Add Create Root User page

routes/api/_middleware.ts

@@ -9,22 +9,23 @@ function handle_auth(req: Request, ctx: MiddlewareHandlerContext) {
     if (m.db.get_user_count() === 0) return true;
     const u = new URL(req.url);
     let token: string | null | undefined = req.headers.get("X-TOKEN");
-    const cookies = parse_cookies(req.headers.get("Cookies"));
+    const cookies = parse_cookies(req.headers.get("Cookie"));
     if (!token) {
         token = cookies.get("token");
     }
-    if (!token) {
+    const check = () => {
         if (u.pathname === "/api/token" && req.method === "PUT") return true;
         if (u.pathname === "/api/status" && req.method === "GET") return true;
         return false;
-    }
+    };
+    if (!token) return check();
     const t = m.db.get_token(token);
     const now = (new Date()).getTime();
-    if (!t || t.expired.getTime() < now) return false;
+    if (!t || t.expired.getTime() < now) return check();
     const user = m.db.get_user(t.uid);
     if (!user) {
         m.db.delete_token(token);
-        return false;
+        return check();
     }
     ctx.state.user = user;
     return true;

routes/api/token.ts

@@ -1,6 +1,6 @@
 import { Handlers } from "$fresh/server.ts";
 import { decode } from "std/encoding/base64.ts";
-import { get_string, parse_int } from "../../server/parse_form.ts";
+import { get_string, parse_bool, parse_int } from "../../server/parse_form.ts";
 import { return_data, return_error } from "../../server/utils.ts";
 import { get_task_manager } from "../../server.ts";
 import pbkdf2Hmac from "pbkdf2-hmac";
@@ -57,6 +57,9 @@ export const handler: Handlers = {
         if (t > now + 60000 || t < now - 60000) {
             return return_error(3, "Time is not corrected.");
         }
+        const set_cookie = await parse_bool(data.get("set_cookie"), false);
+        const http_only = await parse_bool(data.get("http_only"), true);
+        const secure = await parse_bool(data.get("secure"), false);
         const m = get_task_manager();
         const u = m.db.get_user_by_name(username);
         if (!u) return return_error(4, USER_PASSWORD_ERROR);
@@ -67,6 +70,13 @@ export const handler: Handlers = {
             return return_error(4, USER_PASSWORD_ERROR);
         }
         const token = m.db.add_token(u.id, now);
-        return return_data(token, 201);
+        const headers: HeadersInit = {};
+        if (set_cookie) {
+            headers["Set-Cookie"] =
+                `token=${token.token}; Expires=${token.expired.toUTCString()}${
+                    http_only ? "; HttpOnly" : ""
+                }${secure ? "; Secure" : ""}`;
+        }
+        return return_data(token, 201, headers);
     },
 };

routes/api/user.ts

@@ -2,6 +2,7 @@ import { Handlers } from "$fresh/server.ts";
 import { User, UserPermission } from "../../db.ts";
 import { get_task_manager } from "../../server.ts";
 import { get_string, parse_bool, parse_int } from "../../server/parse_form.ts";
+import type { BUser } from "../../server/user.ts";
 import { return_data, return_error } from "../../server/utils.ts";
 import pbkdf2Hmac from "pbkdf2-hmac";
 
@@ -24,7 +25,7 @@ export const handler: Handlers = {
         if (user && !user.is_admin && us.id !== user.id) {
             return return_error(403, "Permission denied.");
         }
-        return return_data({
+        return return_data<BUser>({
             id: us.id,
             username: us.username,
             is_admin: us.is_admin,