27 lines
727 B
TypeScript
27 lines
727 B
TypeScript
import { defineEventHandler, createError } from 'h3'
|
|
import { getSubdomainFromRequest } from '~/server/utils/tenant'
|
|
import { getSessionToken } from '~/server/utils/session'
|
|
|
|
/**
|
|
* Get a short-lived token for WebSocket authentication
|
|
* This is needed because socket.io cannot use HTTP-only cookies directly
|
|
*/
|
|
export default defineEventHandler(async (event) => {
|
|
const subdomain = getSubdomainFromRequest(event)
|
|
const token = getSessionToken(event)
|
|
|
|
if (!token) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
statusMessage: 'Not authenticated',
|
|
})
|
|
}
|
|
|
|
// Return the token for WebSocket use
|
|
// The token is already validated by being in the HTTP-only cookie
|
|
return {
|
|
token,
|
|
subdomain,
|
|
}
|
|
})
|