CaZzzer/vpgen
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

WIP: auth: improve handling of invite tokens

Browse Source
This commit is contained in:
Yuri Tatishchev
2025-04-08 10:56:13 -07:00
parent 4300729638
commit 2ed0b70780
3 changed files with 31 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/routes/auth/google/+server.ts
View File

@@ -8,7 +8,7 @@ export const GET: RequestHandler = ({ url, cookies }) => {
const state = generateState();
const codeVerifier = generateCodeVerifier();
const scopes = ['openid', 'profile', 'email'];
const authUrl = google.createAuthorizationURL(state, codeVerifier, scopes);
const authUrl = google.createAuthorizationURL(state + inviteToken, codeVerifier, scopes);
cookies.set('google_oauth_state', state, {
path: '/',
@@ -22,12 +22,6 @@ export const GET: RequestHandler = ({ url, cookies }) => {
maxAge: 60 * 10, // 10 minutes
sameSite: 'lax',
});
if (inviteToken !== null) cookies.set('invite_token', inviteToken, {
path: '/',
httpOnly: true,
maxAge: 60 * 10, // 10 minutes
sameSite: 'lax',
});
return new Response(null, {
status: 302,

23
src/routes/auth/google/callback/+server.ts
View File

@@ -13,8 +13,7 @@ export const GET: RequestHandler = async (event) => {
const code = url.searchParams.get('code');
const state = url.searchParams.get('state');
const storedState = cookies.get('google_oauth_state') ?? null;
const codeVerifier = cookies.get('google_code_verifier', ) ?? null;
const inviteToken = cookies.get('invite_token') ?? null;
const codeVerifier = cookies.get('google_code_verifier') ?? null;
if (code === null || state === null || storedState === null || codeVerifier === null) {
return new Response(null, {
@@ -22,6 +21,14 @@ export const GET: RequestHandler = async (event) => {
});
}
const stateGeneratedToken = state.slice(0, storedState.length);
const stateInviteToken = state.slice(storedState.length);
if (stateGeneratedToken !== storedState) {
return new Response(null, {
status: 400,
});
}
let tokens: OAuth2Tokens;
try {
tokens = await google.validateAuthorizationCode(code, codeVerifier);
@@ -69,10 +76,12 @@ export const GET: RequestHandler = async (event) => {
});
}
// TODO: proper error page
if (inviteToken === null || !isValidInviteToken(inviteToken)) {
return new Response(null, {
status: 400,
if (!isValidInviteToken(stateInviteToken)) {
const message =
stateInviteToken.length === 0 ? 'sign up with an invite link first' : 'invalid invite link';
return new Response('Not Authorized: ' + message, {
status: 403,
});
}
@@ -85,7 +94,7 @@ export const GET: RequestHandler = async (event) => {
// TODO: proper error handling, delete cookies
await db.insert(table.users).values(user);
console.log('created user', user, 'with invite token', inviteToken);
console.log('created user', user, 'with invite token', stateInviteToken);
const session = await createSession(user.id);