auth middleware (init)

package.json

@@ -21,14 +21,15 @@
 		"@stripe/stripe-js": "^4.4.0",
 		"@sveltejs/adapter-cloudflare": "^4.7.2",
 		"@sveltejs/kit": "^2.0.0",
-		"@sveltejs/vite-plugin-svelte": "^3.0.0",
+		"@sveltejs/vite-plugin-svelte": "^4.0.0-next.6",
 		"@types/eslint": "^8.56.7",
 		"eslint": "^9.0.0",
 		"eslint-config-prettier": "^9.1.0",
 		"eslint-plugin-svelte": "^2.36.0",
 		"firebase": "^10.12.3",
 		"firebase-auth-cloudflare-workers-x509": "^2.0.5",
 		"globals": "^15.0.0",
+		"hono": "^4.5.11",
 		"prettier": "^3.1.1",
 		"prettier-plugin-svelte": "^3.1.2",
 		"stripe": "^16.7.0",
@@ -48,9 +49,7 @@
 		}
 	},
 	"type": "module",
-	"dependencies": {
-		"hono": "^4.5.11"
-	},
+	"dependencies": {},
 	"volta": {
 		"node": "20.17.0"
 	}

src/api/auth.ts

@@ -0,0 +1,49 @@
+import type { Context } from 'hono';
+import { getCookie } from 'hono/cookie';
+import { createMiddleware } from 'hono/factory';
+import {
+	Auth,
+	ServiceAccountCredential,
+	WorkersKVStoreSingle
+} from 'firebase-auth-cloudflare-workers-x509';
+import { GOOGLE_SERVICE_ACCOUNT_KEY } from '$env/static/private';
+import { HTTPException } from 'hono/http-exception';
+
+type CurrentUser = {
+	uid: string;
+	name: string;
+};
+
+export interface AuthVariables {
+	currentUser?: CurrentUser;
+}
+
+export const authMiddleware = createMiddleware(async (c, next) => {
+	const sessionCookie = getCookie(c, 'session');
+	if (sessionCookie) {
+		const keys = WorkersKVStoreSingle.getOrInitialize('pubkeys', c.env.KV);
+		const auth = Auth.getOrInitialize(
+			'fukada-delete-me',
+			keys,
+			new ServiceAccountCredential(GOOGLE_SERVICE_ACCOUNT_KEY)
+		);
+		try {
+			const idToken = await auth.verifySessionCookie(sessionCookie);
+			c.set('currentUser', {
+				uid: idToken.uid,
+				name: idToken.name
+			});
+		} catch {
+			// ignore
+		}
+	}
+	await next();
+});
+
+export function ensureUser(c: Context) {
+	const currentUser = c.get('currentUser') as CurrentUser;
+	if (!currentUser) {
+		throw new HTTPException(401, { message: 'Not authorized' });
+	}
+	return currentUser;
+}

src/api/index.ts

@@ -1,20 +1,24 @@
 import { Hono } from 'hono';
+import { authMiddleware, ensureUser, type AuthVariables } from './auth';
 
 export type Post = {
 	title: string;
 	author: string;
 };
 
-const app = new Hono().get('/api/posts', async (c) => {
-	const posts: Post[] = [];
-	for (let i = 0; i < 20; i++) {
-		posts.push({
-			title: '素晴しい記事',
-			author: '名無し'
-		});
-	}
-	return c.json(posts);
-});
+const app = new Hono<{ Bindings: Env; Variables: AuthVariables }>()
+	.use(authMiddleware)
+	.get('/api/posts', async (c) => {
+		const currentUser = ensureUser(c);
+		const posts: Post[] = [];
+		for (let i = 0; i < 20; i++) {
+			posts.push({
+				title: '素晴しい記事',
+				author: currentUser.name
+			});
+		}
+		return c.json(posts);
+	});
 
 export default app;
 

src/app.d.ts

@@ -4,6 +4,10 @@ import type { BasicPrivateUserInfo } from './lib/user';
 
 // for information about these interfaces
 declare global {
+	interface Env {
+		KV: KVNamespace;
+	}
+
 	namespace App {
 		// interface Error {}
 		interface Locals {
@@ -14,9 +18,7 @@ declare global {
 		}
 		// interface PageState {}
 		interface Platform {
-			env?: {
-				KV: KVNamespace;
-			};
+			env?: EnV;
 		}
 	}
 }

src/routes/session/+server.ts

@@ -12,8 +12,7 @@ export const POST = async ({ request, cookies, platform }) => {
 	return request
 		.json()
 		.then(async (data) => {
-			const idToken = data.idToken;
-
+			const idToken = (data as { idToken?: string }).idToken;
 			const days = 14; // 5 min - 14 days
 			if (typeof idToken === 'string') {
 				const cookie = await createSessionCookie(keys, idToken, days);

tsconfig.json

@@ -9,7 +9,11 @@
 		"skipLibCheck": true,
 		"sourceMap": true,
 		"strict": true,
-		"moduleResolution": "bundler"
+		"moduleResolution": "bundler",
+		"types": [
+			"@cloudflare/workers-types",
+			"@cloudflare/workers-types/experimental"
+		]
 	}
 	// Path aliases are handled by https://kit.svelte.dev/docs/configuration#alias
 	// except $lib which is handled by https://kit.svelte.dev/docs/configuration#files