diff --git a/.DS_Store b/.DS_Store deleted file mode 100644 index e3cf853a..00000000 Binary files a/.DS_Store and /dev/null differ diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..244db184 --- /dev/null +++ b/.gitignore @@ -0,0 +1,15 @@ +.DS_Store +Thumbs.db + +node_modules +/.svelte-kit +/build +/.output + +.env +.env.* +!.env.example +!.env.test + +vite.config.js.timestamp-* +vite.config.ts.timestamp-* diff --git a/src/hooks.server.ts b/src/hooks.server.ts index 419403d3..215368bd 100644 --- a/src/hooks.server.ts +++ b/src/hooks.server.ts @@ -3,6 +3,7 @@ import PocketBase from "pocketbase"; import type { Handle } from "@sveltejs/kit"; const POCKETBASE_URL = "https://pocketbase.ccllc.pro"; +const BASE_SSO_URL = process.env.BASE_SSO_URL ?? "https://base.ccllc.pro"; const LOGIN_PATH = "/login"; const LOGOUT_PATH = "/logout"; @@ -15,6 +16,29 @@ function isPublicRoute(pathname: string): boolean { } export const handle: Handle = async ({ event, resolve }) => { + // SSO: if opened from Base with ?sso=token, exchange for session and redirect + const ssoParam = event.url.searchParams.get("sso"); + if (ssoParam) { + try { + const res = await fetch( + `${BASE_SSO_URL}/api/sso/exchange?token=${encodeURIComponent(ssoParam)}` + ); + if (res.ok) { + const auth = await res.json(); + const cookieVal = encodeURIComponent( + JSON.stringify({ token: auth.token, model: auth.model }) + ); + const setCookie = `pb_auth=${cookieVal}; Path=/; SameSite=Lax; Max-Age=604800`; + return new Response(null, { + status: 302, + headers: { Location: event.url.pathname, "Set-Cookie": setCookie }, + }); + } + } catch { + // fall through to normal auth + } + } + event.locals.pb = new PocketBase(POCKETBASE_URL); event.locals.pb.authStore.loadFromCookie(event.request.headers.get("cookie") || "");