mirror of
https://github.com/koala73/worldmonitor.git
synced 2026-04-26 01:24:59 +02:00
ee8ca345cb
* refactor: consolidate Upstash helpers and extract DeckGL color config Part 1 — api/_upstash-json.js: add getRedisCredentials, redisPipeline, setCachedData exports. Migrate _oauth-token.js, reverse-geocode.js, health.js, bootstrap.js, seed-health.js, and cache-purge.js off their inline credential/pipeline boilerplate. Part 2 — DeckGLMap.ts: extract getBaseColor, mineralColor, windColor, TC_WIND_COLORS, CII_LEVEL_COLORS into src/config/ files so panels and tests can reuse them without importing DeckGLMap. Surfaced by reviewing nichm/worldmonitor-private fork. * fix(mcp): restore throw-on-Redis-error in fetchOAuthToken; fix health error message _oauth-token.js: readJsonFromUpstash returns null for HTTP errors, but mcp.ts:702 relies on a throw to return 503 (retryable) vs null→401 (re-authenticate). Restore the explicit fetch that throws on !resp.ok, using getRedisCredentials() for credential extraction. health.js: the single null guard produced "Redis not configured" for both missing creds and HTTP failures. Split into two checks so the 503 body correctly distinguishes env config problems from service outages. * fix(upstash): remove dead try/catch in reverse-geocode; atomic SET EX in setCachedData
50 lines
2.0 KiB
JavaScript
50 lines
2.0 KiB
JavaScript
// @ts-expect-error — JS module, no declaration file
|
|
import { keyFingerprint, sha256Hex } from './_crypto.js';
|
|
// @ts-expect-error — JS module, no declaration file
|
|
import { getRedisCredentials } from './_upstash-json.js';
|
|
|
|
async function fetchOAuthToken(uuid) {
|
|
const creds = getRedisCredentials();
|
|
if (!creds) return null;
|
|
|
|
const resp = await fetch(`${creds.url}/get/${encodeURIComponent(`oauth:token:${uuid}`)}`, {
|
|
headers: { Authorization: `Bearer ${creds.token}` },
|
|
signal: AbortSignal.timeout(3_000),
|
|
});
|
|
// Throw on HTTP error so callers can distinguish Redis failure (→ 503) from missing token (→ 401).
|
|
if (!resp.ok) throw new Error(`Redis HTTP ${resp.status}`);
|
|
|
|
const data = await resp.json();
|
|
if (!data.result) return null;
|
|
try { return JSON.parse(data.result); } catch { return null; }
|
|
}
|
|
|
|
// Legacy: 16-char fingerprint for client_credentials tokens (backward compat)
|
|
export async function resolveApiKeyFromFingerprint(fingerprint) {
|
|
if (typeof fingerprint !== 'string' || !fingerprint) return null;
|
|
const validKeys = (process.env.WORLDMONITOR_VALID_KEYS || '').split(',').filter(Boolean);
|
|
for (const k of validKeys) {
|
|
if (await keyFingerprint(k) === fingerprint) return k;
|
|
}
|
|
return null;
|
|
}
|
|
|
|
// New: full SHA-256 (64 hex chars) for authorization_code / refresh_token issued tokens
|
|
export async function resolveApiKeyFromHash(fullHash) {
|
|
if (typeof fullHash !== 'string' || fullHash.length !== 64) return null;
|
|
const validKeys = (process.env.WORLDMONITOR_VALID_KEYS || '').split(',').filter(Boolean);
|
|
for (const k of validKeys) {
|
|
if (await sha256Hex(k) === fullHash) return k;
|
|
}
|
|
return null;
|
|
}
|
|
|
|
export async function resolveApiKeyFromBearer(token) {
|
|
if (!token) return null;
|
|
const stored = await fetchOAuthToken(token);
|
|
if (typeof stored !== 'string' || !stored) return null;
|
|
// Dispatch based on stored value length: 64 = full SHA-256 (new), 16 = fingerprint (legacy)
|
|
if (stored.length === 64) return resolveApiKeyFromHash(stored);
|
|
return resolveApiKeyFromFingerprint(stored);
|
|
}
|