hagopj13 · arshadshaheen · Mar 19, 2023 · Mar 19, 2023 · Mar 19, 2023 · Sep 6, 2023
diff --git a/.env.example b/.env.example
@@ -23,3 +23,7 @@ SMTP_PORT=587
 SMTP_USERNAME=email-server-username
 SMTP_PASSWORD=email-server-password
 EMAIL_FROM=support@yourapp.com
+
+GOOGLE_CLIENT_ID=
+GOOGLE_CLIENT_SECRET=
+GOOGLE_CALLBACK_URL=
diff --git a/package.json b/package.json
@@ -57,6 +57,7 @@
     "express": "^4.17.1",
     "express-mongo-sanitize": "^2.0.0",
     "express-rate-limit": "^5.0.0",
+    "google-auth-library": "^8.7.0",
     "helmet": "^4.1.0",
     "http-status": "^1.4.0",
     "joi": "^17.3.0",
@@ -66,6 +67,7 @@
     "morgan": "^1.9.1",
     "nodemailer": "^6.3.1",
     "passport": "^0.4.0",
+    "passport-google-oauth20": "^2.0.0",
     "passport-jwt": "^4.0.0",
     "pm2": "^5.1.0",
     "swagger-jsdoc": "^6.0.8",

diff --git a/src/controllers/auth.controller.js b/src/controllers/auth.controller.js
@@ -1,7 +1,10 @@
 const httpStatus = require('http-status');
+const { OAuth2Client } = require('google-auth-library');
 const catchAsync = require('../utils/catchAsync');
 const { authService, userService, tokenService, emailService } = require('../services');
 
+const client = new OAuth2Client(process.env.GOOGLE_CLIENT_ID);
+
 const register = catchAsync(async (req, res) => {
   const user = await userService.createUser(req.body);
   const tokens = await tokenService.generateAuthTokens(user);
@@ -46,7 +49,36 @@ const verifyEmail = catchAsync(async (req, res) => {
   await authService.verifyEmail(req.query.token);
   res.status(httpStatus.NO_CONTENT).send();
 });
+const googleAuth = async (req, res) => {
+  const tokens = await tokenService.generateAuthTokens(req.user);
+  res.status(httpStatus.OK).send(tokens);
+};
+
+const googleTokenAuth = async (req, res) => {
+  const { idToken } = req.body;
+
+  const ticket = await client.verifyIdToken({
+    idToken,
+    audience: process.env.GOOGLE_CLIENT_ID,
+  });
+
+  const payload = ticket.getPayload();
+  const googleId = payload.sub;
+  const { email } = payload;
 
+  let user = await userService.getUserByGoogleId(googleId);
+
+  if (!user) {
+    user = await userService.createUser({
+      name: payload.name,
+      email,
+      googleId,
+    });
+  }
+
+  const tokens = await tokenService.generateAuthTokens(user);
+  res.status(httpStatus.OK).send(tokens);
+};
 module.exports = {
   register,
   login,
@@ -56,4 +88,6 @@ module.exports = {
   resetPassword,
   sendVerificationEmail,
   verifyEmail,
+  googleAuth,
+  googleTokenAuth,
 };
diff --git a/src/middlewares/auth.js b/src/middlewares/auth.js
@@ -12,20 +12,22 @@ const verifyCallback = (req, resolve, reject, requiredRights) => async (err, use
   if (requiredRights.length) {
     const userRights = roleRights.get(user.role);
     const hasRequiredRights = requiredRights.every((requiredRight) => userRights.includes(requiredRight));
-    if (!hasRequiredRights && req.params.userId !== user.id) {
+    if (!hasRequiredRights && req.params.userId !== user.id && req.body.userId !== user.id) {
       return reject(new ApiError(httpStatus.FORBIDDEN, 'Forbidden'));
     }
   }
 
   resolve();
 };
 
-const auth = (...requiredRights) => async (req, res, next) => {
-  return new Promise((resolve, reject) => {
-    passport.authenticate('jwt', { session: false }, verifyCallback(req, resolve, reject, requiredRights))(req, res, next);
-  })
-    .then(() => next())
-    .catch((err) => next(err));
-};
+const auth =
+  (...requiredRights) =>
+  async (req, res, next) => {
+    return new Promise((resolve, reject) => {
+      passport.authenticate('jwt', { session: false }, verifyCallback(req, resolve, reject, requiredRights))(req, res, next);
+    })
+      .then(() => next())
+      .catch((err) => next(err));
+  };
 
 module.exports = auth;
diff --git a/src/routes/v1/auth.route.js b/src/routes/v1/auth.route.js
@@ -2,6 +2,7 @@ const express = require('express');
 const validate = require('../../middlewares/validate');
 const authValidation = require('../../validations/auth.validation');
 const authController = require('../../controllers/auth.controller');
+
 const auth = require('../../middlewares/auth');
 
 const router = express.Router();
@@ -14,6 +15,7 @@ router.post('/forgot-password', validate(authValidation.forgotPassword), authCon
 router.post('/reset-password', validate(authValidation.resetPassword), authController.resetPassword);
 router.post('/send-verification-email', auth(), authController.sendVerificationEmail);
 router.post('/verify-email', validate(authValidation.verifyEmail), authController.verifyEmail);
+router.post('/google/token', authController.googleTokenAuth);
 
 module.exports = router;