Skip to content
This repository has been archived by the owner on Dec 30, 2024. It is now read-only.

Commit

Permalink
update
Browse files Browse the repository at this point in the history
  • Loading branch information
dvir-daniel committed Nov 14, 2024
1 parent f0b998c commit 93c1886
Show file tree
Hide file tree
Showing 949 changed files with 125 additions and 294,553 deletions.
8 changes: 8 additions & 0 deletions apps/account/next.config.js
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,14 @@ const nextConfig = {
'abs.twimg.com'
],
},
async rewrites() {
return [
{
source: '/.well-known/openid-configuration',
destination: '/api/oidc/.well-known/openid-configuration',
},
];
},
transpilePackages: ['next-auth'],
experimental: {
missingSuspenseWithCSRBailout: false,
Expand Down

This file was deleted.

64 changes: 0 additions & 64 deletions apps/account/src/app/.well-known/openid-configuration/route.tsx

This file was deleted.

23 changes: 11 additions & 12 deletions apps/account/src/lib/external-oidc/findAccount.ts
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
import { KoaContextWithOIDC, Account, ClaimsParameterMember, FindAccount, AccountClaims } from 'oidc-provider';
import { KoaContextWithOIDC, Account, AccountClaims } from 'oidc-provider';
import { fdb } from '../googlecloud/db';

interface LocalAccount {
id: string;
displayName?: string;
email?: string;
verifiedEmails?: string[]; // Array of verified emails
verifiedEmails?: string[];
phone?: string;
verifiedPhones?: string[]; // Array of verified phones
verifiedPhones?: string[];
birthdate?: string;
firstName?: string;
lastName?: string;
Expand Down Expand Up @@ -50,18 +50,17 @@ async function findAccount(ctx: KoaContextWithOIDC, id: string): Promise<Account
accountId: account.id,
async claims(use: string, scope: string): Promise<AccountClaims> {
const claims: AccountClaims = {
sub: account.id ?? id,
id: account.id ?? id,
displayName: account.displayName,
sub: account.id,
name: account.displayName,
email: account.email,
verifiedEmails: account.verifiedEmails,
phone: account.phone,
verifiedPhones: account.verifiedPhones,
email_verified: account.verifiedEmails?.includes(account.email ?? '') ?? false,
phone_number: account.phone,
phone_number_verified: account.verifiedPhones?.includes(account.phone ?? '') ?? false,
birthdate: account.birthdate,
firstName: account.firstName,
lastName: account.lastName,
given_name: account.firstName,
family_name: account.lastName,
locale: account.locale,
photoURL: account.photoURL,
picture: account.photoURL,
};
return claims;
},
Expand Down
60 changes: 39 additions & 21 deletions apps/account/src/lib/external-oidc/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,23 @@ export function createOidcProvider() {
// No pre-configured clients, clients should be registered as needed
clients: [],

// Allow CORS requests from any origin
clientBasedCORS: () => true,

// Enable and configure OIDC features
features: {
devInteractions: { enabled: false },

deviceFlow: { enabled: true },
revocation: { enabled: true },
introspection: { enabled: true },
webMessageResponseMode: { enabled: true },
claimsParameter: { enabled: true },
},

// Enables rotating refresh tokens
rotateRefreshToken: true,

// Define routes for various OIDC endpoints
routes: {
authorization: '/api/oidc/auth',
Expand All @@ -43,29 +60,30 @@ export function createOidcProvider() {
response_types: ['code', 'id_token'],
},

// Allow CORS requests from any origin
clientBasedCORS: () => true,

// Enable and configure OIDC features
features: {
devInteractions: { enabled: false },

deviceFlow: { enabled: true },
revocation: { enabled: true },
introspection: { enabled: true },
webMessageResponseMode: { enabled: true },
claimsParameter: { enabled: true },
},

// Enables rotating refresh tokens
rotateRefreshToken: true,

// Defines the available claims and their scopes
claims: {
address: ['address'],
email: ['email', 'verifiedEmails'],
phone: ['phone', 'verifiedPhone'],
profile: ['id', 'birthdate', 'firstName', 'gender', 'lastName', 'locale', 'displayName', 'photoURL'],
profile: [
'sub', // Subject Identifier (User ID)
'name', // Full name
'given_name', // First name
'family_name', // Last name
'preferred_username', // Username or display name
'picture', // Profile picture URL
'birthdate', // Date of birth
'locale', // User's locale
'updated_at' // Profile last updated timestamp
],
email: [
'email', // Email address
'email_verified' // Email verification status
],
phone: [
'phone_number', // Phone number
'phone_number_verified' // Phone number verification status
],
address: [
'address' // Physical address
]
},
// Define extra parameters for handling scope dynamically
extraParams: {
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
import type { NextApiRequest, NextApiResponse } from 'next';
import { createOidcProvider } from '@/lib/external-oidc';

const provider = createOidcProvider();

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
try {

// Rewrite URL to point to the OpenID Connect configuration path
req.url = '/.well-known/openid-configuration';

// Pass the request and response to the OIDC provider
await provider.callback()(req, res);

} catch (error) {
console.error(`[OIDC] Error handling .well-known request:`, error);
res.status(500).json({ error: 'Internal Server Error' });
}
}

// Disable body parsing as oidc-provider expects raw body
export const config = {
api: {
bodyParser: false,
},
};
8 changes: 0 additions & 8 deletions apps/account/src/pages/api/oidc/[...slug].ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,6 @@ const provider = createOidcProvider();

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
try {
const { slug } = req.query;

// Set caching headers to disable caching
res.setHeader('Cache-Control', 'no-store, no-cache, must-revalidate, proxy-revalidate');
res.setHeader('Pragma', 'no-cache');
res.setHeader('Expires', '0');
res.setHeader('Surrogate-Control', 'no-store');

await provider.callback()(req, res);
} catch (error) {
console.error(`[OIDC] Error handling request at path ${req.url}:`, error);
Expand Down
2 changes: 1 addition & 1 deletion apps/account/tsconfig.json
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@
"src/auth.ts",
"src/lib/internal-auth/googledb-adapter",
"build/types/**/*.ts"
],
, "src/pages/api/oidc/.well-known/openid-configuration.ts" ],
"exclude": [
"node_modules"
]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import { DropdownMenu, DropdownMenuTrigger, DropdownMenuContent, DropdownMenuIte
import { signIn, getSession } from "next-auth/react";
import { Skeleton } from "@/components/ui/skeleton";
import Image from "next/image";
import { UserService } from "@/service";

interface Provider {
icon: string;
Expand Down Expand Up @@ -37,12 +38,15 @@ const ConnectedAccounts: React.FC = () => {
const [loading, setLoading] = useState(true);
const [error, setError] = useState<string | null>(null);

const userService = UserService();

useEffect(() => {
const fetchAccounts = async () => {
try {
const session = await getSession();
if (session?.user?.accounts) {
setAccounts(Object.values(session.user.accounts));
const user = await userService.getUserProfile(session?.accessToken!);
if (user?.accounts) {
setAccounts(Object.values(user?.accounts));
}
} catch (err: unknown) {
if (err instanceof Error) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import { Input } from "@/components/ui/input";
import { Skeleton } from "@/components/ui/skeleton";
import { ShieldCheck, X } from "lucide-react";
import { Separator } from "@/components/ui/separator";
import { UserService } from "@/service";

interface EmailListProps {
emails: string[];
Expand Down Expand Up @@ -175,12 +176,16 @@ const VerifiedEmails: React.FC = () => {
const [isOtpSent, setIsOtpSent] = useState(false);
const [emailToDelete, setEmailToDelete] = useState<string | null>(null);

const userService = UserService();

useEffect(() => {
const fetchEmails = async () => {
try {
const session = await getSession();
if (session?.user?.verifiedEmails) {
setEmails(session.user.verifiedEmails);
const user = await userService.getUserProfile(session?.accessToken!);

if (user?.verifiedEmails) {
setEmails(user.verifiedEmails);
}
} catch (err) {
handleError(error);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ export async function GET(request: NextRequest): Promise<NextResponse> {
return NextResponse.json({ message: 'Not authenticated' }, { status: 401 });
}

const userId = session.user.id; // Adjust based on how your session stores the user ID
const userId = session.user.id!; // Adjust based on how your session stores the user ID

const userDoc = await usersCollection(firestore).doc(userId).get();

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ export async function POST(request: NextRequest): Promise<NextResponse> {
return NextResponse.json({ message: 'Not authenticated' }, { status: 401 });
}

const userId = session.user.id; // Adjust based on how your session stores the user ID
const userId = session.user.id!; // Adjust based on how your session stores the user ID
const data = await request.json();
console.log(data);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ export async function POST(request: NextRequest): Promise<NextResponse> {
return NextResponse.json({ message: 'Not authenticated' }, { status: 401 });
}

const userId = session.user.id; // Adjust based on how your session stores the user ID
const userId = session.user.id!; // Adjust based on how your session stores the user ID
const data = await request.json();

const validFields = {
Expand Down
Loading

0 comments on commit 93c1886

Please sign in to comment.