fix(vercel): change github oauth scope to limit access

walinejs · Jan 13, 2021 · 19ad4e2 · 19ad4e2
1 parent 246eaee
commit 19ad4e2
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/packages/server/src/service/auth/github.js b/packages/server/src/service/auth/github.js
@@ -5,13 +5,14 @@ const Base = require('./base');
 const OAUTH_URL = 'https://github.com/login/oauth/authorize';
 const ACCESS_TOKEN_URL = 'https://github.com/login/oauth/access_token';
 const USER_INFO_URL = 'https://api.github.com/user';
+const USER_EMAILS = 'https://api.github.com/user/emails';
 const {GITHUB_ID, GITHUB_SECRET} = process.env;
 module.exports = class extends Base {
   getAuthUrl(opts) {
     const params = {
       client_id: GITHUB_ID,
       redirect_uri: opts.rdUrl,
-      scope: 'user'
+      scope: 'read:user,user:email'
     };
     return OAUTH_URL + '?' + qs.stringify(params);
   }
@@ -42,6 +43,20 @@ module.exports = class extends Base {
       json: true
     });
 
+    if(!userInfo.email) {
+      const emails = await request.get({
+        url: USER_EMAILS,
+        headers: {
+          'User-Agent': '@waline',
+          'Authorization': 'token ' + opts.access_token
+        },
+        json: true
+      });
+      if(emails.length) {
+        userInfo.email = emails[0].email;
+      }
+    }
+
     return {
       github: userInfo.login,
       display_name: userInfo.name,