Files
Suwayomi-Server/server/src/main/kotlin/suwayomi/tachidesk/graphql/mutations/TrackMutation.kt
Constantin Piber 8547159eec Basic JWT implementation (#1524)
* Basic JWT implementation

* Move JWT to UI_LOGIN mode and bring back SIMPLE_LOGIN as before

* Update server/src/main/kotlin/suwayomi/tachidesk/global/impl/util/Jwt.kt

Co-authored-by: Mitchell Syer <Syer10@users.noreply.github.com>

* Refresh: Update only access token

Co-authored-by: Mitchell Syer <Syer10@users.noreply.github.com>

* Implement JWT Audience

* Store JWT key

Generates the key on startup if not set

* Handle invalid Base64

* Make JWT expiry configurable

* Missing value parse

* Update server/src/main/kotlin/suwayomi/tachidesk/global/impl/util/Jwt.kt

Co-authored-by: Mitchell Syer <Syer10@users.noreply.github.com>

* Simplify Duration parsing

* JWT Protect Mutations

* JWT Protect Queries and Subscriptions

* JWT Protect v1 WebSockets

* WebSockets allow sending token via protocol header

* Also respect the `suwayomi-server-token` cookie

* JWT reduce default token expiry

* JWT Support cookie on WebSocket as well

* Lint

* Authenticate graphql subscription via connection_init payload

* WebView: Prefer explicit token over cookie

This hack was implemented because WebView sent `"null"` if no token was
supplied, just don't send a bad token, then we can do this properly

* WebView: Implement basic login dialog if no token supplied

---------

Co-authored-by: Mitchell Syer <Syer10@users.noreply.github.com>
Co-authored-by: schroda <50052685+schroda@users.noreply.github.com>
2025-08-20 18:04:48 -04:00

325 lines
11 KiB
Kotlin

package suwayomi.tachidesk.graphql.mutations
import com.expediagroup.graphql.generator.annotations.GraphQLDeprecated
import com.expediagroup.graphql.generator.annotations.GraphQLDescription
import graphql.execution.DataFetcherResult
import graphql.schema.DataFetchingEnvironment
import org.jetbrains.exposed.sql.and
import org.jetbrains.exposed.sql.selectAll
import org.jetbrains.exposed.sql.transactions.transaction
import suwayomi.tachidesk.graphql.asDataFetcherResult
import suwayomi.tachidesk.graphql.server.getAttribute
import suwayomi.tachidesk.graphql.types.TrackRecordType
import suwayomi.tachidesk.graphql.types.TrackerType
import suwayomi.tachidesk.manga.impl.track.Track
import suwayomi.tachidesk.manga.impl.track.tracker.TrackerManager
import suwayomi.tachidesk.manga.model.table.TrackRecordTable
import suwayomi.tachidesk.server.JavalinSetup.Attribute
import suwayomi.tachidesk.server.JavalinSetup.future
import suwayomi.tachidesk.server.JavalinSetup.getAttribute
import suwayomi.tachidesk.server.user.requireUser
import java.util.concurrent.CompletableFuture
class TrackMutation {
data class LoginTrackerOAuthInput(
val clientMutationId: String? = null,
val trackerId: Int,
val callbackUrl: String,
)
data class LoginTrackerOAuthPayload(
val clientMutationId: String?,
val isLoggedIn: Boolean,
val tracker: TrackerType,
)
fun loginTrackerOAuth(
dataFetchingEnvironment: DataFetchingEnvironment,
input: LoginTrackerOAuthInput,
): CompletableFuture<LoginTrackerOAuthPayload> {
dataFetchingEnvironment.getAttribute(Attribute.TachideskUser).requireUser()
val tracker =
requireNotNull(TrackerManager.getTracker(input.trackerId)) {
"Could not find tracker"
}
return future {
tracker.authCallback(input.callbackUrl)
val trackerType = TrackerType(tracker)
LoginTrackerOAuthPayload(
input.clientMutationId,
trackerType.isLoggedIn,
trackerType,
)
}
}
data class LoginTrackerCredentialsInput(
val clientMutationId: String? = null,
val trackerId: Int,
val username: String,
val password: String,
)
data class LoginTrackerCredentialsPayload(
val clientMutationId: String?,
val isLoggedIn: Boolean,
val tracker: TrackerType,
)
fun loginTrackerCredentials(
dataFetchingEnvironment: DataFetchingEnvironment,
input: LoginTrackerCredentialsInput,
): CompletableFuture<LoginTrackerCredentialsPayload> {
dataFetchingEnvironment.getAttribute(Attribute.TachideskUser).requireUser()
val tracker =
requireNotNull(TrackerManager.getTracker(input.trackerId)) {
"Could not find tracker"
}
return future {
tracker.login(input.username, input.password)
val trackerType = TrackerType(tracker)
LoginTrackerCredentialsPayload(
input.clientMutationId,
trackerType.isLoggedIn,
trackerType,
)
}
}
data class LogoutTrackerInput(
val clientMutationId: String? = null,
val trackerId: Int,
)
data class LogoutTrackerPayload(
val clientMutationId: String?,
val isLoggedIn: Boolean,
val tracker: TrackerType,
)
fun logoutTracker(
dataFetchingEnvironment: DataFetchingEnvironment,
input: LogoutTrackerInput,
): CompletableFuture<LogoutTrackerPayload> {
dataFetchingEnvironment.getAttribute(Attribute.TachideskUser).requireUser()
val tracker =
requireNotNull(TrackerManager.getTracker(input.trackerId)) {
"Could not find tracker"
}
require(tracker.isLoggedIn) {
"Cannot logout of a tracker that is not logged-in"
}
return future {
tracker.logout()
val trackerType = TrackerType(tracker)
LogoutTrackerPayload(
input.clientMutationId,
trackerType.isLoggedIn,
trackerType,
)
}
}
data class BindTrackInput(
val clientMutationId: String? = null,
val mangaId: Int,
val trackerId: Int,
val remoteId: Long,
@GraphQLDescription("This will only work if the tracker of the track record supports private tracking")
val private: Boolean? = null,
)
data class BindTrackPayload(
val clientMutationId: String?,
val trackRecord: TrackRecordType,
)
fun bindTrack(
dataFetchingEnvironment: DataFetchingEnvironment,
input: BindTrackInput,
): CompletableFuture<BindTrackPayload> {
dataFetchingEnvironment.getAttribute(Attribute.TachideskUser).requireUser()
val (clientMutationId, mangaId, trackerId, remoteId, private) = input
return future {
Track.bind(
mangaId,
trackerId,
remoteId,
private ?: false,
)
val trackRecord =
transaction {
TrackRecordTable
.selectAll()
.where {
TrackRecordTable.mangaId eq mangaId and (TrackRecordTable.trackerId eq trackerId)
}.first()
}
BindTrackPayload(
clientMutationId,
TrackRecordType(trackRecord),
)
}
}
data class FetchTrackInput(
val clientMutationId: String? = null,
val recordId: Int,
)
data class FetchTrackPayload(
val clientMutationId: String?,
val trackRecord: TrackRecordType,
)
fun fetchTrack(
dataFetchingEnvironment: DataFetchingEnvironment,
input: FetchTrackInput,
): CompletableFuture<FetchTrackPayload> {
dataFetchingEnvironment.getAttribute(Attribute.TachideskUser).requireUser()
val (clientMutationId, recordId) = input
return future {
Track.refresh(recordId)
val trackRecord =
transaction {
TrackRecordTable
.selectAll()
.where {
TrackRecordTable.id eq recordId
}.first()
}
FetchTrackPayload(
clientMutationId,
TrackRecordType(trackRecord),
)
}
}
data class UnbindTrackInput(
val clientMutationId: String? = null,
val recordId: Int,
@GraphQLDescription("This will only work if the tracker of the track record supports deleting tracks")
val deleteRemoteTrack: Boolean? = null,
)
data class UnbindTrackPayload(
val clientMutationId: String?,
val trackRecord: TrackRecordType?,
)
fun unbindTrack(
dataFetchingEnvironment: DataFetchingEnvironment,
input: UnbindTrackInput,
): CompletableFuture<UnbindTrackPayload> {
dataFetchingEnvironment.getAttribute(Attribute.TachideskUser).requireUser()
val (clientMutationId, recordId, deleteRemoteTrack) = input
return future {
Track.unbind(recordId, deleteRemoteTrack)
val trackRecord =
transaction {
TrackRecordTable
.selectAll()
.where {
TrackRecordTable.id eq recordId
}.firstOrNull()
}
UnbindTrackPayload(
clientMutationId,
trackRecord?.let { TrackRecordType(it) },
)
}
}
data class TrackProgressInput(
val clientMutationId: String? = null,
val mangaId: Int,
)
data class TrackProgressPayload(
val clientMutationId: String?,
val trackRecords: List<TrackRecordType>,
)
fun trackProgress(
dataFetchingEnvironment: DataFetchingEnvironment,
input: TrackProgressInput,
): CompletableFuture<DataFetcherResult<TrackProgressPayload?>> {
dataFetchingEnvironment.getAttribute(Attribute.TachideskUser).requireUser()
val (clientMutationId, mangaId) = input
return future {
asDataFetcherResult {
Track.trackChapter(mangaId)
val trackRecords =
transaction {
TrackRecordTable
.selectAll()
.where { TrackRecordTable.mangaId eq mangaId }
.toList()
}
TrackProgressPayload(
clientMutationId,
trackRecords.map { TrackRecordType(it) },
)
}
}
}
data class UpdateTrackInput(
val clientMutationId: String? = null,
val recordId: Int,
val status: Int? = null,
val lastChapterRead: Double? = null,
val scoreString: String? = null,
@GraphQLDescription("This will only work if the tracker of the track record supports reading dates")
val startDate: Long? = null,
@GraphQLDescription("This will only work if the tracker of the track record supports reading dates")
val finishDate: Long? = null,
@GraphQLDescription("This will only work if the tracker of the track record supports private tracking")
val private: Boolean? = null,
@GraphQLDeprecated("Replaced with \"unbindTrack\" mutation", replaceWith = ReplaceWith("unbindTrack"))
val unbind: Boolean? = null,
)
data class UpdateTrackPayload(
val clientMutationId: String?,
val trackRecord: TrackRecordType?,
)
fun updateTrack(
dataFetchingEnvironment: DataFetchingEnvironment,
input: UpdateTrackInput,
): CompletableFuture<UpdateTrackPayload> =
future {
dataFetchingEnvironment.getAttribute(Attribute.TachideskUser).requireUser()
Track.update(
Track.UpdateInput(
input.recordId,
input.status,
input.lastChapterRead,
input.scoreString,
input.startDate,
input.finishDate,
input.unbind,
input.private,
),
)
val trackRecord =
transaction {
TrackRecordTable
.selectAll()
.where {
TrackRecordTable.id eq input.recordId
}.firstOrNull()
}
UpdateTrackPayload(
input.clientMutationId,
trackRecord?.let { TrackRecordType(it) },
)
}
}