feat(sso): issue one-time tokens for iframe apps
Generate short-lived SSO tokens in the site iframe route and add an exchange API to let child apps bootstrap their PocketBase session.
This commit is contained in:
@@ -1,7 +1,9 @@
|
||||
import { sites, type SiteSlug } from '$lib/sites';
|
||||
import { error } from '@sveltejs/kit';
|
||||
import * as ssoStore from '$lib/sso-store';
|
||||
import { randomUUID } from 'crypto';
|
||||
|
||||
export function load({ params }) {
|
||||
export function load({ params, locals }) {
|
||||
const slug = params.site?.toLowerCase() as SiteSlug | undefined;
|
||||
const site = slug && slug in sites ? sites[slug as SiteSlug] : null;
|
||||
|
||||
@@ -9,9 +11,22 @@ export function load({ params }) {
|
||||
throw error(404, `Unknown site: ${params.site}`);
|
||||
}
|
||||
|
||||
let ssoToken: string | undefined;
|
||||
if (locals.user && locals.pb?.authStore?.token) {
|
||||
try {
|
||||
const token = locals.pb.authStore.token;
|
||||
const model = locals.pb.authStore.record as Record<string, unknown> | null;
|
||||
ssoToken = randomUUID();
|
||||
ssoStore.set(ssoToken, { token, model });
|
||||
} catch {
|
||||
// no sso if export fails
|
||||
}
|
||||
}
|
||||
|
||||
return {
|
||||
slug: slug as SiteSlug,
|
||||
url: site.url,
|
||||
title: site.title
|
||||
title: site.title,
|
||||
ssoToken
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user