boredgame/src/lib/server/api/controllers/oauth.controller.ts

import 'reflect-metadata';
import {Controller} from '$lib/server/api/common/types/controller';
import type {OAuthUser} from '$lib/server/api/common/types/oauth';
import {cookieExpiresAt, createSessionTokenCookie, setSessionCookie} from '$lib/server/api/common/utils/cookies';
import {OAuthService} from '$lib/server/api/services/oauth.service';
import {SessionsService} from '$lib/server/api/services/sessions.service';
import {github, google} from '$lib/server/auth';
import {OAuth2RequestError} from 'arctic';
import {getCookie} from 'hono/cookie';

import {inject, injectable} from 'tsyringe';

@injectable()
export class OAuthController extends Controller {
	constructor(
		@inject(SessionsService) private sessionsService: SessionsService,
		@inject(OAuthService) private oauthService: OAuthService,
	) {
		super();
	}

	routes() {
		return this.controller
			.get('/github', async (c) => {
				try {
					const code = c.req.query('code')?.toString() ?? null;
					const state = c.req.query('state')?.toString() ?? null;
					const storedState = getCookie(c).github_oauth_state ?? null;

					if (!code || !state || !storedState || state !== storedState) {
						return c.body(null, 400);
					}

					const tokens = await github.validateAuthorizationCode(code);
					const githubUserResponse = await fetch('https://api.github.com/user', {
						headers: {
							Authorization: `Bearer ${tokens.accessToken}`,
						},
					});
					const githubUser: GitHubUser = await githubUserResponse.json();

					const oAuthUser: OAuthUser = {
						sub: `${githubUser.id}`,
						username: githubUser.login,
						email: undefined,
					};

					const userId = await this.oauthService.handleOAuthUser(oAuthUser, 'github');

					const sessionToken = this.sessionsService.generateSessionToken();
					const session = await this.sessionsService.createSession(sessionToken, userId, '', '', false, false);
					const sessionCookie = createSessionTokenCookie(session.id, cookieExpiresAt);
					setSessionCookie(c, sessionCookie);
					return c.json({ message: 'ok' });
				} catch (error) {
					console.error(error);
					// the specific error message depends on the provider
					if (error instanceof OAuth2RequestError) {
						// invalid code
						return c.body(null, 400);
					}
					return c.body(null, 500);
				}
			})
			.get('/google', async (c) => {
				try {
					const code = c.req.query('code')?.toString() ?? null;
					const state = c.req.query('state')?.toString() ?? null;
					const storedState = getCookie(c).google_oauth_state ?? null;
					const storedCodeVerifier = getCookie(c).google_oauth_code_verifier ?? null;

					if (!code || !storedState || !storedCodeVerifier || state !== storedState) {
						return c.body(null, 400);
					}

					const tokens = await google.validateAuthorizationCode(code, storedCodeVerifier);
					const googleUserResponse = await fetch('https://openidconnect.googleapis.com/v1/userinfo', {
						headers: {
							Authorization: `Bearer ${tokens.accessToken}`,
						},
					});
					const googleUser: GoogleUser = await googleUserResponse.json();

					const oAuthUser: OAuthUser = {
						sub: googleUser.sub,
						given_name: googleUser.given_name,
						family_name: googleUser.family_name,
						picture: googleUser.picture,
						username: googleUser.email,
						email: googleUser.email,
						email_verified: googleUser.email_verified,
					};

					const userId = await this.oauthService.handleOAuthUser(oAuthUser, 'google');
					const sessionToken = this.sessionsService.generateSessionToken();
					const session = await this.sessionsService.createSession(sessionToken, userId, '', '', false, false);
					const sessionCookie = createSessionTokenCookie(session.id, cookieExpiresAt);
					setSessionCookie(c, sessionCookie);

					return c.json({ message: 'ok' });
				} catch (error) {
					console.error(error);
					// the specific error message depends on the provider
					if (error instanceof OAuth2RequestError) {
						// invalid code
						return c.body(null, 400);
					}
					return c.body(null, 500);
				}
			});
	}
}

interface GitHubUser {
	id: number;
	login: string;
}

interface GoogleUser {
	sub: string;
	name: string;
	given_name: string;
	family_name: string;
	picture: string;
	email: string;
	email_verified: boolean;
}
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`import 'reflect-metadata';`
Cleanup code based on the biomejs config. 2024-11-08 21:57:13 +00:00			`import {Controller} from '$lib/server/api/common/types/controller';`
			`import type {OAuthUser} from '$lib/server/api/common/types/oauth';`
			`import {cookieExpiresAt, createSessionTokenCookie, setSessionCookie} from '$lib/server/api/common/utils/cookies';`
			`import {OAuthService} from '$lib/server/api/services/oauth.service';`
			`import {SessionsService} from '$lib/server/api/services/sessions.service';`
			`import {github, google} from '$lib/server/auth';`
			`import {OAuth2RequestError} from 'arctic';`
			`import {getCookie} from 'hono/cookie';`
Fixing some auth implementations. Removed text encoder for validate session token, unsure why it is needed. 2024-11-08 01:34:13 +00:00
Cleanup code based on the biomejs config. 2024-11-08 21:57:13 +00:00			`import {inject, injectable} from 'tsyringe';`
Adding OAuth for GitHub. 2024-09-16 16:07:22 +00:00
			`@injectable()`
			`export class OAuthController extends Controller {`
			`constructor(`
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`@inject(SessionsService) private sessionsService: SessionsService,`
Fixing OAuth flows, passing code and state correctly to hono, and signing in with GitHub. 2024-09-18 00:32:26 +00:00			`@inject(OAuthService) private oauthService: OAuthService,`
			`) {`
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`super();`
Adding OAuth for GitHub. 2024-09-16 16:07:22 +00:00			`}`

			`routes() {`
Adding license and starting google oauth. 2024-09-20 01:06:54 +00:00			`return this.controller`
			`.get('/github', async (c) => {`
			`try {`
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`const code = c.req.query('code')?.toString() ?? null;`
			`const state = c.req.query('state')?.toString() ?? null;`
			`const storedState = getCookie(c).github_oauth_state ?? null;`
Fixing OAuth flows, passing code and state correctly to hono, and signing in with GitHub. 2024-09-18 00:32:26 +00:00
Adding license and starting google oauth. 2024-09-20 01:06:54 +00:00			`if (!code \|\| !state \|\| !storedState \|\| state !== storedState) {`
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`return c.body(null, 400);`
Adding license and starting google oauth. 2024-09-20 01:06:54 +00:00			`}`

Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`const tokens = await github.validateAuthorizationCode(code);`
Adding license and starting google oauth. 2024-09-20 01:06:54 +00:00			`const githubUserResponse = await fetch('https://api.github.com/user', {`
			`headers: {`
			Authorization: `Bearer ${tokens.accessToken}`,
			`},`
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`});`
			`const githubUser: GitHubUser = await githubUserResponse.json();`
Adding license and starting google oauth. 2024-09-20 01:06:54 +00:00
Add picture and email verified columns to the user, migrations, fixing OAuth with Google, creating types for OAuth 2024-09-21 00:25:51 +00:00			`const oAuthUser: OAuthUser = {`
			sub: `${githubUser.id}`,
			`username: githubUser.login,`
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`email: undefined,`
			`};`
Add picture and email verified columns to the user, migrations, fixing OAuth with Google, creating types for OAuth 2024-09-21 00:25:51 +00:00
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`const userId = await this.oauthService.handleOAuthUser(oAuthUser, 'github');`
Adding license and starting google oauth. 2024-09-20 01:06:54 +00:00
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`const sessionToken = this.sessionsService.generateSessionToken();`
Fixing some auth implementations. Removed text encoder for validate session token, unsure why it is needed. 2024-11-08 01:34:13 +00:00			`const session = await this.sessionsService.createSession(sessionToken, userId, '', '', false, false);`
Creating session cookie util, typing cookies, and fixing session creation and cookie creation for flows. 2024-11-08 18:41:32 +00:00			`const sessionCookie = createSessionTokenCookie(session.id, cookieExpiresAt);`
			`setSessionCookie(c, sessionCookie);`
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`return c.json({ message: 'ok' });`
Adding license and starting google oauth. 2024-09-20 01:06:54 +00:00			`} catch (error) {`
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`console.error(error);`
Adding license and starting google oauth. 2024-09-20 01:06:54 +00:00			`// the specific error message depends on the provider`
			`if (error instanceof OAuth2RequestError) {`
			`// invalid code`
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`return c.body(null, 400);`
Adding license and starting google oauth. 2024-09-20 01:06:54 +00:00			`}`
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`return c.body(null, 500);`
Adding OAuth for GitHub. 2024-09-16 16:07:22 +00:00			`}`
Adding license and starting google oauth. 2024-09-20 01:06:54 +00:00			`})`
			`.get('/google', async (c) => {`
			`try {`
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`const code = c.req.query('code')?.toString() ?? null;`
			`const state = c.req.query('state')?.toString() ?? null;`
			`const storedState = getCookie(c).google_oauth_state ?? null;`
			`const storedCodeVerifier = getCookie(c).google_oauth_code_verifier ?? null;`
Adding license and starting google oauth. 2024-09-20 01:06:54 +00:00
			`if (!code \|\| !storedState \|\| !storedCodeVerifier \|\| state !== storedState) {`
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`return c.body(null, 400);`
Adding license and starting google oauth. 2024-09-20 01:06:54 +00:00			`}`

Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`const tokens = await google.validateAuthorizationCode(code, storedCodeVerifier);`
			`const googleUserResponse = await fetch('https://openidconnect.googleapis.com/v1/userinfo', {`
Adding license and starting google oauth. 2024-09-20 01:06:54 +00:00			`headers: {`
			Authorization: `Bearer ${tokens.accessToken}`,
			`},`
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`});`
			`const googleUser: GoogleUser = await googleUserResponse.json();`
Fixing OAuth flows, passing code and state correctly to hono, and signing in with GitHub. 2024-09-18 00:32:26 +00:00
Add picture and email verified columns to the user, migrations, fixing OAuth with Google, creating types for OAuth 2024-09-21 00:25:51 +00:00			`const oAuthUser: OAuthUser = {`
			`sub: googleUser.sub,`
			`given_name: googleUser.given_name,`
			`family_name: googleUser.family_name,`
			`picture: googleUser.picture,`
			`username: googleUser.email,`
			`email: googleUser.email,`
			`email_verified: googleUser.email_verified,`
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`};`
Add picture and email verified columns to the user, migrations, fixing OAuth with Google, creating types for OAuth 2024-09-21 00:25:51 +00:00
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`const userId = await this.oauthService.handleOAuthUser(oAuthUser, 'google');`
Creating session cookie util, typing cookies, and fixing session creation and cookie creation for flows. 2024-11-08 18:41:32 +00:00			`const sessionToken = this.sessionsService.generateSessionToken();`
			`const session = await this.sessionsService.createSession(sessionToken, userId, '', '', false, false);`
			`const sessionCookie = createSessionTokenCookie(session.id, cookieExpiresAt);`
			`setSessionCookie(c, sessionCookie);`
Adding license and starting google oauth. 2024-09-20 01:06:54 +00:00
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`return c.json({ message: 'ok' });`
Adding license and starting google oauth. 2024-09-20 01:06:54 +00:00			`} catch (error) {`
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`console.error(error);`
Adding license and starting google oauth. 2024-09-20 01:06:54 +00:00			`// the specific error message depends on the provider`
			`if (error instanceof OAuth2RequestError) {`
			`// invalid code`
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`return c.body(null, 400);`
Adding license and starting google oauth. 2024-09-20 01:06:54 +00:00			`}`
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`return c.body(null, 500);`
Fixing OAuth flows, passing code and state correctly to hono, and signing in with GitHub. 2024-09-18 00:32:26 +00:00			`}`
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`});`
Adding OAuth for GitHub. 2024-09-16 16:07:22 +00:00			`}`
			`}`

			`interface GitHubUser {`
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`id: number;`
			`login: string;`
Fixing OAuth flows, passing code and state correctly to hono, and signing in with GitHub. 2024-09-18 00:32:26 +00:00			`}`
Adding license and starting google oauth. 2024-09-20 01:06:54 +00:00
			`interface GoogleUser {`
Formatting files, upgrading Drizzle, using snake case in Drizzle, update tables, fix unique ID with new Drizzle. 2024-11-06 17:49:18 +00:00			`sub: string;`
			`name: string;`
			`given_name: string;`
			`family_name: string;`
			`picture: string;`
			`email: string;`
			`email_verified: boolean;`
Adding license and starting google oauth. 2024-09-20 01:06:54 +00:00			`}`