Iain Sproat
89 lines
2.7 KiB
TypeScript
89 lines
2.7 KiB
TypeScript
import passport, { Strategy, AuthenticateOptions } from 'passport'
|
|
import { getFrontendOrigin } from '@/modules/shared/helpers/envHelper'
|
|
import {
|
|
UnverifiedEmailSSOLoginError,
|
|
UserInputError
|
|
} from '@/modules/core/errors/userinput'
|
|
import type { Request, Response, NextFunction, RequestHandler } from 'express'
|
|
import { Optional } from '@speckle/shared'
|
|
import { get, isArray, isObjectLike, isString } from 'lodash'
|
|
import { PassportAuthenticateHandlerBuilder } from '@/modules/auth/domain/operations'
|
|
|
|
const resolveInfoMessage = (
|
|
info?: Optional<string | Record<string, unknown> | Array<string | undefined>>
|
|
) => {
|
|
if (!info) return null
|
|
if (isString(info)) return info
|
|
if (isArray(info)) {
|
|
const arrayStrings = info.filter(isString)
|
|
if (arrayStrings.length) return arrayStrings.join(', ')
|
|
}
|
|
if (isObjectLike(info)) {
|
|
const message = get(info, 'message')
|
|
if (isString(message)) return message
|
|
}
|
|
|
|
return null
|
|
}
|
|
|
|
export const passportAuthenticationCallbackFactory =
|
|
(context: {
|
|
strategy: Strategy | string
|
|
req: Request
|
|
res: Response
|
|
next: NextFunction
|
|
}) =>
|
|
(
|
|
err: unknown,
|
|
user: Optional<Express.User>,
|
|
info: Optional<string | Record<string, unknown> | Array<string | undefined>>
|
|
) => {
|
|
const { strategy, req, res, next } = context
|
|
if (err && !(err instanceof UserInputError))
|
|
req.log.error({ err, strategy }, 'Authentication error for strategy "{strategy}"')
|
|
|
|
if (!user) {
|
|
const infoMsg = resolveInfoMessage(info)
|
|
const errMsg = err instanceof UserInputError ? err.message : null
|
|
const finalMessage =
|
|
infoMsg ||
|
|
errMsg ||
|
|
(err
|
|
? 'An issue occurred during authentication, contact server admins'
|
|
: 'Failed to authenticate, contact server admins')
|
|
|
|
let errPath = `/error?message=${finalMessage}`
|
|
|
|
if (err instanceof UnverifiedEmailSSOLoginError) {
|
|
const email = err.info()?.email || ''
|
|
errPath = `/error-email-verify?email=${email}`
|
|
}
|
|
|
|
res.redirect(new URL(errPath, getFrontendOrigin()).toString())
|
|
return
|
|
}
|
|
|
|
if (err && !(err instanceof UserInputError)) return next(err)
|
|
req.user = user
|
|
next()
|
|
}
|
|
|
|
/**
|
|
* Wrapper for passport.authenticate that handles success & failure scenarios correctly
|
|
* (passport.authenticate() by default doesn't, so don't use it)
|
|
*/
|
|
export const passportAuthenticateHandlerBuilderFactory =
|
|
(): PassportAuthenticateHandlerBuilder =>
|
|
(
|
|
strategy: Strategy | string,
|
|
options: Optional<AuthenticateOptions> = undefined
|
|
): RequestHandler => {
|
|
return (req, res, next) => {
|
|
passport.authenticate(
|
|
strategy,
|
|
options || {},
|
|
passportAuthenticationCallbackFactory({ strategy, req, res, next })
|
|
)(req, res, next)
|
|
}
|
|
}
|