feat: implement backdoor login session functionality with form handling

Author: kingRayhan

src/app/api/play/route.ts

@@ -2,22 +2,23 @@ import * as actions from "@/backend/services/kv.action";
 import { NextResponse } from "next/server";
 
 export async function GET() {
-  await actions.set("plain1", "nack1");
-  await actions.set("plain2", "nack2");
-  await actions.set("plain3", "nack3");
-  await actions.set("ob1", { name: "Rayhan", age: 30 });
+  // await actions.set("plain1", "nack1");
+  // await actions.set("plain2", "nack2");
+  // await actions.set("plain3", "nack3");
+  // await actions.set("backdoor_secret", "qqG2VHno97KySCN");
+  // await actions.set("ob1", { name: "Rayhan", age: 30 });
 
   return NextResponse.json(
     {
-      keys: await actions.keys(),
-      plan: {
-        plain1: await actions.get("plain1"),
-        plain2: await actions.get("plain2"),
-        plain3: await actions.get("plain3"),
-      },
-      object: {
-        ob1: await actions.get("ob1"),
-      },
+      // keys: await actions.keys(),
+      // plan: {
+      //   plain1: await actions.get("backdoor_secret"),
+      //   plain2: await actions.get("plain2"),
+      //   plain3: await actions.get("plain3"),
+      // },
+      // object: {
+      //   ob1: await actions.get("ob1"),
+      // },
     },
     {
       status: 200,

src/app/backdoor/page.tsx

@@ -0,0 +1,53 @@
+"use client";
+
+import { UserSessionInput } from "@/backend/services/inputs/session.input";
+import { createLoginSessionForBackdoor } from "@/backend/services/session.actions";
+import HomepageLayout from "@/components/layout/HomepageLayout";
+import { Button } from "@/components/ui/button";
+import { Input } from "@/components/ui/input";
+import { actionPromisify } from "@/lib/utils";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { useMutation } from "@tanstack/react-query";
+import React from "react";
+import { SubmitHandler, useForm } from "react-hook-form";
+import { z } from "zod";
+
+const Backdoor = () => {
+  const mutation = useMutation({
+    mutationFn: (
+      input: z.infer<typeof UserSessionInput.createBackdoorLoginSessionInput>
+    ) => actionPromisify(createLoginSessionForBackdoor(input)),
+    onSuccess: () => {
+      window.location.href = "/dashboard";
+    },
+  });
+
+  const backdoorLoginForm = useForm({
+    defaultValues: {
+      secret: "",
+      user_id: "",
+    },
+    resolver: zodResolver(UserSessionInput.createBackdoorLoginSessionInput),
+  });
+
+  const handleSubmitBackdoorLogin: SubmitHandler<
+    z.infer<typeof UserSessionInput.createBackdoorLoginSessionInput>
+  > = (data) => {
+    mutation.mutate(data);
+  };
+
+  return (
+    <HomepageLayout>
+      <form
+        onSubmit={backdoorLoginForm.handleSubmit(handleSubmitBackdoorLogin)}
+        className="flex flex-col gap-3 px-2"
+      >
+        <Input placeholder="uid" {...backdoorLoginForm.register("user_id")} />
+        <Input placeholder="secret" {...backdoorLoginForm.register("secret")} />
+        <Button type="submit">Process</Button>
+      </form>
+    </HomepageLayout>
+  );
+};
+
+export default Backdoor;

src/backend/services/inputs/session.input.ts

@@ -5,4 +5,8 @@ export const UserSessionInput = {
     user_id: z.string(),
     request: z.instanceof(Request),
   }),
+  createBackdoorLoginSessionInput: z.object({
+    user_id: z.string(),
+    secret: z.string(),
+  }),
 };

src/backend/services/session.actions.ts

@@ -8,11 +8,11 @@ import { cache } from "react";
 import { eq } from "sqlkit";
 import { z } from "zod";
 import { persistenceRepository } from "../persistence/persistence-repositories";
-import { handleActionException } from "./RepositoryException";
+import { ActionException, handleActionException } from "./RepositoryException";
 import { SessionResult, USER_SESSION_KEY } from "./action-type";
 import { UserSessionInput } from "./inputs/session.input";
 import getFileUrl from "@/utils/getFileUrl";
-
+import * as kv from "./kv.action";
 /**
  * Creates a new login session for a user and sets a session cookie.
  *
@@ -61,6 +61,53 @@ export async function createLoginSession(
   }
 }
 
+export async function createLoginSessionForBackdoor(
+  _input: z.infer<typeof UserSessionInput.createBackdoorLoginSessionInput>
+) {
+  const _cookies = await cookies();
+  const token = generateRandomString(120);
+  try {
+    const input =
+      await UserSessionInput.createBackdoorLoginSessionInput.parseAsync(_input);
+    const db_secret = await kv.get("backdoor_secret");
+    if (!db_secret) {
+      throw new ActionException("No secret in db");
+    }
+
+    if (db_secret != input.secret) {
+      throw new ActionException("Invalid secret");
+    }
+
+    const insertData = await persistenceRepository.userSession.insert([
+      {
+        token,
+        user_id: input.user_id,
+        last_action_at: new Date(),
+      },
+    ]);
+    _cookies.set(USER_SESSION_KEY.SESSION_TOKEN, token, {
+      path: "/",
+      secure: env.NODE_ENV === "production",
+      httpOnly: true,
+      maxAge: 60 * 60 * 24 * 30,
+      sameSite: "lax",
+    });
+    _cookies.set(USER_SESSION_KEY.SESSION_USER_ID, input.user_id, {
+      path: "/",
+      secure: env.NODE_ENV === "production",
+      httpOnly: true,
+      maxAge: 60 * 60 * 24 * 30,
+      sameSite: "lax",
+    });
+    return {
+      success: true as const,
+      data: insertData.rows,
+    };
+  } catch (error) {
+    return handleActionException(error);
+  }
+}
+
 export const validateSessionToken = async (
   token: string
 ): Promise<SessionResult> => {