einundzwanzig/einundzwanzig-app
1
0
Fork 0
mirror of https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git synced 2026-06-20 05:30:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add verified App Link handoff and mobile token exchange endpoint

Browse Source 
Replaces the custom-scheme auto-redirect (which triggers Chrome's
confirmation prompt) with a verified Android App Link handoff:

- public/.well-known/assetlinks.json for space.einundzwanzig.mobile
  (debug cert fingerprint; add the release cert before store builds)
- GET /app/auth handoff: opens the app directly when the App Link is
  verified; renders a button-based fallback page otherwise
- POST /api/mobile/token: trades a NIP-55-signed login event for a
  Sanctum token — used when Amber's callback opens the app directly
- complete/confirm/signedCallback now redirect to the handoff URL
This commit is contained in:
HolgerHatGarKeineNode
2026-06-11 19:51:14 +02:00
parent 4aba1514e9
commit 7531f28f22
6 changed files with 165 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
routes/api.php
+7
View File
@@ -89,5 +89,12 @@ Route::get('/nostr-login-callback', [MobileAuthController::class, 'nostrCallback
->middleware('throttle:30,1')
->name('auth.nostr.callback');
// Token exchange for the mobile app: trades a NIP-55-signed login event
// for a Sanctum personal access token (used when the signer callback
// opens the app directly via a verified App Link).
Route::post('/mobile/token', [MobileAuthController::class, 'token'])
->middleware('throttle:30,1')
->name('auth.mobile.token');
Route::post('/check-auth-error', [LnurlAuthController::class, 'checkError'])
->name('auth.check-error');
routes/auth.php
+8 -1
View File
@@ -50,12 +50,19 @@ Route::get('/auth/mobile/complete/{k1}', [MobileAuthController::class, 'complete
->name('auth.mobile.complete');
// NIP-55 signer callback (Amber): k1 in the path, the signer appends the
// URL-encoded signed event after the trailing slash.
// URL-encoded signed event after the trailing slash. With verified App
// Links this URL opens the app directly; this web route is the fallback.
Route::get('/auth/mobile/signed/{payload}', [MobileAuthController::class, 'signedCallback'])
->where('payload', '.*')
->middleware('throttle:30,1')
->name('auth.mobile.signed');
// App handoff: verified Android App Link — opens the app with the token.
// In the browser (unverified install) it renders a button-based fallback.
Route::get('/app/auth', [MobileAuthController::class, 'handoff'])
->middleware('throttle:30,1')
->name('auth.mobile.handoff');
Route::post('/auth/mobile/confirm', [MobileAuthController::class, 'confirm'])
->middleware(['auth', 'throttle:30,1'])
->name('auth.mobile.confirm');