gateway/src/types/proxy.ts at main · bkb.arcnode.xyz/atauth

bkb.arcnode.xyz / atauth

fork atom

AtAuth

fork atom

atauth / gateway / src / types / proxy.ts

at main 78 lines 1.9 kB view raw

wrap content

Bryan Brooks chore: sanitize for FOSS release 18d ago

8af4039f

 1/**
 2 * Forward-Auth Proxy Types
 3 *
 4 * Types for the forward-auth/SSO gateway that protects
 5 * arbitrary services via nginx auth_request.
 6 */
 7
 8/** A gateway-level SSO session (stored in SQLite) */
 9export interface ProxySession {
10  id: string;
11  did: string;
12  handle: string;
13  created_at: number;
14  expires_at: number;
15  last_activity: number;
16  user_agent?: string;
17  ip_address?: string;
18}
19
20/** An origin allowed to use forward-auth */
21export interface ProxyAllowedOrigin {
22  id: number;
23  origin: string; // e.g. "https://search.example.com"
24  name: string;   // e.g. "SearXNG"
25  created_at: number;
26}
27
28/** Pending forward-auth login request (stored while user does AT Proto OAuth) */
29export interface ProxyAuthRequest {
30  id: string;
31  redirect_uri: string;
32  created_at: number;
33  expires_at: number;
34}
35
36/** An access control rule for forward-auth proxy */
37export interface ProxyAccessRule {
38  id: number;
39  origin_id: number | null;  // null = global rule
40  rule_type: 'allow' | 'deny';
41  subject_type: 'did' | 'handle_pattern';
42  subject_value: string;
43  description: string | null;
44  created_at: number;
45}
46
47/** Result of an access check */
48export interface AccessCheckResult {
49  allowed: boolean;
50  matched_rule_id: number | null;
51  reason: string;  // for logging/admin, NOT for user display
52}
53
54/** Payload inside the _atauth_session cookie (on ATAuth domain) */
55export interface ProxySessionCookiePayload {
56  typ: 'session' | 'proxy' | 'admin';
57  sid: string;
58  iat: number;
59  exp: number;
60}
61
62/** Payload inside the _atauth_ticket URL parameter (short-lived redirect token) */
63export interface ProxyTicketPayload {
64  sid: string;
65  did: string;
66  handle: string;
67  origin: string;
68  iat: number;
69  exp: number;
70}
71
72/** Forward-auth configuration */
73export interface ForwardAuthConfig {
74  enabled: boolean;
75  sessionSecret: string;
76  sessionTtl: number;      // seconds, default 7 days
77  proxyCookieTtl: number;  // seconds, default 24h
78}