Gergő Jedlicska
c6cd4c311d
* chore(serverinvites): repository refactor for multiregion * chore(serverinvites): remove migrated functions from old repository * chore(serverinvites): refactor serverInviteForToken resolver for multiregion * chore(serverinvites): invite processing service refactor for multiregion * chore(serverinvites): subscription refactor for multiregion * chore(serverinvites): move buildEmailContents to dedicated file * chore(serverinvites): deleteAllStreamInvites function multiregion refactor * chore(serverinvites): refactor deleteServerOnlyInvites multiregion repository * chore(serverinvites): complete repository refactor for multiregion * feat(serverinvites): create domain module in server invites * fix(serverinvites): no relative imports * feat(serverinvites): extract individual types from repository * feat(serverinvites): move interfaces to operations * fix(serverinvites): update imports referencing old interfaces file * fix(serverinvites): type mismatch for insert invite and delete old * chore(serverinvites): refactor to single repo function * test(serverinvites): fix tests * fix(serverinvites): use domain types in all places * feat(serverinvites): WIP unity * feat(serverinvites): move to new facory names and types * feat(serverinvites): fix tests * fix(serverinvites): use factory name --------- Co-authored-by: Alessandro Magionami <alessandro.magionami@gmail.com>
142 lines
4.6 KiB
JavaScript
142 lines
4.6 KiB
JavaScript
/* istanbul ignore file */
|
|
'use strict'
|
|
|
|
const passport = require('passport')
|
|
const GithubStrategy = require('passport-github2')
|
|
const URL = require('url').URL
|
|
const { findOrCreateUser, getUserByEmail } = require('@/modules/core/services/users')
|
|
const { getServerInfo } = require('@/modules/core/services/generic')
|
|
const {
|
|
validateServerInvite,
|
|
finalizeInvitedServerRegistration,
|
|
resolveAuthRedirectPath
|
|
} = require('@/modules/serverinvites/services/inviteProcessingService')
|
|
const { passportAuthenticate } = require('@/modules/auth/services/passportService')
|
|
const { logger } = require('@/logging/logging')
|
|
const {
|
|
UserInputError,
|
|
UnverifiedEmailSSOLoginError
|
|
} = require('@/modules/core/errors/userinput')
|
|
const db = require('@/db/knex')
|
|
const {
|
|
deleteServerOnlyInvitesFactory,
|
|
updateAllInviteTargetsFactory
|
|
} = require('@/modules/serverinvites/repositories/serverInvites')
|
|
|
|
module.exports = async (app, session, sessionStorage, finalizeAuth) => {
|
|
const strategy = {
|
|
id: 'github',
|
|
name: 'Github',
|
|
icon: 'mdi-github',
|
|
color: 'grey darken-3',
|
|
url: '/auth/gh',
|
|
callbackUrl: '/auth/gh/callback'
|
|
}
|
|
|
|
const myStrategy = new GithubStrategy(
|
|
{
|
|
clientID: process.env.GITHUB_CLIENT_ID,
|
|
clientSecret: process.env.GITHUB_CLIENT_SECRET,
|
|
callbackURL: new URL(strategy.callbackUrl, process.env.CANONICAL_URL).toString(),
|
|
// WARNING, the 'user:email' scope belongs to the GITHUB scopes
|
|
// DO NOT change it to our internal scope definitions !!!
|
|
// You have been warned.
|
|
scope: ['profile', 'user:email'],
|
|
passReqToCallback: true
|
|
},
|
|
async (req, accessToken, refreshToken, profile, done) => {
|
|
const serverInfo = await getServerInfo()
|
|
|
|
try {
|
|
const email = profile.emails[0].value
|
|
const name = profile.displayName || profile.username
|
|
const bio = profile._json.bio
|
|
|
|
const user = { email, name, bio }
|
|
|
|
const existingUser = await getUserByEmail({ email: user.email })
|
|
|
|
if (existingUser && !existingUser.verified) {
|
|
throw new UnverifiedEmailSSOLoginError(undefined, {
|
|
info: {
|
|
email: user.email
|
|
}
|
|
})
|
|
}
|
|
|
|
// if there is an existing user, go ahead and log them in (regardless of
|
|
// whether the server is invite only or not).
|
|
if (existingUser) {
|
|
const myUser = await findOrCreateUser({ user, rawProfile: profile._raw })
|
|
return done(null, myUser)
|
|
}
|
|
|
|
// if the server is not invite only, go ahead and log the user in.
|
|
if (!serverInfo.inviteOnly) {
|
|
const myUser = await findOrCreateUser({ user, rawProfile: profile._raw })
|
|
|
|
// process invites
|
|
if (myUser.isNewUser) {
|
|
await finalizeInvitedServerRegistration({
|
|
deleteServerOnlyInvites: deleteServerOnlyInvitesFactory({ db }),
|
|
updateAllInviteTargets: updateAllInviteTargetsFactory({ db })
|
|
})(user.email, myUser.id)
|
|
}
|
|
|
|
return done(null, myUser)
|
|
}
|
|
|
|
// if the server is invite only and we have no invite id, throw.
|
|
if (serverInfo.inviteOnly && !req.session.token) {
|
|
throw new UserInputError(
|
|
'This server is invite only. Please authenticate yourself through a valid invite link.'
|
|
)
|
|
}
|
|
|
|
// validate the invite
|
|
const validInvite = await validateServerInvite(user.email, req.session.token)
|
|
|
|
// create the user
|
|
const myUser = await findOrCreateUser({
|
|
user: {
|
|
...user,
|
|
role: validInvite?.serverRole
|
|
},
|
|
rawProfile: profile._raw
|
|
})
|
|
|
|
// use the invite
|
|
await finalizeInvitedServerRegistration({
|
|
deleteServerOnlyInvites: deleteServerOnlyInvitesFactory({ db }),
|
|
updateAllInviteTargets: updateAllInviteTargetsFactory({ db })
|
|
})(user.email, myUser.id)
|
|
|
|
// Resolve redirect path
|
|
req.authRedirectPath = resolveAuthRedirectPath(validInvite)
|
|
|
|
// return to the auth flow
|
|
return done(null, {
|
|
...myUser,
|
|
isInvite: !!validInvite
|
|
})
|
|
} catch (err) {
|
|
switch (err.constructor) {
|
|
case UserInputError:
|
|
logger.info(err)
|
|
break
|
|
default:
|
|
logger.error(err)
|
|
}
|
|
return done(err, false, { message: err.message })
|
|
}
|
|
}
|
|
)
|
|
|
|
passport.use(myStrategy)
|
|
|
|
app.get(strategy.url, session, sessionStorage, passportAuthenticate('github'))
|
|
app.get(strategy.callbackUrl, session, passportAuthenticate('github'), finalizeAuth)
|
|
|
|
return strategy
|
|
}
|