memorium/routes/api/auth/callback.ts

import { Handlers } from "$fresh/server.ts";
import { create, getNumericDate } from "https://deno.land/x/djwt@v2.2/mod.ts";
import { oauth2Client } from "@lib/auth.ts";
import { getCookies, setCookie } from "@std/http/cookie";
import { codeChallengeMap } from "./login.ts";
import { GITEA_SERVER, JWT_SECRET, SESSION_DURATION } from "@lib/env.ts";
import { GiteaOauthUser } from "@lib/types.ts";
import { BadRequestError } from "@lib/errors.ts";
import { db } from "@lib/db/sqlite.ts";
import { userTable } from "@lib/db/schema.ts";
import { eq } from "drizzle-orm";

export const handler: Handlers = {
  async GET(request) {
    if (!JWT_SECRET) {
      throw new BadRequestError();
    }

    // Exchange the authorization code for an access token
    const cookies = getCookies(request.headers);

    const stored = codeChallengeMap.get(cookies["code_challenge"]);
    if (!stored) {
      throw new BadRequestError();
    }

    const { codeVerifier, redirect } = stored;

    const tokens = await oauth2Client.code.getToken(request.url, {
      codeVerifier,
    });

    // Use the access token to make an authenticated API request
    const userInfo = `${GITEA_SERVER}/login/oauth/userinfo`;
    const userResponse = await fetch(userInfo, {
      headers: {
        Authorization: `token ${tokens.accessToken}`,
      },
    });

    const oauthUser = await userResponse.json() as GiteaOauthUser;

    let user = await db.select().from(userTable).where(
      eq(userTable.name, oauthUser.name),
    ).limit(1).then((users) => users[0]);

    if (!user) {
      const res = await db.insert(userTable).values({
        id: crypto.randomUUID(),
        email: oauthUser.email,
        name: oauthUser.name,
      }).returning();
      user = res[0];
    }

    const jwt = await create({ alg: "HS512", type: "JWT" }, {
      id: user.id,
      name: user.name,
      exp: getNumericDate(SESSION_DURATION),
    }, JWT_SECRET);

    const headers = new Headers({
      location: redirect || "/",
    });

    setCookie(headers, {
      name: "session_cookie",
      value: jwt,
      path: "/",
      maxAge: SESSION_DURATION,
      httpOnly: false,
      secure: true,
      sameSite: "Lax",
    });

    return new Response(null, {
      headers,
      status: 302,
    });
  },
};
feat: add authentication 2023-08-04 22:35:25 +02:00			`import { Handlers } from "$fresh/server.ts";`
			`import { create, getNumericDate } from "https://deno.land/x/djwt@v2.2/mod.ts";`
			`import { oauth2Client } from "@lib/auth.ts";`
fix: chatgpt prompts 2024-06-21 11:36:23 +02:00			`import { getCookies, setCookie } from "@std/http/cookie";`
feat: add authentication 2023-08-04 22:35:25 +02:00			`import { codeChallengeMap } from "./login.ts";`
			`import { GITEA_SERVER, JWT_SECRET, SESSION_DURATION } from "@lib/env.ts";`
			`import { GiteaOauthUser } from "@lib/types.ts";`
			`import { BadRequestError } from "@lib/errors.ts";`
feat: completely remove redis 2025-01-06 16:14:29 +01:00			`import { db } from "@lib/db/sqlite.ts";`
			`import { userTable } from "@lib/db/schema.ts";`
feat: move perf,logs and user into sqlite 2025-01-05 18:03:59 +01:00			`import { eq } from "drizzle-orm";`
feat: add authentication 2023-08-04 22:35:25 +02:00
			`export const handler: Handlers = {`
feat: add background image from png 2023-08-04 22:58:42 +02:00			`async GET(request) {`
feat: add authentication 2023-08-04 22:35:25 +02:00			`if (!JWT_SECRET) {`
			`throw new BadRequestError();`
			`}`

			`// Exchange the authorization code for an access token`
			`const cookies = getCookies(request.headers);`

feat: redirect to same url on login/logout 2023-08-09 15:58:36 +02:00			`const stored = codeChallengeMap.get(cookies["code_challenge"]);`
			`if (!stored) {`
			`throw new BadRequestError();`
			`}`

			`const { codeVerifier, redirect } = stored;`
feat: add authentication 2023-08-04 22:35:25 +02:00
			`const tokens = await oauth2Client.code.getToken(request.url, {`
			`codeVerifier,`
			`});`

			`// Use the access token to make an authenticated API request`
			const userInfo = `${GITEA_SERVER}/login/oauth/userinfo`;
			`const userResponse = await fetch(userInfo, {`
			`headers: {`
			Authorization: `token ${tokens.accessToken}`,
			`},`
			`});`

			`const oauthUser = await userResponse.json() as GiteaOauthUser;`

feat: move perf,logs and user into sqlite 2025-01-05 18:03:59 +01:00			`let user = await db.select().from(userTable).where(`
			`eq(userTable.name, oauthUser.name),`
			`).limit(1).then((users) => users[0]);`
feat: add authentication 2023-08-04 22:35:25 +02:00
			`if (!user) {`
feat: move perf,logs and user into sqlite 2025-01-05 18:03:59 +01:00			`const res = await db.insert(userTable).values({`
			`id: crypto.randomUUID(),`
feat: add authentication 2023-08-04 22:35:25 +02:00			`email: oauthUser.email,`
			`name: oauthUser.name,`
feat: move perf,logs and user into sqlite 2025-01-05 18:03:59 +01:00			`}).returning();`
			`user = res[0];`
feat: add authentication 2023-08-04 22:35:25 +02:00			`}`

			`const jwt = await create({ alg: "HS512", type: "JWT" }, {`
			`id: user.id,`
			`name: user.name,`
			`exp: getNumericDate(SESSION_DURATION),`
			`}, JWT_SECRET);`

			`const headers = new Headers({`
feat: redirect to same url on login/logout 2023-08-09 15:58:36 +02:00			`location: redirect \|\| "/",`
feat: add authentication 2023-08-04 22:35:25 +02:00			`});`

			`setCookie(headers, {`
			`name: "session_cookie",`
			`value: jwt,`
			`path: "/",`
			`maxAge: SESSION_DURATION,`
			`httpOnly: false,`
			`secure: true,`
			`sameSite: "Lax",`
			`});`

			`return new Response(null, {`
			`headers,`
			`status: 302,`
			`});`
			`},`
			`};`