✨ OAuth2

Author: AnandChowdhary

package.json

@@ -1,6 +1,6 @@
 {
   "name": "staart",
-  "version": "1.0.13",
+  "version": "1.0.14",
   "main": "index.js",
   "repository": "git@github.com:AnandChowdhary/staart.git",
   "author": "Anand Chowdhary <mail@anandchowdhary.com>",
@@ -76,6 +76,7 @@
   "dependencies": {
     "@hapi/joi": "^15.0.3",
     "@sentry/node": "^5.4.0",
+    "axios": "^0.19.0",
     "bcryptjs": "^2.4.3",
     "body-parser": "^1.19.0",
     "client-oauth2": "^4.2.4",

src/controllers/auth.ts

@@ -13,7 +13,7 @@ import {
   register,
   login2FA,
   github,
-  oauthCallback
+  githubCallback
 } from "../rest/auth";
 import { verifyToken } from "../helpers/jwt";
 import {
@@ -233,6 +233,6 @@ export class AuthController {
   @Post("oauth/github")
   async oauthGitHubCallback(req: Request, res: Response) {
     const code = getCodeFromRequest(req);
-    res.json(await oauthCallback(github, code));
+    res.json(await githubCallback(code, res.locals));
   }
 }

src/interfaces/enum.ts

@@ -25,6 +25,7 @@ export enum EventType {
   USER_DELETED = "user.deleted",
   AUTH_REFRESH = "auth.refresh",
   AUTH_LOGIN = "auth.login",
+  AUTH_LOGIN_OAUTH = "auth.login_oauth",
   AUTH_LOGIN_BACKUP_CODE = "auth.login_backupCode",
   AUTH_LOGIN_GOOGLE = "auth.login_google",
   AUTH_PASSWORD_CHANGED = "auth.password_changed",
@@ -72,7 +73,8 @@ export enum ErrorCode {
   USER_IS_MEMBER_ALREADY = "400/user-is-member-already",
   STRIPE_NO_CUSTOMER = "404/no-customer",
   NOT_ENABLED_2FA = "400/invalid-2fa-token",
-  INVALID_2FA_TOKEN = "401/invalid-2fa-token"
+  INVALID_2FA_TOKEN = "401/invalid-2fa-token",
+  OAUTH_NO_EMAIL = "404/oauth-no-email"
 }
 
 export enum Templates {

src/interfaces/oauth.ts

@@ -0,0 +1,6 @@
+export interface GitHubEmail {
+  email: string;
+  primary: boolean;
+  verified: boolean;
+  visibility?: "public" | "private";
+}

src/rest/auth.ts

@@ -43,6 +43,8 @@ import { can } from "../helpers/authorization";
 import { authenticator } from "otplib";
 import ClientOAuth2 from "client-oauth2";
 import { GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET } from "../config";
+import axios from "axios";
+import { GitHubEmail } from "../interfaces/oauth";
 
 export const validateRefreshToken = async (token: string, locals: Locals) => {
   const data = <User>await verifyToken(token, Tokens.REFRESH);
@@ -199,22 +201,44 @@ export const approveLocation = async (token: string, locals: Locals) => {
   );
 };
 
-// OAuth2 clients
+/*
+ OAuth clients
+*/
+
 export const github = new ClientOAuth2({
   clientId: GITHUB_CLIENT_ID,
   clientSecret: GITHUB_CLIENT_SECRET,
   accessTokenUri: "https://github.com/login/oauth/access_token",
   authorizationUri: "https://github.com/login/oauth/authorize",
   redirectUri: "https://staart-demo.o15y.com/auth/callback/github",
-  scopes: ["user"]
+  scopes: ["user:email"]
 });
-export const oauthCallback = async (service: ClientOAuth2, url: string) => {
-  const response = await service.code.getToken(url);
-  console.log("Got", response.data);
-  return { hello: "hello world", data: response.data };
-  // const email = response.data.email;
-  // if (!email) throw new Error(ErrorCode.USER_NOT_FOUND);
-  // const user = await getUserByEmail(email);
-  // if (!user.id) throw new Error(ErrorCode.USER_NOT_FOUND);
-  // return await getLoginResponse(user, EventType.AUTH_LOGIN, "github", locals);
+export const githubCallback = async (url: string, locals: Locals) => {
+  const response = await github.code.getToken(url);
+  const emails = ((await axios.get("https://api.github.com/user/emails", {
+    headers: {
+      Authorization: `token ${response.accessToken}`
+    }
+  })).data as GitHubEmail[]).filter(emails => (emails.verified = true));
+  for await (const email of emails) {
+    try {
+      const user = await getUserByEmail(email.email);
+      return await getLoginResponse(
+        user,
+        EventType.AUTH_LOGIN_OAUTH,
+        "github",
+        locals
+      );
+    } catch (error) {}
+  }
+  throw new Error(ErrorCode.OAUTH_NO_EMAIL);
 };
+
+export const microsoft = new ClientOAuth2({
+  clientId: GITHUB_CLIENT_ID,
+  clientSecret: GITHUB_CLIENT_SECRET,
+  accessTokenUri: "https://login.microsoftonline.com/common/oauth2/v2.0/token",
+  authorizationUri: "https://www.facebook.com/v3.3/dialog/oauth",
+  redirectUri: "https://staart-demo.o15y.com/auth/callback/microsoft",
+  scopes: ["email"]
+});

yarn.lock

@@ -1629,6 +1629,14 @@ aws4@^1.8.0:
   resolved "https://registry.yarnpkg.com/aws4/-/aws4-1.8.0.tgz#f0e003d9ca9e7f59c7a508945d7b2ef9a04a542f"
   integrity sha512-ReZxvNHIOv88FlT7rxcXIIC0fPt4KZqZbOlivyWtXLt8ESx84zd3kMC6iK5jVeS2qt+g7ftS7ye4fi06X5rtRQ==
 
+axios@^0.19.0:
+  version "0.19.0"
+  resolved "https://registry.yarnpkg.com/axios/-/axios-0.19.0.tgz#8e09bff3d9122e133f7b8101c8fbdd00ed3d2ab8"
+  integrity sha512-1uvKqKQta3KBxIz14F2v06AEHZ/dIoeKfbTRkK1E5oqjDnuEerLmYTgJB5AiQZHJcljpg1TuRzdjDR06qNk0DQ==
+  dependencies:
+    follow-redirects "1.5.10"
+    is-buffer "^2.0.2"
+
 babel-jest@^24.8.0:
   version "24.8.0"
   resolved "https://registry.yarnpkg.com/babel-jest/-/babel-jest-24.8.0.tgz#5c15ff2b28e20b0f45df43fe6b7f2aae93dba589"
@@ -2309,6 +2317,13 @@ debug@2.6.9, debug@^2.2.0, debug@^2.3.3, debug@^2.6.9:
   dependencies:
     ms "2.0.0"
 
+debug@=3.1.0:
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/debug/-/debug-3.1.0.tgz#5bb5a0672628b64149566ba16819e61518c67261"
+  integrity sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==
+  dependencies:
+    ms "2.0.0"
+
 debug@^3.1.0:
   version "3.2.6"
   resolved "https://registry.yarnpkg.com/debug/-/debug-3.2.6.tgz#e83d17de16d8a7efb7717edbe5fb10135eee629b"
@@ -2827,6 +2842,13 @@ find-up@^3.0.0:
   dependencies:
     locate-path "^3.0.0"
 
+follow-redirects@1.5.10:
+  version "1.5.10"
+  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.5.10.tgz#7b7a9f9aea2fdff36786a94ff643ed07f4ff5e2a"
+  integrity sha512-0V5l4Cizzvqt5D44aTXbFZz+FtyXV1vrDN6qrelxtfYQKW0KO0W2T/hkE8xvGa/540LkZlkaUjO4ailYTFtHVQ==
+  dependencies:
+    debug "=3.1.0"
+
 for-in@^1.0.2:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/for-in/-/for-in-1.0.2.tgz#81068d295a8142ec0ac726c6e2200c30fb6d5e80"
@@ -3450,6 +3472,11 @@ is-buffer@^1.1.5, is-buffer@~1.1.1:
   resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-1.1.6.tgz#efaa2ea9daa0d7ab2ea13a97b2b8ad51fefbe8be"
   integrity sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==
 
+is-buffer@^2.0.2:
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-2.0.3.tgz#4ecf3fcf749cbd1e472689e109ac66261a25e725"
+  integrity sha512-U15Q7MXTuZlrbymiz95PJpZxu8IlipAp4dtS3wOdgPXx3mqBnslrWU14kxfHB+Py/+2PVKSr37dMAgM2A4uArw==
+
 is-callable@^1.1.4:
   version "1.1.4"
   resolved "https://registry.yarnpkg.com/is-callable/-/is-callable-1.1.4.tgz#1e1adf219e1eeb684d691f9d6a05ff0d30a24d75"