feat: add /bridge/v1/bridge_client_sessions/* endpoints (#238)

* add new bridge_client_session endpoints: create, get

* fix addBridgeClientSession() method

* fix seeders, add tests

* ci: Generate code

---------

Co-authored-by: Seam Bot <seambot@getseam.com>

Author: mikewuu

src/lib/database/schema.ts

@@ -8,6 +8,7 @@ import type {
   AcsUser,
   ActionAttempt,
   ApiKey,
+  BridgeClientSession,
   ClientSession,
   ConnectedAccount,
   ConnectWebview,
@@ -49,6 +50,7 @@ export interface DatabaseState {
   enrollment_automations: EnrollmentAutomation[]
   connect_webviews: ConnectWebview[]
   client_sessions: ClientSession[]
+  bridge_client_sessions: BridgeClientSession[]
   connected_accounts: ConnectedAccount[]
   devices: Device[]
   events: Event[]
@@ -105,6 +107,9 @@ export interface DatabaseMethods {
   addClientSession: (
     params: Pick<ClientSession, "workspace_id"> & Partial<ClientSession>,
   ) => ClientSession
+  addBridgeClientSession: (
+    params: Partial<BridgeClientSession>,
+  ) => BridgeClientSession
   addUserIdentity: (params: {
     workspace_id: WorkspaceId
     user_identity_id?: string

src/lib/database/seed.ts

@@ -24,6 +24,7 @@ export interface Seed {
   john_user_key: "john_user_key"
   visionline_acs_system_1: "visionline_acs_system_1"
   seam_at1_token: "seam_at1_longtoken"
+  bridge_client_session_token: "bcs1_token"
 }
 
 export const seed: Seed = {
@@ -48,6 +49,7 @@ export const seed: Seed = {
   john_user_id: "john_user_id",
   john_user_key: "john_user_key",
   visionline_acs_system_1: "visionline_acs_system_1",
+  bridge_client_session_token: "bcs1_token",
 } as const
 
 export const seedDatabase = (db: Database): Seed => {
@@ -235,6 +237,18 @@ export const seedDatabase = (db: Database): Seed => {
     api_key_id: api_key_1.api_key_id,
   })
 
+  db.addBridgeClientSession({
+    bridge_client_session_id: "bcs1",
+    bridge_client_session_token: "bcs1_token",
+    pairing_code: "123456",
+    pairing_code_expires_at: new Date().toISOString(),
+    tailscale_hostname: "bcs1_tailscale_host",
+    tailscale_auth_key: ["bcs1_tailscale_key"],
+    bridge_client_name: "bridge_1",
+    bridge_client_time_zone: "America/Los_Angeles",
+    bridge_client_machine_identifier_key: "bcs1_machine",
+  })
+
   const connected_account = db.addConnectedAccount({
     provider: "assa_abloy_credential_service",
     workspace_id: seed.seed_workspace_1,

src/lib/database/store.ts

@@ -7,7 +7,7 @@ import { immer } from "zustand/middleware/immer"
 import { createStore, type StoreApi } from "zustand/vanilla"
 import { hoist } from "zustand-hoist"
 
-import type { UserSession } from "lib/zod/index.ts"
+import type { BridgeClientSession, UserSession } from "lib/zod/index.ts"
 
 import {
   ACS_ACCESS_GROUP_EXTERNAL_TYPE_TO_DISPLAY_NAME,
@@ -71,6 +71,7 @@ const initializer = immer<Database>((set, get) => ({
   simulatedWorkspaceOutages: {},
   simulatedEvents: {},
   client_sessions: [],
+  bridge_client_sessions: [],
   assa_abloy_credential_services: [],
   assa_abloy_cards: [],
   endpoints: [],
@@ -298,6 +299,33 @@ const initializer = immer<Database>((set, get) => ({
     return new_cst
   },
 
+  addBridgeClientSession(params) {
+    const bridge_client_session_id = get()._getNextId("bcs")
+
+    const bridge_client_session: BridgeClientSession = {
+      created_at: new Date().toISOString(),
+      bridge_client_session_id,
+      bridge_client_session_token: `${bridge_client_session_id}_token`,
+      pairing_code: "123456",
+      pairing_code_expires_at: new Date().toISOString(),
+      tailscale_hostname: `${bridge_client_session_id}_tailscale_host`,
+      tailscale_auth_key: [`${bridge_client_session_id}_tailscale_auth`],
+      bridge_client_name: `${bridge_client_session_id}_bridge`,
+      bridge_client_time_zone: "America/Los_Angeles",
+      bridge_client_machine_identifier_key: `${bridge_client_session_id}_key`,
+      ...params,
+    }
+
+    set({
+      bridge_client_sessions: [
+        ...get().bridge_client_sessions,
+        bridge_client_session,
+      ],
+    })
+
+    return bridge_client_session
+  },
+
   addUserIdentity(params) {
     const user_identity_id = params.user_identity_id ?? get()._getNextId("uid")
     const new_user_identity: UserIdentity = {

src/lib/middleware/with-bridge-client-session.ts

@@ -0,0 +1,46 @@
+import { type Middleware, UnauthorizedException } from "nextlove"
+import type { AuthenticatedRequest } from "src/types/authenticated-request.ts"
+
+import type { Database } from "lib/database/index.ts"
+
+export const withBridgeClientSession: Middleware<
+  {
+    auth: Extract<
+      AuthenticatedRequest["auth"],
+      { type: "bridge_client_session" }
+    >
+  },
+  {
+    db: Database
+  }
+> = (next) => async (req, res) => {
+  const session_token = req.headers?.authorization?.split("Bearer ")?.[1]
+
+  if (session_token == null) {
+    throw new UnauthorizedException({
+      type: "unauthorized",
+      message: "Missing Bridge client session auth token",
+    })
+  }
+
+  const bridge_client_session = req.db.bridge_client_sessions.find(
+    (bridge_client_session) =>
+      bridge_client_session.bridge_client_session_token === session_token,
+  )
+
+  if (bridge_client_session == null) {
+    throw new UnauthorizedException({
+      type: "unauthorized",
+      message: "Invalid Session",
+    })
+  }
+
+  req.auth = {
+    type: "bridge_client_session",
+    bridge_client_session: {
+      bridge_client_session_id: bridge_client_session.bridge_client_session_id,
+    },
+  }
+
+  return next(req, res)
+}

src/lib/middleware/with-certified-client.ts

@@ -0,0 +1,24 @@
+import type { Middleware } from "nextlove"
+import type { AuthenticatedRequest } from "src/types/authenticated-request.ts"
+
+import type { Database } from "lib/database/index.ts"
+
+/**
+ * Middleware to check the certified client
+ * Certified clients are not yet implemented, this middleware is a placeholder.
+ * Once implemented, this middleware will be used to verify the authenticity of the client (implementation tbd)
+ */
+export const withCertifiedClient: Middleware<
+  {
+    auth: Extract<AuthenticatedRequest["auth"], { type: "certified_client" }>
+  },
+  {
+    db: Database
+  }
+> = (next) => async (req, res) => {
+  req.auth = {
+    type: "certified_client",
+  }
+
+  return next(req, res)
+}

src/lib/middleware/with-route-spec.ts

@@ -4,6 +4,8 @@ import { withAccessToken } from "./with-access-token.ts"
 import { withAdminAuth } from "./with-admin-auth.ts"
 import { withApiKey } from "./with-api-key.ts"
 import { withBaseUrl } from "./with-base-url.ts"
+import { withBridgeClientSession } from "./with-bridge-client-session.ts"
+import { withCertifiedClient } from "./with-certified-client.ts"
 import { withClientSession } from "./with-client-session.ts"
 import { withCors } from "./with-cors.ts"
 import { withDb } from "./with-db.ts"
@@ -43,6 +45,11 @@ export const withRouteSpec = createWithRouteSpec({
       scheme: "bearer",
       bearerFormat: "Console Session Token",
     },
+    bridge_client_session: {
+      type: "http",
+      scheme: "bearer",
+      bearerFormat: "Bridge Client Session Token",
+    },
     api_key: {
       type: "http",
       scheme: "bearer",
@@ -53,6 +60,11 @@ export const withRouteSpec = createWithRouteSpec({
       in: "header",
       name: "seam-publishable-key",
     },
+    certified_client: {
+      type: "http",
+      scheme: "bearer",
+      bearerFormat: "Certified Client Token",
+    },
   },
 
   authMiddlewareMap: {
@@ -66,8 +78,10 @@ export const withRouteSpec = createWithRouteSpec({
     console_session_without_workspace: withSessionAuth({
       is_workspace_id_required: false,
     }),
+    bridge_client_session: withBridgeClientSession,
     api_key: withApiKey,
     client_session: withClientSession,
     publishable_key: withPublishableKey,
+    certified_client: withCertifiedClient,
   },
 } as const)

src/lib/zod/bridge_client_session.ts

@@ -0,0 +1,16 @@
+import { z } from "zod"
+
+export const bridge_client_session = z.object({
+  created_at: z.string().datetime(),
+  bridge_client_session_id: z.string(),
+  bridge_client_session_token: z.string(),
+  pairing_code: z.string().length(6),
+  pairing_code_expires_at: z.string().datetime(),
+  tailscale_hostname: z.string(),
+  tailscale_auth_key: z.array(z.string()),
+  bridge_client_name: z.string(),
+  bridge_client_time_zone: z.string(),
+  bridge_client_machine_identifier_key: z.string(),
+})
+
+export type BridgeClientSession = z.infer<typeof bridge_client_session>

src/lib/zod/index.ts

@@ -3,6 +3,7 @@ export * from "./access_token.ts"
 export * from "./acs/index.ts"
 export * from "./action_attempt.ts"
 export * from "./api_key.ts"
+export * from "./bridge_client_session.ts"
 export * from "./client_session.ts"
 export * from "./common.ts"
 export * from "./connect_webview.ts"

src/pages/api/seam/bridge/v1/bridge_client_sessions/create.ts

@@ -0,0 +1,52 @@
+import { z } from "zod"
+
+import { withRouteSpec } from "lib/middleware/index.ts"
+import { bridge_client_session } from "lib/zod/index.ts"
+
+export default withRouteSpec({
+  description: `
+  ---
+  title: Create a Bridge Client Session
+  response_key: bridge_client_session
+  undocumented: Seam Bridge Client only.
+  ---
+  Creates a new bridge client session.
+  `,
+  auth: "certified_client",
+  methods: ["POST"],
+  jsonBody: z.object({
+    bridge_client_name: z.string(),
+    bridge_client_time_zone: z.string(),
+    bridge_client_machine_identifier_key: z.string(),
+  }),
+  jsonResponse: z.object({
+    bridge_client_session,
+  }),
+} as const)(async (req, res) => {
+  const { db, body } = req
+  const {
+    bridge_client_name,
+    bridge_client_time_zone,
+    bridge_client_machine_identifier_key,
+  } = body
+
+  const bridge_client_session_token = `${bridge_client_name}_token`
+  const pairing_code = "123456"
+
+  const pairing_code_expires_at = new Date(
+    new Date().getTime() + 3 * 60 * 1000,
+  ).toISOString()
+
+  const bridge_client_session = db.addBridgeClientSession({
+    bridge_client_name,
+    bridge_client_time_zone,
+    bridge_client_machine_identifier_key,
+    bridge_client_session_token,
+    pairing_code,
+    pairing_code_expires_at,
+  })
+
+  res.json({
+    bridge_client_session,
+  })
+})

src/pages/api/seam/bridge/v1/bridge_client_sessions/get.ts

@@ -0,0 +1,38 @@
+import { NotFoundException } from "nextlove"
+import { z } from "zod"
+
+import { withRouteSpec } from "lib/middleware/index.ts"
+import { bridge_client_session } from "lib/zod/index.ts"
+
+export default withRouteSpec({
+  description: `
+  ---
+  title: Get a Bridge Client Session
+  response_key: bridge_client_session
+  undocumented: Seam Bridge Client only.
+  ---
+  Returns the bridge client session associated with the session token used.
+  `,
+  auth: ["bridge_client_session"],
+  methods: ["GET", "POST"],
+  jsonResponse: z.object({
+    bridge_client_session,
+  }),
+} as const)(async (req, res) => {
+  const { db, auth } = req
+
+  const bridge_client_session = db.bridge_client_sessions.find(
+    (bridge_client_session) =>
+      bridge_client_session.bridge_client_session_id ===
+      auth.bridge_client_session.bridge_client_session_id,
+  )
+
+  if (bridge_client_session == null) {
+    throw new NotFoundException({
+      type: "bridge_client_session_not_found",
+      message: "Bridge client session not found",
+    })
+  }
+
+  res.status(200).json({ bridge_client_session })
+})