feat(user): support mobile app social login

checkmoney · Sep 17, 2019 · 349d31d · 349d31d
1 parent 638b5b1
commit 349d31d
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 6 deletions.
diff --git a/back/.env.dist b/back/.env.dist
@@ -13,5 +13,7 @@ MANNY_API_KEY=Secret
 TELEGRAM_BOT_TOKEN=Secret
 API_PUBLIC_URL=https://api.checkmoney.space   
 
-GOOGLE_CLIENT_ID=Secret
+GOOGLE_CLIENT_ID_WEB=Secret
+GOOGLE_CLIENT_ID_IOS=Secret
+GOOGLE_CLIENT_ID_ANDOID=Secret
 GOOGLE_CLIENT_SECRET=Secret
diff --git a/back/evolutions/13.sql b/back/evolutions/13.sql
@@ -0,0 +1,9 @@
+ALTER TABLE public."user"
+    ALTER COLUMN "password" DROP NOT NULL,
+    ALTER COLUMN "password" SET DEFAULT NULL;
+
+#DOWN
+
+ALTER TABLE public."user"
+    ALTER COLUMN "password" DROP DEFAULT,
+    ALTER COLUMN "password" SET NOT NULL;
diff --git a/back/src/user/application/social/GoogleValidator.ts b/back/src/user/application/social/GoogleValidator.ts
@@ -1,21 +1,27 @@
 import { Injectable } from '@nestjs/common';
 import * as deepEqual from 'fast-deep-equal';
 import { OAuth2Client } from 'google-auth-library';
+import { sample } from 'lodash';
 
 import { Configuration } from '&back/config/Configuration';
 import { GoogleProfile } from '&shared/models/user/external/GoogleProfile';
 
 @Injectable()
 export class GoogleValidator {
   private readonly client: OAuth2Client;
-  private readonly googleClientId: string;
+  private readonly googleClientIds: string[];
 
   constructor(config: Configuration) {
-    this.googleClientId = config.getStringOrThrow('GOOGLE_CLIENT_ID');
+    this.googleClientIds = [
+      config.getStringOrThrow('GOOGLE_CLIENT_ID_WEB'),
+      config.getStringOrThrow('GOOGLE_CLIENT_ID_IOS'),
+      config.getStringOrThrow('GOOGLE_CLIENT_ID_ANDROID'),
+    ];
 
+    const anyClientId = sample(this.googleClientIds);
     const googleClientSecret = config.getStringOrThrow('GOOGLE_CLIENT_SECRET');
 
-    this.client = new OAuth2Client(this.googleClientId, googleClientSecret);
+    this.client = new OAuth2Client(anyClientId, googleClientSecret);
   }
 
   async isValid(profile: GoogleProfile): Promise<boolean> {
@@ -24,7 +30,7 @@ export class GoogleValidator {
     try {
       const ticket = await this.client.verifyIdToken({
         idToken: profile.token,
-        audience: this.googleClientId,
+        audience: this.googleClientIds,
       });
 
       const payload = ticket.getPayload();
@@ -37,9 +43,19 @@ export class GoogleValidator {
         email: payload.email,
       };
 
-      return deepEqual(profile, payloadProfile);
+      return deepEqual(
+        this.clearProfile(profile),
+        this.clearProfile(payloadProfile),
+      );
     } catch (error) {
       return false;
     }
   }
+
+  private clearProfile({ photo, ...profile }: GoogleProfile) {
+    return {
+      ...profile,
+      photo: photo.replace(/(=.+)/, ''), // remove image size options from URL
+    };
+  }
 }