Adding upstream version 0.28.1.

Signed-off-by: Daniel Baumann <daniel@debian.org>

apis/record_auth.go

@@ -0,0 +1,79 @@
+package apis
+
+import (
+	"github.com/pocketbase/pocketbase/core"
+	"github.com/pocketbase/pocketbase/tools/router"
+)
+
+// bindRecordAuthApi registers the auth record api endpoints and
+// the corresponding handlers.
+func bindRecordAuthApi(app core.App, rg *router.RouterGroup[*core.RequestEvent]) {
+	// global oauth2 subscription redirect handler
+	rg.GET("/oauth2-redirect", oauth2SubscriptionRedirect).Bind(
+		SkipSuccessActivityLog(), // skip success log as it could contain sensitive information in the url
+	)
+	// add again as POST in case of response_mode=form_post
+	rg.POST("/oauth2-redirect", oauth2SubscriptionRedirect).Bind(
+		SkipSuccessActivityLog(), // skip success log as it could contain sensitive information in the url
+	)
+
+	sub := rg.Group("/collections/{collection}")
+
+	sub.GET("/auth-methods", recordAuthMethods).Bind(
+		collectionPathRateLimit("", "listAuthMethods"),
+	)
+
+	sub.POST("/auth-refresh", recordAuthRefresh).Bind(
+		collectionPathRateLimit("", "authRefresh"),
+		RequireSameCollectionContextAuth(""),
+	)
+
+	sub.POST("/auth-with-password", recordAuthWithPassword).Bind(
+		collectionPathRateLimit("", "authWithPassword", "auth"),
+	)
+
+	sub.POST("/auth-with-oauth2", recordAuthWithOAuth2).Bind(
+		collectionPathRateLimit("", "authWithOAuth2", "auth"),
+	)
+
+	sub.POST("/request-otp", recordRequestOTP).Bind(
+		collectionPathRateLimit("", "requestOTP"),
+	)
+	sub.POST("/auth-with-otp", recordAuthWithOTP).Bind(
+		collectionPathRateLimit("", "authWithOTP", "auth"),
+	)
+
+	sub.POST("/request-password-reset", recordRequestPasswordReset).Bind(
+		collectionPathRateLimit("", "requestPasswordReset"),
+	)
+	sub.POST("/confirm-password-reset", recordConfirmPasswordReset).Bind(
+		collectionPathRateLimit("", "confirmPasswordReset"),
+	)
+
+	sub.POST("/request-verification", recordRequestVerification).Bind(
+		collectionPathRateLimit("", "requestVerification"),
+	)
+	sub.POST("/confirm-verification", recordConfirmVerification).Bind(
+		collectionPathRateLimit("", "confirmVerification"),
+	)
+
+	sub.POST("/request-email-change", recordRequestEmailChange).Bind(
+		collectionPathRateLimit("", "requestEmailChange"),
+		RequireSameCollectionContextAuth(""),
+	)
+	sub.POST("/confirm-email-change", recordConfirmEmailChange).Bind(
+		collectionPathRateLimit("", "confirmEmailChange"),
+	)
+
+	sub.POST("/impersonate/{id}", recordAuthImpersonate).Bind(RequireSuperuserAuth())
+}
+
+func findAuthCollection(e *core.RequestEvent) (*core.Collection, error) {
+	collection, err := e.App.FindCachedCollectionByNameOrId(e.Request.PathValue("collection"))
+
+	if err != nil || !collection.IsAuth() {
+		return nil, e.NotFoundError("Missing or invalid auth collection context.", err)
+	}
+
+	return collection, nil
+}