feat(server): auth server (#2773)

2026-02-12 12:28:42 +00:00 · 2023-06-21 14:08:32 +08:00
parent 2698e7fd0d
commit 9b3fa43b81
36 changed files with 4089 additions and 2013 deletions
--- a/apps/server/src/config/def.ts
+++ b/apps/server/src/config/def.ts
@@ -163,6 +163,12 @@ export interface AFFiNEConfig {
     * }
     */
    config: Record<string, string>;
+    /**
+     * Only used when `enable` is `false`
+     */
+    fs: {
+      path: string;
+    };
  };

  /**
@@ -172,11 +178,16 @@ export interface AFFiNEConfig {
    /**
     * Application access token expiration time
     */
-    readonly accessTokenExpiresIn: string;
+    readonly accessTokenExpiresIn: number;
    /**
     * Application refresh token expiration time
     */
-    readonly refreshTokenExpiresIn: string;
+    readonly refreshTokenExpiresIn: number;
+    /**
+     * Add some leeway (in seconds) to the exp and nbf validation to account for clock skew.
+     * Defaults to 60 if omitted.
+     */
+    readonly leeway: number;
    /**
     * Application public key
     *
@@ -195,6 +206,10 @@ export interface AFFiNEConfig {
     * whether allow user to signup by oauth providers
     */
    enableOauth: boolean;
+    /**
+     * NEXTAUTH_SECRET
+     */
+    nextAuthSecret: string;
    /**
     * all available oauth providers
     */
--- a/apps/server/src/config/default.ts
+++ b/apps/server/src/config/default.ts
@@ -1,5 +1,10 @@
 /// <reference types="../global.d.ts" />

+import { homedir } from 'node:os';
+import { join } from 'node:path';
+
+import parse from 'parse-duration';
+
 import pkg from '../../package.json' assert { type: 'json' };
 import type { AFFiNEConfig } from './def';

@@ -56,16 +61,23 @@ export const getDefaultAFFiNEConfig: () => AFFiNEConfig = () => ({
    debug: true,
  },
  auth: {
-    accessTokenExpiresIn: '1h',
-    refreshTokenExpiresIn: '7d',
+    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+    accessTokenExpiresIn: parse('1h')! / 1000,
+    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+    refreshTokenExpiresIn: parse('7d')! / 1000,
+    leeway: 60,
    publicKey: examplePublicKey,
    privateKey: examplePrivateKey,
    enableSignup: true,
    enableOauth: false,
+    nextAuthSecret: '',
    oauthProviders: {},
  },
  objectStorage: {
    enable: false,
    config: {},
+    fs: {
+      path: join(homedir(), '.affine-storage'),
+    },
  },
 });