.user_id, u.username, u.is_admin, u.status
29
29
FROM sessions s
30
30
JOIN users u ON s.user_id = u.id
31
31
WHERE s.token = ?`,
32
32
)
33
33
.get(token) as
34
-
| { expires_at: number; user_id: number; username: string; is_admin: number }
34
+
| { expires_at: number; user_id: number; username: string; is_admin: number; status: string }
35
35
| undefined;
36
36
37
37
if (!session) {
···
41
41
const now = Math.floor(Date.now() / 1000);
42
42
if (session.expires_at < now) {
43
43
return Response.json({ error: "Session expired" }, { status: 401 });
44
+
}
45
+
46
+
if (session.status !== 'active') {
47
+
return Response.json({ error: "Account is suspended" }, { status: 403 });
44
48
}
45
49
46
50
return {
+10
-4
src/routes/indieauth.ts
+10
-4
src/routes/indieauth.ts
···
19
19
20
20
const session = db
21
21
.query(
22
-
`SELECT s.expires_at, u.id, u.username, u.is_admin
22
+
`SELECT s.expires_at, u.id, u.username, u.is_admin, u.status
23
23
FROM sessions s
24
24
JOIN users u ON s.user_id = u.id
25
25
WHERE s.token = ?`,
26
26
)
27
27
.get(token) as
28
-
| { expires_at: number; id: number; username: string; is_admin: number }
28
+
| { expires_at: number; id: number; username: string; is_admin: number; status: string }
29
29
| undefined;
30
30
31
31
if (!session) {
···
37
37
return Response.json({ error: "Session expired" }, { status: 401 });
38
38
}
39
39
40
+
if (session.status !== 'active') {
41
+
return Response.json({ error: "Account is suspended" }, { status: 403 });
42
+
}
43
+
40
44
return {
41
45
username: session.username,
42
46
userId: session.id,
···
61
65
62
66
const session = db
63
67
.query(
64
-
`SELECT s.expires_at, u.id, u.username, u.is_admin
68
+
`SELECT s.expires_at, u.id, u.username, u.is_admin, u.status
65
69
FROM sessions s
66
70
JOIN users u ON s.user_id = u.id
67
71
WHERE s.token = ?`,
68
72
)
69
73
.get(sessionToken) as
70
-
| { expires_at: number; id: number; username: string; is_admin: number }
74
+
| { expires_at: number; id: number; username: string; is_admin: number; status: string }
71
75
| undefined;
72
76
73
77
if (!session) return null;
74
78
75
79
const now = Math.floor(Date.now() / 1000);
76
80
if (session.expires_at < now) return null;
81
+
82
+
if (session.status !== 'active') return null;
77
83
78
84
return {
79
85
username: session.username,