From 81732a4a8c4d37b3dfb47b5e0bb3796308e28649 Mon Sep 17 00:00:00 2001 From: Daniel Roe Date: Tue, 29 Nov 2022 22:55:53 +0000 Subject: [PATCH] fix: only use oauth redirects and add website to app registration details --- server/api/[server]/login.ts | 12 +++++++----- server/api/[server]/oauth.ts | 20 ++++++++++++++------ server/shared.ts | 14 ++++++-------- 3 files changed, 27 insertions(+), 19 deletions(-) diff --git a/server/api/[server]/login.ts b/server/api/[server]/login.ts index 7b932732..4636c8cc 100644 --- a/server/api/[server]/login.ts +++ b/server/api/[server]/login.ts @@ -1,19 +1,21 @@ import { stringifyQuery } from 'ufo' -import { HOST_URL, getApp } from '~/server/shared' +import { getApp, getRedirectURI } from '~/server/shared' export default defineEventHandler(async (event) => { - const server = event.context.params.server + const { server } = getRouterParams(event) const app = await getApp(server) if (!app) { - event.node.res.statusCode = 400 - return `App not registered for server: ${server}` + throw createError({ + statusCode: 400, + statusMessage: `App not registered for server: ${server}`, + }) } const query = stringifyQuery({ client_id: app.client_id, scope: 'read write follow push', - redirect_uri: `${HOST_URL}/api/${server}/oauth`, + redirect_uri: getRedirectURI(server), response_type: 'code', }) const url = `https://${server}/oauth/authorize?${query}` diff --git a/server/api/[server]/oauth.ts b/server/api/[server]/oauth.ts index 179b0c62..8c8e33a0 100644 --- a/server/api/[server]/oauth.ts +++ b/server/api/[server]/oauth.ts @@ -1,29 +1,37 @@ import { stringifyQuery } from 'vue-router' -import { HOST_URL, getApp } from '~/server/shared' +import { getApp, getRedirectURI } from '~/server/shared' export default defineEventHandler(async (event) => { - const server = event.context.params.server + const { server } = getRouterParams(event) const app = await getApp(server) if (!app) { - event.node.res.statusCode = 400 - return `App not registered for server: ${server}` + throw createError({ + statusCode: 400, + statusMessage: `App not registered for server: ${server}`, + }) } const { code } = getQuery(event) + if (!code) { + throw createError({ + statusCode: 422, + statusMessage: 'Missing authentication code.', + }) + } const result: any = await $fetch(`https://${server}/oauth/token`, { method: 'POST', body: { client_id: app.client_id, client_secret: app.client_secret, - redirect_uri: `${HOST_URL}/api/${server}/oauth`, + redirect_uri: getRedirectURI(server), grant_type: 'authorization_code', code, scope: 'read write follow push', }, }) - const url = `${HOST_URL}/signin/callback?${stringifyQuery({ server, token: result.access_token })}` + const url = `/signin/callback?${stringifyQuery({ server, token: result.access_token })}` await sendRedirect(event, url, 302) }) diff --git a/server/shared.ts b/server/shared.ts index 77d5de4a..70353835 100644 --- a/server/shared.ts +++ b/server/shared.ts @@ -7,7 +7,6 @@ import { parseURL } from 'ufo' import { $fetch } from 'ohmyfetch' import type { Storage } from 'unstorage' -import { isCI } from 'std-env' import cached from './cache-driver' import type { AppInfo } from '~/types' @@ -32,18 +31,17 @@ else { apiToken: config.cloudflare.apiToken, }))) } +export function getRedirectURI(server: string) { + return `${HOST_URL}/api/${server}/oauth` +} async function fetchAppInfo(server: string) { - const redirect_uris = [ - 'urn:ietf:wg:oauth:2.0:oob', - `${HOST_URL}/api/${server}/oauth`, - ].join('\n') - const app: AppInfo = await $fetch(`https://${server}/api/v1/apps`, { method: 'POST', body: { - client_name: APP_NAME + (isCI ? '' : ' (dev)'), - redirect_uris, + client_name: APP_NAME + (config.env === 'local' ? ' (dev)' : ''), + website: 'https://elk.zone', + redirect_uris: getRedirectURI(server), scopes: 'read write follow push', }, })