feat(sso): accept base-issued iframe login
Handle Base SSO tokens on initial requests so Stackq can bootstrap PocketBase auth and redirect into the app without a separate login.
This commit is contained in:
+15
@@ -0,0 +1,15 @@
|
|||||||
|
.DS_Store
|
||||||
|
Thumbs.db
|
||||||
|
|
||||||
|
node_modules
|
||||||
|
/.svelte-kit
|
||||||
|
/build
|
||||||
|
/.output
|
||||||
|
|
||||||
|
.env
|
||||||
|
.env.*
|
||||||
|
!.env.example
|
||||||
|
!.env.test
|
||||||
|
|
||||||
|
vite.config.js.timestamp-*
|
||||||
|
vite.config.ts.timestamp-*
|
||||||
@@ -3,6 +3,7 @@ import PocketBase from "pocketbase";
|
|||||||
import type { Handle } from "@sveltejs/kit";
|
import type { Handle } from "@sveltejs/kit";
|
||||||
|
|
||||||
const POCKETBASE_URL = "https://pocketbase.ccllc.pro";
|
const POCKETBASE_URL = "https://pocketbase.ccllc.pro";
|
||||||
|
const BASE_SSO_URL = process.env.BASE_SSO_URL ?? "https://base.ccllc.pro";
|
||||||
const LOGIN_PATH = "/login";
|
const LOGIN_PATH = "/login";
|
||||||
const LOGOUT_PATH = "/logout";
|
const LOGOUT_PATH = "/logout";
|
||||||
|
|
||||||
@@ -15,6 +16,29 @@ function isPublicRoute(pathname: string): boolean {
|
|||||||
}
|
}
|
||||||
|
|
||||||
export const handle: Handle = async ({ event, resolve }) => {
|
export const handle: Handle = async ({ event, resolve }) => {
|
||||||
|
// SSO: if opened from Base with ?sso=token, exchange for session and redirect
|
||||||
|
const ssoParam = event.url.searchParams.get("sso");
|
||||||
|
if (ssoParam) {
|
||||||
|
try {
|
||||||
|
const res = await fetch(
|
||||||
|
`${BASE_SSO_URL}/api/sso/exchange?token=${encodeURIComponent(ssoParam)}`
|
||||||
|
);
|
||||||
|
if (res.ok) {
|
||||||
|
const auth = await res.json();
|
||||||
|
const cookieVal = encodeURIComponent(
|
||||||
|
JSON.stringify({ token: auth.token, model: auth.model })
|
||||||
|
);
|
||||||
|
const setCookie = `pb_auth=${cookieVal}; Path=/; SameSite=Lax; Max-Age=604800`;
|
||||||
|
return new Response(null, {
|
||||||
|
status: 302,
|
||||||
|
headers: { Location: event.url.pathname, "Set-Cookie": setCookie },
|
||||||
|
});
|
||||||
|
}
|
||||||
|
} catch {
|
||||||
|
// fall through to normal auth
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
event.locals.pb = new PocketBase(POCKETBASE_URL);
|
event.locals.pb = new PocketBase(POCKETBASE_URL);
|
||||||
event.locals.pb.authStore.loadFromCookie(event.request.headers.get("cookie") || "");
|
event.locals.pb.authStore.loadFromCookie(event.request.headers.get("cookie") || "");
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user