Drop-OSS · DecDuck · Aug 1, 2025 · Jul 30, 2025 · Jul 31, 2025 · Jul 31, 2025
diff --git a/assets/tailwindcss.css b/assets/tailwindcss.css
@@ -2,3 +2,12 @@
 @plugin "@tailwindcss/typography";
 @plugin "@tailwindcss/forms";
 @config "../tailwind.config.js";
+
+@layer base {
+  input[type="number"]::-webkit-outer-spin-button,
+  input[type="number"]::-webkit-inner-spin-button,
+  input[type="number"] {
+    -webkit-appearance: none;
+    -moz-appearance: textfield !important;
+  }
+}
diff --git a/components/UserHeader/UserWidget.vue b/components/UserHeader/UserWidget.vue
@@ -100,6 +100,11 @@ const navigation = computed<NavigationItem[]>(() =>
       route: "/account",
       prefix: "",
     },
+    {
+      label: "Authorize client",
+      route: "/client/code",
+      prefix: "",
+    },
   ].filter((e) => e !== undefined),
 );
 </script>
diff --git a/i18n/locales/en_us.json b/i18n/locales/en_us.json
@@ -38,6 +38,10 @@
       "requestedAccess": "\"{name}\" has requested access to your Drop account.",
       "success": "Successful!"
     },
+    "code": {
+      "title": "Connect your Drop client",
+      "description": "Use a code to connect your Drop client if you are unable to open a web browser on your device."
+    },
     "confirmPassword": "Confirm @:auth.password",
     "displayName": "Display Name",
     "email": "Email",

diff --git a/pages/client/[id]/callback.vue → pages/client/authorize/[id].vue b/pages/client/[id]/callback.vue → pages/client/authorize/[id].vue
@@ -1,7 +1,7 @@
 <template>
   <div
     v-if="completed"
-    class="min-h-full w-full flex items-center justify-center"
+    class="min-h-full w-full flex items-center justify-center py-10"
   >
     <div class="flex flex-col items-center">
       <CheckCircleIcon class="h-12 w-12 text-green-600" aria-hidden="true" />
@@ -14,7 +14,7 @@
             {{ $t("auth.callback.authorizedClient") }}
           </p>
 
-          <Disclosure v-slot="{ open }" as="div" class="mt-8">
+          <Disclosure v-if="authToken" v-slot="{ open }" as="div" class="mt-8">
             <dt>
               <DisclosureButton
                 class="pb-2 flex w-full items-start justify-between text-left text-zinc-400"
@@ -155,38 +155,58 @@ import {
   XCircleIcon,
 } from "@heroicons/vue/16/solid";
 import { LockClosedIcon } from "@heroicons/vue/20/solid";
-import { CheckCircleIcon } from "@heroicons/vue/24/outline";
+import { CheckCircleIcon, CloudIcon } from "@heroicons/vue/24/outline";
 import { ChevronDownIcon, ChevronUpIcon } from "@heroicons/vue/24/solid";
+import type { FetchError } from "ofetch";
 
 const route = useRoute();
 const clientId = route.params.id;
 
-const clientData = await $dropFetch(
-  `/api/v1/client/auth/callback?id=${clientId}`,
-);
+const clientData = await $dropFetch(`/api/v1/client/auth?id=${clientId}`);
 
 const completed = ref(false);
 const error = ref();
 const authToken = ref<string | undefined>();
 
 async function authorize() {
-  const { redirect, token } = await $dropFetch("/api/v1/client/auth/callback", {
-    method: "POST",
-    body: { id: clientId },
+  switch (clientData.mode) {
+    case "callback": {
+      const { redirect, token } = await $dropFetch(
+        `/api/v1/client/auth/callback`,
+        {
+          method: "POST",
+          body: { id: clientId },
+        },
+      );
+      authToken.value = token;
+      window.location.replace(redirect);
+      return;
+    }
+    case "code": {
+      await $dropFetch("/api/v1/client/auth/code", {
+        method: "POST",
+        body: { id: clientId },
+      });
+      return;
+    }
+  }
+  throw createError({
+    statusCode: 500,
+    statusMessage: "Unknown client auth mode: " + clientData.mode,
+    fatal: true,
   });
-  authToken.value = token;
-  window.location.replace(redirect);
 }
 
-function authorize_wrapper() {
-  authorize()
-    .catch((e) => {
-      const errorMessage = e.statusMessage || "An unknown error occurred.";
-      error.value = errorMessage;
-    })
-    .then(() => {
-      completed.value = true;
-    });
+async function authorize_wrapper() {
+  try {
+    await authorize();
+  } catch (e) {
+    const errorMessage =
+      (e as FetchError)?.statusMessage || "An unknown error occurred.";
+    error.value = errorMessage;
+  } finally {
+    completed.value = true;
+  }
 }
 
 const scopes = [
@@ -198,20 +218,27 @@ const scopes = [
     icon: ArrowDownTrayIcon,
   },
   {
+    name: "Update your status",
+    description:
+      "The client will be able to update your status, and affect your playtime.",
+    href: "/docs/access/status",
+    icon: UserGroupIcon,
+  },
+  clientData.capabilities["peerAPI"] && {
     name: "Access the Drop network",
     description:
       "The client will be able to establish P2P connections with other users to enable features like download aggregation, Remote LAN play and P2P multiplayer.",
     href: "/docs/access/network",
     icon: LockClosedIcon,
   },
-  {
-    name: "Manage your account",
+  clientData.capabilities["cloudSaves"] && {
+    name: "Upload and sync cloud saves",
     description:
-      "The client will be able to change your account details, and friend statuses on your behalf.",
-    href: "/docs/access/account",
-    icon: UserGroupIcon,
+      "The client will be able to upload new cloud saves, and edit your existing ones.",
+    href: "/docs/access/cloud",
+    icon: CloudIcon,
   },
-];
+].filter((e) => e !== undefined);
 
 useHead({
   title: "Authorize",

diff --git a/pages/client/code/index.vue b/pages/client/code/index.vue
@@ -0,0 +1,135 @@
+<template>
+  <div class="w-full h-max min-h-[30vw] flex items-center justify-center">
+    <div class="text-center">
+      <h1 class="text-2xl font-bold text-zinc-100">
+        {{ $t("auth.code.title") }}
+      </h1>
+      <p class="mt-1 max-w-sm text-zinc-400 mx-auto">
+        {{ $t("auth.code.description") }}
+      </p>
+      <div v-if="!loading" class="mt-8 flex flex-row gap-4">
+        <input
+          v-for="i in codeLength"
+          ref="codeElements"
+          :key="i"
+          v-model="code[i - 1]"
+          class="uppercase w-16 h-16 appearance-none text-center bg-zinc-900 rounded-xl border-zinc-700 focus:border-blue-600 text-2xl text-bold font-display text-zinc-100"
+          type="text"
+          pattern="\d*"
+          :placeholder="placeholder[i - 1]"
+          @keydown="(v) => keydown(i - 1, v)"
+          @input="() => input(i - 1)"
+          @focusin="() => select(i - 1)"
+          @paste="(v) => paste(i - 1, v)"
+        />
+      </div>
+      <div v-else class="mt-8 flex items-center justify-center">
+        <svg
+          aria-hidden="true"
+          class="size-12 text-transparent animate-spin fill-white"
+          viewBox="0 0 100 101"
+          fill="none"
+          xmlns="http://www.w3.org/2000/svg"
+        >
+          <path
+            d="M100 50.5908C100 78.2051 77.6142 100.591 50 100.591C22.3858 100.591 0 78.2051 0 50.5908C0 22.9766 22.3858 0.59082 50 0.59082C77.6142 0.59082 100 22.9766 100 50.5908ZM9.08144 50.5908C9.08144 73.1895 27.4013 91.5094 50 91.5094C72.5987 91.5094 90.9186 73.1895 90.9186 50.5908C90.9186 27.9921 72.5987 9.67226 50 9.67226C27.4013 9.67226 9.08144 27.9921 9.08144 50.5908Z"
+            fill="currentColor"
+          />
+          <path
+            d="M93.9676 39.0409C96.393 38.4038 97.8624 35.9116 97.0079 33.5539C95.2932 28.8227 92.871 24.3692 89.8167 20.348C85.8452 15.1192 80.8826 10.7238 75.2124 7.41289C69.5422 4.10194 63.2754 1.94025 56.7698 1.05124C51.7666 0.367541 46.6976 0.446843 41.7345 1.27873C39.2613 1.69328 37.813 4.19778 38.4501 6.62326C39.0873 9.04874 41.5694 10.4717 44.0505 10.1071C47.8511 9.54855 51.7191 9.52689 55.5402 10.0491C60.8642 10.7766 65.9928 12.5457 70.6331 15.2552C75.2735 17.9648 79.3347 21.5619 82.5849 25.841C84.9175 28.9121 86.7997 32.2913 88.1811 35.8758C89.083 38.2158 91.5421 39.6781 93.9676 39.0409Z"
+            fill="currentFill"
+          />
+        </svg>
+      </div>
+
+      <div
+        v-if="error"
+        class="mt-8 rounded-md bg-red-600/10 p-4 max-w-sm mx-auto"
+      >
+        <div class="flex">
+          <div class="flex-shrink-0">
+            <XCircleIcon class="h-5 w-5 text-red-600" aria-hidden="true" />
+          </div>
+          <div class="ml-3">
+            <h3 class="text-sm font-medium text-red-600">
+              {{ error }}
+            </h3>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>
+</template>
+
+<script setup lang="ts">
+import { XCircleIcon } from "@heroicons/vue/24/solid";
+import { FetchError } from "ofetch";
+
+const codeLength = 7;
+const placeholder = "1A2B3C4";
+const codeElements = useTemplateRef("codeElements");
+const code = ref<string[]>([]);
+
+const router = useRouter();
+const loading = ref(false);
+const error = ref<string | undefined>(undefined);
+
+function keydown(index: number, event: KeyboardEvent) {
+  if (event.key === "Backspace" && !code.value[index] && index > 0) {
+    codeElements.value![index - 1].focus();
+  }
+}
+
+function input(index: number) {
+  if (codeElements.value === null) return;
+  const v = code.value[index] ?? "";
+  if (v.length > 1) code.value[index] = v[0];
+
+  if (!(index + 1 >= codeElements.value.length) && v) {
+    codeElements.value[index + 1].focus();
+  }
+
+  if (!(index - 1 < 0) && !v) {
+    codeElements.value[index - 1].focus();
+  }
+
+  console.log(index, codeLength - 1);
+  if (index == codeLength - 1) {
+    const assembledCode = code.value.join("");
+    if (assembledCode.length == codeLength) {
+      complete(assembledCode);
+    }
+  }
+}
+
+function select(index: number) {
+  if (!codeElements.value) return;
+  if (index >= codeElements.value.length) return;
+  codeElements.value[index].select();
+}
+
+function paste(index: number, event: ClipboardEvent) {
+  const newCode = event.clipboardData!.getData("text/plain");
+  for (let i = 0; i < newCode.length && i < codeLength; i++) {
+    code.value[i] = newCode[i];
+    codeElements.value![i].focus();
+  }
+  event.preventDefault();
+}
+
+async function complete(code: string) {
+  loading.value = true;
+  try {
+    const clientId = await $dropFetch(`/api/v1/client/auth/code?code=${code}`);
+    router.push(`/client/authorize/${clientId}`);
+  } catch (e) {
+    if (e instanceof FetchError) {
+      error.value =
+        e.statusMessage ?? e.message ?? "An unknown error occurred.";
+    } else {
+      error.value = (e as string)?.toString();
+    }
+  }
+  loading.value = false;
+}
+</script>
diff --git a/server/api/v1/client/auth/callback/index.post.ts b/server/api/v1/client/auth/callback/index.post.ts
@@ -8,13 +8,19 @@ export default defineEventHandler(async (h3) => {
   const body = await readBody(h3);
   const clientId = await body.id;
 
-  const data = await clientHandler.fetchClientMetadata(clientId);
-  if (!data)
+  const client = await clientHandler.fetchClient(clientId);
+  if (!client)
     throw createError({
       statusCode: 400,
       statusMessage: "Invalid or expired client ID.",
     });
 
+  if (client.userId != user.userId)
+    throw createError({
+      statusCode: 403,
+      statusMessage: "Not allowed to authorize this client.",
+    });
+
   const token = await clientHandler.generateAuthToken(clientId);
 
   return {

diff --git a/server/api/v1/client/auth/code/index.get.ts b/server/api/v1/client/auth/code/index.get.ts
@@ -0,0 +1,21 @@
+import clientHandler from "~/server/internal/clients/handler";
+import sessionHandler from "~/server/internal/session";
+
+export default defineEventHandler(async (h3) => {
+  const user = await sessionHandler.getSession(h3);
+  if (!user) throw createError({ statusCode: 403 });
+
+  const query = getQuery(h3);
+  const code = query.code?.toString()?.toUpperCase();
+  if (!code)
+    throw createError({
+      statusCode: 400,
+      statusMessage: "Code required in query params.",
+    });
+
+  const clientId = await clientHandler.fetchClientIdByCode(code);
+  if (!clientId)
+    throw createError({ statusCode: 400, statusMessage: "Invalid code." });
+
+  return clientId;
+});
diff --git a/server/api/v1/client/auth/code/index.post.ts b/server/api/v1/client/auth/code/index.post.ts
@@ -0,0 +1,35 @@
+import clientHandler from "~/server/internal/clients/handler";
+import sessionHandler from "~/server/internal/session";
+
+export default defineEventHandler(async (h3) => {
+  const user = await sessionHandler.getSession(h3);
+  if (!user) throw createError({ statusCode: 403 });
+
+  const body = await readBody(h3);
+  const clientId = await body.id;
+
+  const client = await clientHandler.fetchClient(clientId);
+  if (!client)
+    throw createError({
+      statusCode: 400,
+      statusMessage: "Invalid or expired client ID.",
+    });
+
+  if (client.userId != user.userId)
+    throw createError({
+      statusCode: 403,
+      statusMessage: "Not allowed to authorize this client.",
+    });
+
+  if (!client.peer)
+    throw createError({
+      statusCode: 500,
+      statusMessage: "No client listening for authorization.",
+    });
+
+  const token = await clientHandler.generateAuthToken(clientId);
+
+  await clientHandler.sendAuthToken(clientId, token);
+
+  return;
+});