diff --git a/apps/api/package.json b/apps/api/package.json index f5466dc..9479606 100644 --- a/apps/api/package.json +++ b/apps/api/package.json @@ -7,7 +7,7 @@ "deploy": "wrangler deploy --minify src/index.ts", "db:generate": "drizzle-kit generate:sqlite", "db:migrate": "wrangler d1 migrations apply demo --local", - "db:migrate:prod": "wrangler d1 migrations apply demo", + "db:migrate:prod": "wrangler d1 migrations apply demo --remote", "db:studio": "drizzle-kit studio", "db:studio:local": "cross-env LOCAL_DB_PATH=$(find .wrangler/state/v3/d1/miniflare-D1DatabaseObject -type f -name '*.sqlite' -print -quit) drizzle-kit studio" }, diff --git a/apps/api/src/controller/auth/auth.controller.ts b/apps/api/src/controller/auth/auth.controller.ts index 56de0e8..cc12967 100644 --- a/apps/api/src/controller/auth/auth.controller.ts +++ b/apps/api/src/controller/auth/auth.controller.ts @@ -94,87 +94,94 @@ const AuthController = new Hono() "/:provider/callback", zValidator("param", z.object({ provider: z.enum(["github", "google", "apple"]) })), async (c) => { - const provider = c.req.valid("param").provider; - let stateCookie = getCookie(c, `${provider}_oauth_state`); - const codeVerifierCookie = getCookie(c, `${provider}_oauth_code_verifier`); - const sessionTokenCookie = getCookie(c, "sessionToken"); - let redirect = getCookie(c, "redirect"); + try { + const provider = c.req.valid("param").provider; + let stateCookie = getCookie(c, `${provider}_oauth_state`); + const codeVerifierCookie = getCookie(c, `${provider}_oauth_code_verifier`); + const sessionTokenCookie = getCookie(c, "sessionToken"); + let redirect = getCookie(c, "redirect"); - const url = new URL(c.req.url); - let state = url.searchParams.get("state"); - let code = url.searchParams.get("code"); - const codeVerifierRequired = ["google"].includes(provider); - if (c.req.method === "POST") { - const formData = await c.req.formData(); - state = formData.get("state"); - stateCookie = state ?? stateCookie; - code = formData.get("code"); - redirect = c.env.WEB_DOMAIN; - } - if ( - !state || - !stateCookie || - !code || - stateCookie !== state || - !redirect || - (codeVerifierRequired && !codeVerifierCookie) - ) { - return c.json({ error: "Invalid request" }, 400); - } - if (provider === "github") { - const session = await createGithubSession({ c, idToken: code, sessionToken: sessionTokenCookie }); - if (!session) { - return c.json({}, 400); + const url = new URL(c.req.url); + let state = url.searchParams.get("state"); + let code = url.searchParams.get("code"); + const codeVerifierRequired = ["google"].includes(provider); + if (c.req.method === "POST") { + const formData = await c.req.formData(); + state = formData.get("state"); + stateCookie = state ?? stateCookie; + code = formData.get("code"); + redirect = c.env.WEB_DOMAIN; } - const redirectUrl = new URL(redirect); - redirectUrl.searchParams.append("token", session.id); - return c.redirect(redirectUrl.toString()); - } else if (provider === "google") { - const session = await createGoogleSession({ - c, - idToken: code, - codeVerifier: codeVerifierCookie!, - sessionToken: sessionTokenCookie, - }); - if (!session) { - return c.json({}, 400); + if ( + !state || + !stateCookie || + !code || + stateCookie !== state || + !redirect || + (codeVerifierRequired && !codeVerifierCookie) + ) { + return c.json({ error: "Invalid request" }, 400); } - const redirectUrl = new URL(redirect); - redirectUrl.searchParams.append("token", session.id); - return c.redirect(redirectUrl.toString()); - } else if (provider === "apple") { - const originHeader = c.req.header("Origin"); - const hostHeader = c.req.header("Host"); - if (!originHeader || !hostHeader || !verifyRequestOrigin(originHeader, [hostHeader, "appleid.apple.com"])) { - return c.json({}, 403); - } - const formData = await c.req.formData(); - const userJSON = formData.get("user"); // only available first time - let user: { username: string } | undefined; - if (userJSON) { - const reqUser = JSON.parse(userJSON) as { - name: { firstName: string; lastName: string }; - email: string; - }; - user = { - username: `${reqUser.name.firstName} ${reqUser.name.lastName}`, - }; + if (provider === "github") { + const session = await createGithubSession({ c, idToken: code, sessionToken: sessionTokenCookie }); + if (!session) { + return c.json({}, 400); + } + const redirectUrl = new URL(redirect); + redirectUrl.searchParams.append("token", session.id); + return c.redirect(redirectUrl.toString()); + } else if (provider === "google") { + const session = await createGoogleSession({ + c, + idToken: code, + codeVerifier: codeVerifierCookie!, + sessionToken: sessionTokenCookie, + }); + if (!session) { + return c.json({}, 400); + } + const redirectUrl = new URL(redirect); + redirectUrl.searchParams.append("token", session.id); + return c.redirect(redirectUrl.toString()); + } else if (provider === "apple") { + const originHeader = c.req.header("Origin"); + const hostHeader = c.req.header("Host"); + if (!originHeader || !hostHeader || !verifyRequestOrigin(originHeader, [hostHeader, "appleid.apple.com"])) { + return c.json({}, 403); + } + const formData = await c.req.formData(); + const userJSON = formData.get("user"); // only available first time + let user: { username: string } | undefined; + if (userJSON) { + const reqUser = JSON.parse(userJSON) as { + name: { firstName: string; lastName: string }; + email: string; + }; + user = { + username: `${reqUser.name.firstName} ${reqUser.name.lastName}`, + }; + } + const session = await createAppleSession({ + c, + code, + user, + sessionToken: sessionTokenCookie, + }); + if (!session) { + return c.json({}, 400); + } + // always web + const redirectUrl = new URL(redirect); + redirectUrl.searchParams.append("token", session.id); + return c.redirect(redirectUrl.toString()); } - const session = await createAppleSession({ - c, - code, - user, - sessionToken: sessionTokenCookie, - }); - if (!session) { - return c.json({}, 400); + return c.json({}, 400); + } catch (error) { + console.error(error); + if (error instanceof Error) { + console.error(error.stack); } - // always web - const redirectUrl = new URL(redirect); - redirectUrl.searchParams.append("token", session.id); - return c.redirect(redirectUrl.toString()); } - return c.json({}, 400); } ) .post( diff --git a/apps/api/src/database/migrations/0000_fat_anthem.sql b/apps/api/src/database/migrations/0000_neat_baron_strucker.sql similarity index 100% rename from apps/api/src/database/migrations/0000_fat_anthem.sql rename to apps/api/src/database/migrations/0000_neat_baron_strucker.sql diff --git a/apps/api/src/database/migrations/meta/0000_snapshot.json b/apps/api/src/database/migrations/meta/0000_snapshot.json index 49fb60c..91444d4 100644 --- a/apps/api/src/database/migrations/meta/0000_snapshot.json +++ b/apps/api/src/database/migrations/meta/0000_snapshot.json @@ -1,7 +1,7 @@ { "version": "5", "dialect": "sqlite", - "id": "6d761fab-1e30-43d6-a3d9-c2f387ad1c6f", + "id": "32403a6d-e0c4-4da9-8436-1a9b2609b8d1", "prevId": "00000000-0000-0000-0000-000000000000", "tables": { "oauth_account": { diff --git a/apps/api/src/database/migrations/meta/_journal.json b/apps/api/src/database/migrations/meta/_journal.json index a26d4e1..9918a03 100644 --- a/apps/api/src/database/migrations/meta/_journal.json +++ b/apps/api/src/database/migrations/meta/_journal.json @@ -5,8 +5,8 @@ { "idx": 0, "version": "5", - "when": 1711184856860, - "tag": "0000_fat_anthem", + "when": 1711820490724, + "tag": "0000_neat_baron_strucker", "breakpoints": true } ]