CaZzzer/vpgen
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: CaZzzer:feature/auth-1
Branches Tags
CaZzzer:develop CaZzzer:feature/wg-quick CaZzzer:feature/invite CaZzzer:feature/auth CaZzzer:feature/auth-1 CaZzzer:feature/ci CaZzzer:feature/api CaZzzer:feature/provider-interface-1 CaZzzer:feature/provider-interface CaZzzer:feature/logging CaZzzer:feature/qrcode CaZzzer:feature/trailing-slashes CaZzzer:feature/opnsense CaZzzer:master
..
compare: CaZzzer:feature/auth
Branches Tags
CaZzzer:feature/wg-quick CaZzzer:develop CaZzzer:feature/invite CaZzzer:feature/auth CaZzzer:feature/auth-1 CaZzzer:feature/ci CaZzzer:feature/api CaZzzer:feature/provider-interface-1 CaZzzer:feature/provider-interface CaZzzer:feature/logging CaZzzer:feature/qrcode CaZzzer:feature/trailing-slashes CaZzzer:feature/opnsense CaZzzer:master

1 Commits
feature/au ... feature/au

Author SHA1 Message Date
Yuri Tatishchev
230fcf79df auth: refactor common oauth provider logic, add options to disable providers and require invites
All checks were successful
ci/woodpecker/push/build-image Pipeline was successful
Details
2025-05-02 16:41:13 -07:00
1 changed files with 6 additions and 6 deletions
Expand all files Collapse all files

12
src/routes/auth/[provider]/+server.ts
View File

@@ -3,24 +3,24 @@ import { oauthProviders } from '$lib/server/oauth';
import { is } from 'typia'; import { is } from 'typia';
import { type AuthProvider, enabledAuthProviders } from '$lib/auth'; import { type AuthProvider, enabledAuthProviders } from '$lib/auth';
export async function GET(event) { export async function GET({ params: { provider }, url, cookies }) {
const { provider } = event.params;
if (!is<AuthProvider>(provider) || !enabledAuthProviders[provider]) { if (!is<AuthProvider>(provider) || !enabledAuthProviders[provider]) {
return new Response(null, { status: 404 }); return new Response(null, { status: 404 });
} }
const oauthProvider = oauthProviders[provider]; const oauthProvider = oauthProviders[provider];
const inviteToken = url.searchParams.get('invite') ?? '';
const state = generateState(); const state = generateState();
const codeVerifier = generateCodeVerifier(); const codeVerifier = generateCodeVerifier();
const url = oauthProvider.createAuthorizationURL(state, codeVerifier); const authUrl = oauthProvider.createAuthorizationURL(state + inviteToken, codeVerifier);
event.cookies.set(`${provider}_oauth_state`, state, { cookies.set(`${provider}_oauth_state`, state, {
path: '/', path: '/',
httpOnly: true, httpOnly: true,
maxAge: 60 * 10, // 10 minutes maxAge: 60 * 10, // 10 minutes
sameSite: 'lax', sameSite: 'lax',
}); });
event.cookies.set(`${provider}_code_verifier`, codeVerifier, { cookies.set(`${provider}_code_verifier`, codeVerifier, {
path: '/', path: '/',
httpOnly: true, httpOnly: true,
maxAge: 60 * 10, // 10 minutes maxAge: 60 * 10, // 10 minutes
@@ -30,7 +30,7 @@ export async function GET(event) {
return new Response(null, { return new Response(null, {
status: 302, status: 302,
headers: { headers: {
Location: url.toString(), Location: authUrl.toString(),
}, },
}); });
} }