mirror of https://github.com/sveltejs/svelte
parent
120ee28c4f
commit
fb5179b0f3
@ -0,0 +1,15 @@
|
||||
exports.up = DB => {
|
||||
DB.sql(`
|
||||
create table if not exists sessions (
|
||||
uid uuid NOT NULL PRIMARY KEY DEFAULT gen_random_uuid(),
|
||||
user_id integer REFERENCES users(id) not null,
|
||||
expiry timestamp without time zone DEFAULT now() + interval '1 year'
|
||||
);
|
||||
`);
|
||||
};
|
||||
|
||||
exports.down = DB => {
|
||||
DB.sql(`
|
||||
drop table if exists sessions;
|
||||
`);
|
||||
};
|
@ -1,150 +0,0 @@
|
||||
import polka from 'polka';
|
||||
import devalue from 'devalue';
|
||||
import send from '@polka/send';
|
||||
import { get, post } from 'httpie';
|
||||
import { parse, stringify } from 'querystring';
|
||||
import { decode, sign, verify } from './token';
|
||||
import { find, query } from '../utils/db';
|
||||
|
||||
const {
|
||||
BASEURL,
|
||||
GITHUB_CLIENT_ID,
|
||||
GITHUB_CLIENT_SECRET,
|
||||
} = process.env;
|
||||
|
||||
const OAuth = 'https://github.com/login/oauth';
|
||||
|
||||
function exit(res, code, msg='') {
|
||||
const error = msg.charAt(0).toUpperCase() + msg.substring(1);
|
||||
send(res, code, { error });
|
||||
}
|
||||
|
||||
function onError(err, req, res) {
|
||||
const error = err.message || err;
|
||||
const code = err.code || err.status || 500;
|
||||
res.headersSent || send(res, code, { error });
|
||||
}
|
||||
|
||||
/**
|
||||
* Middleware to determine User validity
|
||||
*/
|
||||
export async function isUser(req, res) {
|
||||
const abort = exit.bind(null, res, 401);
|
||||
|
||||
const auth = req.headers.authorization;
|
||||
if (!auth) return abort('Missing Authorization header');
|
||||
|
||||
const [scheme, token] = auth.split(' ');
|
||||
if (scheme !== 'Bearer' || !token) return abort('Invalid Authorization format');
|
||||
|
||||
let data;
|
||||
const decoded = decode(token, { complete:true });
|
||||
if (!decoded || !decoded.header) return abort('Invalid token');
|
||||
|
||||
try {
|
||||
data = await verify(token);
|
||||
} catch (err) {
|
||||
return abort(err.message);
|
||||
}
|
||||
|
||||
const { uid, username } = data;
|
||||
if (!uid || !username) return abort('Invalid token payload');
|
||||
|
||||
try {
|
||||
const row = await find(`select * from users where uid = $1 and username = $2 limit 1`, [uid, username]);
|
||||
return row || abort('Invalid token');
|
||||
} catch (err) {
|
||||
console.error('Auth.isUser', err);
|
||||
return send(res, 500, 'Unknown error occurred');
|
||||
}
|
||||
}
|
||||
|
||||
export function toUser(obj={}) {
|
||||
const { uid, username, name, avatar } = obj;
|
||||
const token = sign({ uid, username });
|
||||
return { uid, username, name, avatar, token };
|
||||
}
|
||||
|
||||
export function API() {
|
||||
const app = polka({ onError });
|
||||
|
||||
if (GITHUB_CLIENT_ID) {
|
||||
app.get('/auth/login', (req, res) => {
|
||||
try {
|
||||
const Location = `${OAuth}/authorize?` + stringify({
|
||||
scope: 'read:user',
|
||||
client_id: GITHUB_CLIENT_ID,
|
||||
redirect_uri: `${BASEURL}/auth/callback`,
|
||||
});
|
||||
|
||||
send(res, 302, Location, { Location });
|
||||
} catch (err) {
|
||||
console.error('GET /auth/login', err);
|
||||
send(res, 500);
|
||||
}
|
||||
});
|
||||
|
||||
app.get('/auth/callback', async (req, res) => {
|
||||
try {
|
||||
// Trade "code" for "access_token"
|
||||
const r1 = await post(`${OAuth}/access_token?` + stringify({
|
||||
code: req.query.code,
|
||||
client_id: GITHUB_CLIENT_ID,
|
||||
client_secret: GITHUB_CLIENT_SECRET,
|
||||
}));
|
||||
|
||||
// Now fetch User details
|
||||
const { access_token } = parse(r1.data);
|
||||
const r2 = await get('https://api.github.com/user', {
|
||||
headers: {
|
||||
'User-Agent': 'svelte.dev',
|
||||
Authorization: `token ${access_token}`
|
||||
}
|
||||
});
|
||||
|
||||
const { id, name, avatar_url, login } = r2.data;
|
||||
|
||||
// Upsert `users` table
|
||||
const [user] = await query(`
|
||||
insert into users(uid, name, username, avatar, github_token)
|
||||
values ($1, $2, $3, $4, $5) on conflict (uid) do update
|
||||
set (name, username, avatar, github_token, updated_at) = ($2, $3, $4, $5, now())
|
||||
returning *
|
||||
`, [id, name, login, avatar_url, access_token]);
|
||||
|
||||
send(res, 200, `
|
||||
<script>
|
||||
window.opener.postMessage({
|
||||
user: ${devalue(toUser(user))}
|
||||
}, window.location.origin);
|
||||
</script>
|
||||
`, {
|
||||
'Content-Type': 'text/html; charset=utf-8'
|
||||
});
|
||||
} catch (err) {
|
||||
console.error('GET /auth/callback', err);
|
||||
send(res, 500, err.data, {
|
||||
'Content-Type': err.headers['content-type'],
|
||||
'Content-Length': err.headers['content-length']
|
||||
});
|
||||
}
|
||||
});
|
||||
} else {
|
||||
// Print "Misconfigured" error
|
||||
app.get('/auth/login', (req, res) => {
|
||||
send(res, 500, `
|
||||
<body style="font-family: sans-serif; background: rgb(255,215,215); border: 2px solid red; margin: 0; padding: 1em;">
|
||||
<h1>Missing .env file</h1>
|
||||
<p>In order to use GitHub authentication, you will need to <a target="_blank" href="https://github.com/settings/developers">register an OAuth application</a> and create a local .env file:</p>
|
||||
<pre>GITHUB_CLIENT_ID=[YOUR_APP_ID]\nGITHUB_CLIENT_SECRET=[YOUR_APP_SECRET]\nBASEURL=http://localhost:3000</pre>
|
||||
<p>The <code>BASEURL</code> variable should match the callback URL specified for your app.</p>
|
||||
<p>See also <a target="_blank" href="https://github.com/sveltejs/svelte/tree/master/site#repl-github-integration">here</a></p>
|
||||
</body>
|
||||
`, {
|
||||
'Content-Type': 'text/html; charset=utf-8'
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
return app;
|
||||
}
|
@ -1,22 +0,0 @@
|
||||
import * as jwt from 'jsonwebtoken';
|
||||
|
||||
const { JWT_KEY, JWT_ALG, JWT_EXP } = process.env;
|
||||
|
||||
const CONFIG = {
|
||||
expiresIn: JWT_EXP,
|
||||
issuer: 'https://svelte.dev',
|
||||
audience: 'https://svelte.dev',
|
||||
algorithm: JWT_ALG,
|
||||
};
|
||||
|
||||
export const decode = jwt.decode;
|
||||
|
||||
export function sign(obj, opts, cb) {
|
||||
opts = Object.assign({}, opts, CONFIG);
|
||||
return jwt.sign(obj, JWT_KEY, opts, cb);
|
||||
}
|
||||
|
||||
export function verify(str, opts, cb) {
|
||||
opts = Object.assign({}, opts, CONFIG);
|
||||
return jwt.verify(str, JWT_KEY, opts, cb);
|
||||
}
|
@ -1,8 +0,0 @@
|
||||
import send from '@polka/send';
|
||||
import { isUser, toUser } from '../../backend/auth';
|
||||
|
||||
export async function get(req, res) {
|
||||
const user = await isUser(req, res);
|
||||
res.setHeader('Cache-Control', 'private, no-cache, no-store');
|
||||
return send(res, 200, user ? toUser(user) : null);
|
||||
}
|
@ -1,33 +0,0 @@
|
||||
import { writable } from 'svelte/store';
|
||||
|
||||
|
||||
export const user = writable(null);
|
||||
|
||||
if (process.browser) {
|
||||
const storageKey = 'svelte-dev:token';
|
||||
|
||||
// On load, get the last-known user token (if any)
|
||||
// Note: We can skip this all by writing User data?
|
||||
const token = localStorage.getItem(storageKey);
|
||||
|
||||
// Write changes to localStorage
|
||||
user.subscribe(obj => {
|
||||
if (obj) {
|
||||
localStorage.setItem(storageKey, obj.token);
|
||||
} else {
|
||||
localStorage.removeItem(storageKey);
|
||||
}
|
||||
});
|
||||
|
||||
if (token) {
|
||||
// If token, refresh the User data from API
|
||||
const headers = { Authorization: `Bearer ${token}` };
|
||||
fetch('/auth/me.json', { headers })
|
||||
.then(r => r.ok ? r.json() : null)
|
||||
.then(user.set);
|
||||
}
|
||||
}
|
||||
|
||||
export function logout() {
|
||||
user.set(null);
|
||||
}
|
Loading…
Reference in new issue