asyavee/medusa-store
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
2a0bd86204c9dd51a012763016f2de822d3c45b6
medusa-store/packages/modules/providers/auth-google/src/services/google.ts
Stevche Radevski fde73dbfae feat(auth-google,auth-github): Allow passing a custom callbackUrl to … (#10829) 
* feat(auth-google,auth-github): Allow passing a custom callbackUrl to oauth providers

* feat: Add state management in auth providers

* chore: Changes based on PR review
2025-01-06 17:33:29 +01:00

202 lines
5.4 KiB
TypeScript
Raw Blame History

import crypto from "crypto"
import {
AuthenticationInput,
AuthenticationResponse,
AuthIdentityProviderService,
GoogleAuthProviderOptions,
Logger,
} from "@medusajs/framework/types"
import {
AbstractAuthModuleProvider,
MedusaError,
} from "@medusajs/framework/utils"
import jwt, { JwtPayload } from "jsonwebtoken"
type InjectedDependencies = {
logger: Logger
}
interface LocalServiceConfig extends GoogleAuthProviderOptions {}
export class GoogleAuthService extends AbstractAuthModuleProvider {
static identifier = "google"
static DISPLAY_NAME = "Google Authentication"
protected config_: LocalServiceConfig
protected logger_: Logger
static validateOptions(options: GoogleAuthProviderOptions) {
if (!options.clientId) {
throw new Error("Google clientId is required")
}
if (!options.clientSecret) {
throw new Error("Google clientSecret is required")
}
if (!options.callbackUrl) {
throw new Error("Google callbackUrl is required")
}
}
constructor(
{ logger }: InjectedDependencies,
options: GoogleAuthProviderOptions
) {
// @ts-ignore
super(...arguments)
this.config_ = options
this.logger_ = logger
}
async register(_): Promise<AuthenticationResponse> {
throw new MedusaError(
MedusaError.Types.NOT_ALLOWED,
"Google does not support registration. Use method `authenticate` instead."
)
}
async authenticate(
req: AuthenticationInput,
authIdentityService: AuthIdentityProviderService
): Promise<AuthenticationResponse> {
const query: Record<string, string> = req.query ?? {}
const body: Record<string, string> = req.body ?? {}
if (query.error) {
return {
success: false,
error: `${query.error_description}, read more at: ${query.error_uri}`,
}
}
const stateKey = crypto.randomBytes(32).toString("hex")
const state = {
callback_url: body?.callback_url ?? this.config_.callbackUrl,
}
await authIdentityService.setState(stateKey, state)
return this.getRedirect(this.config_.clientId, state.callback_url, stateKey)
}
async validateCallback(
req: AuthenticationInput,
authIdentityService: AuthIdentityProviderService
): Promise<AuthenticationResponse> {
const query: Record<string, string> = req.query ?? {}
const body: Record<string, string> = req.body ?? {}
if (query.error) {
return {
success: false,
error: `${query.error_description}, read more at: ${query.error_uri}`,
}
}
const code = query?.code ?? body?.code
if (!code) {
return { success: false, error: "No code provided" }
}
const state = await authIdentityService.getState(query?.state as string)
if (!state) {
return { success: false, error: "No state provided, or session expired" }
}
const params = `client_id=${this.config_.clientId}&client_secret=${this.config_.clientSecret}&code=${code}&redirect_uri=${state.callback_url}&grant_type=authorization_code`
const exchangeTokenUrl = new URL(
`https://oauth2.googleapis.com/token?${params}`
)
try {
const response = await fetch(exchangeTokenUrl.toString(), {
method: "POST",
}).then((r) => {
if (!r.ok) {
throw new MedusaError(
MedusaError.Types.INVALID_DATA,
`Could not exchange token, ${r.status}, ${r.statusText}`
)
}
return r.json()
})
const { authIdentity, success } = await this.verify_(
response.id_token as string,
authIdentityService
)
return {
success,
authIdentity,
}
} catch (error) {
return { success: false, error: error.message }
}
}
async verify_(
idToken: string | undefined,
authIdentityService: AuthIdentityProviderService
) {
if (!idToken) {
return { success: false, error: "No ID found" }
}
const jwtData = jwt.decode(idToken, {
complete: true,
}) as JwtPayload
const payload = jwtData.payload
if (!payload.email_verified) {
throw new MedusaError(
MedusaError.Types.INVALID_DATA,
"Email not verified, cannot proceed with authentication"
)
}
const entity_id = payload.sub
const userMetadata = {
name: payload.name,
email: payload.email,
picture: payload.picture,
given_name: payload.given_name,
family_name: payload.family_name,
}
let authIdentity
try {
authIdentity = await authIdentityService.retrieve({
entity_id,
})
} catch (error) {
if (error.type === MedusaError.Types.NOT_FOUND) {
const createdAuthIdentity = await authIdentityService.create({
entity_id,
user_metadata: userMetadata,
})
authIdentity = createdAuthIdentity
} else {
return { success: false, error: error.message }
}
}
return {
success: true,
authIdentity,
}
}
private getRedirect(clientId: string, callbackUrl: string, stateKey: string) {
const authUrl = new URL(`https://accounts.google.com/o/oauth2/v2/auth`)
authUrl.searchParams.set("redirect_uri", callbackUrl)
authUrl.searchParams.set("client_id", clientId)
authUrl.searchParams.set("response_type", "code")
authUrl.searchParams.set("scope", "email profile openid")
authUrl.searchParams.set("state", stateKey)
return { success: true, location: authUrl.toString() }
}
}
Reference in New Issue View Git Blame Copy Permalink