-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathindex.js
126 lines (97 loc) · 3.02 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
const assert = require("assert");
const querystring = require("querystring");
const uuid = require("uuid");
const { OAuth2Client } = require("google-auth-library");
const redirect = async (res, location) => {
res.statusCode = 307;
res.setHeader("Location", location);
res.end();
};
const provider = "google";
/**
* OpenID 2.0 compliance:
* https://developers.google.com/identity/protocols/OpenIDConnect?hl=en#discovery
*/
const SCOPES = ["openid", "email", "profile"];
const USERINFO_URL = "https://www.googleapis.com/oauth2/v2/userinfo";
const microAuthGoogle = ({
clientId,
clientSecret,
callbackUrl,
path = "/",
scopes = [],
accessType = "offline"
}) => {
assert(clientId, "Must provide a clientId.");
assert(clientSecret, "Must provide a clientSecret.");
assert(callbackUrl, "Must provide a callbackUrl.");
assert(path, "Must provide an url path.");
const { host, protocol, pathname } = new URL(callbackUrl);
assert(protocol, "Not a valid protocol in the callbackUrl string.");
assert(host, "Not a valid host in the callbackUrl string.");
assert(pathname, "Not a valid path in the callbackUrl string.");
assert(
path !== pathname,
"Service path cannot be the same as callback path."
);
const client = new OAuth2Client(clientId, clientSecret, callbackUrl);
const scope = [...new Set(SCOPES.concat(scopes))];
const states = [];
return fn => async (req, res, ...args) => {
let url;
try {
url = new URL(`${protocol}//${host}${req.url}`);
} catch (err) {
args.push({ err, provider });
return fn(req, res, ...args);
}
if (url.pathname === path) {
try {
const state = uuid.v4();
states.push(state);
const redirectUrl = client.generateAuthUrl({
// eslint-disable-next-line camelcase
access_type: accessType,
scope,
state
});
return redirect(res, redirectUrl);
} catch (err) {
args.push({ err, provider });
return fn(req, res, ...args);
}
}
if (url.pathname === pathname) {
try {
const { state, code } = querystring.parse(url.search.slice(1));
if (!states.includes(state)) {
const err = new Error("Invalid state");
args.push({ err, provider });
return fn(req, res, ...args);
}
states.splice(states.indexOf(state), 1);
const { tokens, error } = await client.getToken(code);
if (error) {
args.push({ err: error, provider });
return fn(req, res, ...args);
}
client.setCredentials(tokens);
const { data } = await client.requestAsync({
url: USERINFO_URL
});
const result = {
provider,
info: data,
client
};
args.push({ result });
return fn(req, res, ...args);
} catch (err) {
args.push({ err, provider });
return fn(req, res, ...args);
}
}
return fn(req, res, ...args);
};
};
module.exports = microAuthGoogle;