auth: work on adding google auth via invite

2025-03-14 01:08:42 -07:00
parent 073bf65094
commit 02ff13e4d3
19 changed files with 577 additions and 100 deletions
--- a/src/routes/auth/authentik/callback/+server.ts
+++ b/src/routes/auth/authentik/callback/+server.ts
@@ -1,27 +1,28 @@
-import { createSession, setSessionTokenCookie } from "$lib/server/auth";
-import { authentik } from "$lib/server/oauth";
-import { decodeIdToken } from "arctic";
+import { createSession, setSessionTokenCookie } from '$lib/server/auth';
+import { authentik } from '$lib/server/oauth';
+import { decodeIdToken } from 'arctic';

-import type { RequestEvent } from "@sveltejs/kit";
-import type { OAuth2Tokens } from "arctic";
+import type { RequestEvent } from '@sveltejs/kit';
+import type { OAuth2Tokens } from 'arctic';
 import { db } from '$lib/server/db';
 import { eq } from 'drizzle-orm';

 import * as table from '$lib/server/db/schema';

 export async function GET(event: RequestEvent): Promise<Response> {
-	const code = event.url.searchParams.get("code");
-	const state = event.url.searchParams.get("state");
-	const storedState = event.cookies.get("authentik_oauth_state") ?? null;
-	const codeVerifier = event.cookies.get("authentik_code_verifier") ?? null;
+	const code = event.url.searchParams.get('code');
+	const state = event.url.searchParams.get('state');
+	const storedState = event.cookies.get('authentik_oauth_state') ?? null;
+	const codeVerifier = event.cookies.get('authentik_code_verifier') ?? null;
+
 	if (code === null || state === null || storedState === null || codeVerifier === null) {
 		return new Response(null, {
-			status: 400
+			status: 400,
 		});
 	}
 	if (state !== storedState) {
 		return new Response(null, {
-			status: 400
+			status: 400,
 		});
 	}

@@ -31,15 +32,19 @@ export async function GET(event: RequestEvent): Promise<Response> {
 	} catch (e) {
 		// Invalid code or client credentials
 		return new Response(null, {
-			status: 400
+			status: 400,
 		});
 	}
-	const claims = decodeIdToken(tokens.idToken()) as { sub: string, preferred_username: string, name: string };
-	console.log("claims", claims);
+	const claims = decodeIdToken(tokens.idToken()) as {
+		sub: string;
+		preferred_username: string;
+		name: string;
+	};
+	console.log('claims', claims);
 	const userId: string = claims.sub;
 	const username: string = claims.preferred_username;

-	const existingUser = await db.query.users.findFirst({where: eq(table.users.id, userId)});
+	const existingUser = await db.query.users.findFirst({ where: eq(table.users.id, userId) });

 	if (existingUser) {
 		const session = await createSession(existingUser.id);
@@ -47,13 +52,14 @@ export async function GET(event: RequestEvent): Promise<Response> {
 		return new Response(null, {
 			status: 302,
 			headers: {
-				Location: "/"
-			}
+				Location: '/',
+			},
 		});
 	}

 	const user: table.User = {
 		id: userId,
+		authSource: 'authentik',
 		username,
 		name: claims.name as string,
 	};
@@ -65,14 +71,14 @@ export async function GET(event: RequestEvent): Promise<Response> {
 	} catch (e) {
 		console.error('failed to create user', e);
 		return new Response(null, {
-			status: 500
+			status: 500,
 		});
 	}

 	return new Response(null, {
 		status: 302,
 		headers: {
-			Location: "/"
-		}
+			Location: '/',
+		},
 	});
 }