Accept Flutter sessions for billing

2026-05-31 18:06:33 +05:00
parent fe74257dd3
commit 133d7b434b
1 changed files with 20 additions and 0 deletions
--- a/src/auth.ts
+++ b/src/auth.ts
@@ -5,6 +5,8 @@ import type { Request } from 'express'
 const LOGTO_JWKS_URL = process.env.LOGTO_JWKS_URL || 'https://auth.optovia.ru/oidc/jwks'
 const LOGTO_ISSUER = process.env.LOGTO_ISSUER || 'https://auth.optovia.ru/oidc'
 const LOGTO_BILLING_AUDIENCE = process.env.LOGTO_BILLING_AUDIENCE || 'https://billing.optovia.ru'
+const TEAMS_USER_GRAPHQL_URL = process.env.TEAMS_USER_GRAPHQL_URL || 'https://teams.optovia.ru/graphql/user/'
+const SESSION_TOKEN_PREFIX = 'optovia-session:'

 const jwks = createRemoteJWKSet(new URL(LOGTO_JWKS_URL))

@@ -41,6 +43,24 @@ export async function m2mContext(): Promise<AuthContext> {

 export async function teamContext(req: Request): Promise<AuthContext> {
  const token = getBearerToken(req)
+  if (token.startsWith(SESSION_TOKEN_PREFIX)) {
+    const response = await fetch(TEAMS_USER_GRAPHQL_URL, {
+      method: 'POST',
+      headers: {
+        'content-type': 'application/json',
+        authorization: `Bearer ${token}`,
+      },
+      body: JSON.stringify({
+        query: `query BillingSessionMe { me { id activeTeamId } }`,
+      }),
+    })
+    const body = await response.json() as { data?: { me?: { id?: string; activeTeamId?: string } } }
+    const me = body.data?.me
+    if (!me?.id || !me.activeTeamId) {
+      throw new GraphQLError('Unauthorized', { extensions: { code: 'UNAUTHENTICATED' } })
+    }
+    return { userId: me.id, teamUuid: me.activeTeamId, scopes: ['teams:member'] }
+  }
  const { payload } = await jwtVerify(token, jwks, {
    issuer: LOGTO_ISSUER,
    audience: LOGTO_BILLING_AUDIENCE,