asyavee/medusa-store
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

feat(auth-google,auth-github): Allow passing a custom callbackUrl to … (#10829)

Browse Source 
* feat(auth-google,auth-github): Allow passing a custom callbackUrl to oauth providers

* feat: Add state management in auth providers

* chore: Changes based on PR review
This commit is contained in:
Stevche Radevski
2025-01-06 17:33:29 +01:00
committed by GitHub
parent 9490c265b2
commit fde73dbfae
8 changed files with 289 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
packages/modules/providers/auth-github/src/services/github.ts
View File

@@ -1,3 +1,4 @@
import crypto from "crypto"
import {
AuthenticationInput,
AuthenticationResponse,
@@ -16,7 +17,6 @@ type InjectedDependencies = {
interface LocalServiceConfig extends GithubAuthProviderOptions {}
// TODO: Add state param that is stored in Redis, to prevent CSRF attacks
export class GithubAuthService extends AbstractAuthModuleProvider {
static identifier = "github"
static DISPLAY_NAME = "Github Authentication"
@@ -56,37 +56,53 @@ export class GithubAuthService extends AbstractAuthModuleProvider {
}
async authenticate(
req: AuthenticationInput
req: AuthenticationInput,
authIdentityService: AuthIdentityProviderService
): Promise<AuthenticationResponse> {
if (req.query?.error) {
const query: Record<string, string> = req.query ?? {}
const body: Record<string, string> = req.body ?? {}
if (query.error) {
return {
success: false,
error: `${req.query.error_description}, read more at: ${req.query.error_uri}`,
error: `${query.error_description}, read more at: ${query.error_uri}`,
}
}
return this.getRedirect(this.config_)
const stateKey = crypto.randomBytes(32).toString("hex")
const state = {
callback_url: body?.callback_url ?? this.config_.callbackUrl,
}
await authIdentityService.setState(stateKey, state)
return this.getRedirect(this.config_.clientId, state.callback_url, stateKey)
}
async validateCallback(
req: AuthenticationInput,
authIdentityService: AuthIdentityProviderService
): Promise<AuthenticationResponse> {
if (req.query && req.query.error) {
const query: Record<string, string> = req.query ?? {}
const body: Record<string, string> = req.body ?? {}
if (query.error) {
return {
success: false,
error: `${req.query.error_description}, read more at: ${req.query.error_uri}`,
error: `${query.error_description}, read more at: ${query.error_uri}`,
}
}
const code = req.query?.code ?? req.body?.code
const code = query?.code ?? body?.code
if (!code) {
return { success: false, error: "No code provided" }
}
const params = `client_id=${this.config_.clientId}&client_secret=${
this.config_.clientSecret
}&code=${code}&redirect_uri=${encodeURIComponent(this.config_.callbackUrl)}`
const state = await authIdentityService.getState(query?.state as string)
if (!state) {
return { success: false, error: "No state provided, or session expired" }
}
const params = `client_id=${this.config_.clientId}&client_secret=${this.config_.clientSecret}&code=${code}&redirect_uri=${state.callback_url}`
const exchangeTokenUrl = new URL(
`https://github.com/login/oauth/access_token?${params}`
@@ -192,18 +208,12 @@ export class GithubAuthService extends AbstractAuthModuleProvider {
}
}
private getRedirect({ clientId, callbackUrl }: LocalServiceConfig) {
const redirectUrlParam = `redirect_uri=${encodeURIComponent(callbackUrl)}`
const clientIdParam = `client_id=${clientId}`
const responseTypeParam = "response_type=code"
const authUrl = new URL(
`https://github.com/login/oauth/authorize?${[
redirectUrlParam,
clientIdParam,
responseTypeParam,
].join("&")}`
)
private getRedirect(clientId: string, callbackUrl: string, stateKey: string) {
const authUrl = new URL(`https://github.com/login/oauth/authorize`)
authUrl.searchParams.set("redirect_uri", callbackUrl)
authUrl.searchParams.set("client_id", clientId)
authUrl.searchParams.set("response_type", "code")
authUrl.searchParams.set("state", stateKey)
return { success: true, location: authUrl.toString() }
}