@acmekit/auth-google 2.13.1

package/README.md

@@ -0,0 +1,11 @@
+## Testing
+
+In order to manually test the flow, you can do the following:
+
+1. Register an app in `https://console.cloud.google.com/apis/credentials/consent`
+2. Generate clientId and clientSecret credentials in the console
+3. Replace the values in the test with your credentials
+4. Remove the `server.listen()` call
+5. Run the tests, get the `location` value from the `authenticate` test, open the browser
+6. Once redirected, copy the `code` param from the URL, and add it in one of the `callback` success tests
+7. Once you run the tests, you should get back an access token, id token, and so on.

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+declare const _default: import("@acmekit/types").ModuleProviderExports;
+export default _default;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAKA,wBAEE"}

package/dist/index.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const utils_1 = require("@acmekit/framework/utils");
+const google_1 = require("./services/google");
+const services = [google_1.GoogleAuthService];
+exports.default = (0, utils_1.ModuleProvider)(utils_1.Modules.AUTH, {
+    services,
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;AAAA,oDAAkE;AAClE,8CAAqD;AAErD,MAAM,QAAQ,GAAG,CAAC,0BAAiB,CAAC,CAAA;AAEpC,kBAAe,IAAA,sBAAc,EAAC,eAAO,CAAC,IAAI,EAAE;IAC1C,QAAQ;CACT,CAAC,CAAA"}

package/dist/services/google.d.ts

@@ -0,0 +1,30 @@
+import { AuthenticationInput, AuthenticationResponse, AuthIdentityProviderService, GoogleAuthProviderOptions, Logger } from "@acmekit/framework/types";
+import { AbstractAuthModuleProvider } from "@acmekit/framework/utils";
+type InjectedDependencies = {
+    logger: Logger;
+};
+interface LocalServiceConfig extends GoogleAuthProviderOptions {
+}
+export declare class GoogleAuthService extends AbstractAuthModuleProvider {
+    static identifier: string;
+    static DISPLAY_NAME: string;
+    protected config_: LocalServiceConfig;
+    protected logger_: Logger;
+    static validateOptions(options: GoogleAuthProviderOptions): void;
+    constructor({ logger }: InjectedDependencies, options: GoogleAuthProviderOptions);
+    register(_: any): Promise<AuthenticationResponse>;
+    authenticate(req: AuthenticationInput, authIdentityService: AuthIdentityProviderService): Promise<AuthenticationResponse>;
+    validateCallback(req: AuthenticationInput, authIdentityService: AuthIdentityProviderService): Promise<AuthenticationResponse>;
+    verify_(idToken: string | undefined, authIdentityService: AuthIdentityProviderService): Promise<{
+        success: boolean;
+        error: any;
+        authIdentity?: undefined;
+    } | {
+        success: boolean;
+        authIdentity: any;
+        error?: undefined;
+    }>;
+    private getRedirect;
+}
+export {};
+//# sourceMappingURL=google.d.ts.map

package/dist/services/google.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"google.d.ts","sourceRoot":"","sources":["../../src/services/google.ts"],"names":[],"mappings":"AACA,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,2BAA2B,EAC3B,yBAAyB,EACzB,MAAM,EACP,MAAM,0BAA0B,CAAA;AACjC,OAAO,EACL,0BAA0B,EAE3B,MAAM,0BAA0B,CAAA;AAGjC,KAAK,oBAAoB,GAAG;IAC1B,MAAM,EAAE,MAAM,CAAA;CACf,CAAA;AAED,UAAU,kBAAmB,SAAQ,yBAAyB;CAAG;AACjE,qBAAa,iBAAkB,SAAQ,0BAA0B;IAC/D,MAAM,CAAC,UAAU,SAAW;IAC5B,MAAM,CAAC,YAAY,SAA0B;IAE7C,SAAS,CAAC,OAAO,EAAE,kBAAkB,CAAA;IACrC,SAAS,CAAC,OAAO,EAAE,MAAM,CAAA;IAEzB,MAAM,CAAC,eAAe,CAAC,OAAO,EAAE,yBAAyB;gBAevD,EAAE,MAAM,EAAE,EAAE,oBAAoB,EAChC,OAAO,EAAE,yBAAyB;IAQ9B,QAAQ,CAAC,CAAC,KAAA,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAO5C,YAAY,CAChB,GAAG,EAAE,mBAAmB,EACxB,mBAAmB,EAAE,2BAA2B,GAC/C,OAAO,CAAC,sBAAsB,CAAC;IAoB5B,gBAAgB,CACpB,GAAG,EAAE,mBAAmB,EACxB,mBAAmB,EAAE,2BAA2B,GAC/C,OAAO,CAAC,sBAAsB,CAAC;IAsD5B,OAAO,CACX,OAAO,EAAE,MAAM,GAAG,SAAS,EAC3B,mBAAmB,EAAE,2BAA2B;;;;;;;;;IAmDlD,OAAO,CAAC,WAAW;CAUpB"}

package/dist/services/google.js

@@ -0,0 +1,140 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GoogleAuthService = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+const utils_1 = require("@acmekit/framework/utils");
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+class GoogleAuthService extends utils_1.AbstractAuthModuleProvider {
+    static validateOptions(options) {
+        if (!options.clientId) {
+            throw new Error("Google clientId is required");
+        }
+        if (!options.clientSecret) {
+            throw new Error("Google clientSecret is required");
+        }
+        if (!options.callbackUrl) {
+            throw new Error("Google callbackUrl is required");
+        }
+    }
+    constructor({ logger }, options) {
+        // @ts-ignore
+        super(...arguments);
+        this.config_ = options;
+        this.logger_ = logger;
+    }
+    async register(_) {
+        throw new utils_1.AcmeKitError(utils_1.AcmeKitError.Types.NOT_ALLOWED, "Google does not support registration. Use method `authenticate` instead.");
+    }
+    async authenticate(req, authIdentityService) {
+        const query = req.query ?? {};
+        const body = req.body ?? {};
+        if (query.error) {
+            return {
+                success: false,
+                error: `${query.error_description}, read more at: ${query.error_uri}`,
+            };
+        }
+        const stateKey = crypto_1.default.randomBytes(32).toString("hex");
+        const state = {
+            callback_url: body?.callback_url ?? this.config_.callbackUrl,
+        };
+        await authIdentityService.setState(stateKey, state);
+        return this.getRedirect(this.config_.clientId, state.callback_url, stateKey);
+    }
+    async validateCallback(req, authIdentityService) {
+        const query = req.query ?? {};
+        const body = req.body ?? {};
+        if (query.error) {
+            return {
+                success: false,
+                error: `${query.error_description}, read more at: ${query.error_uri}`,
+            };
+        }
+        const code = query?.code ?? body?.code;
+        if (!code) {
+            return { success: false, error: "No code provided" };
+        }
+        const state = await authIdentityService.getState(query?.state);
+        if (!state) {
+            return { success: false, error: "No state provided, or session expired" };
+        }
+        const params = `client_id=${this.config_.clientId}&client_secret=${this.config_.clientSecret}&code=${code}&redirect_uri=${state.callback_url}&grant_type=authorization_code`;
+        const exchangeTokenUrl = new URL(`https://oauth2.googleapis.com/token?${params}`);
+        try {
+            const response = await fetch(exchangeTokenUrl.toString(), {
+                method: "POST",
+            }).then((r) => {
+                if (!r.ok) {
+                    throw new utils_1.AcmeKitError(utils_1.AcmeKitError.Types.INVALID_DATA, `Could not exchange token, ${r.status}, ${r.statusText}`);
+                }
+                return r.json();
+            });
+            const { authIdentity, success } = await this.verify_(response.id_token, authIdentityService);
+            return {
+                success,
+                authIdentity,
+            };
+        }
+        catch (error) {
+            return { success: false, error: error.message };
+        }
+    }
+    async verify_(idToken, authIdentityService) {
+        if (!idToken) {
+            return { success: false, error: "No ID found" };
+        }
+        const jwtData = jsonwebtoken_1.default.decode(idToken, {
+            complete: true,
+        });
+        const payload = jwtData.payload;
+        if (!payload.email_verified) {
+            throw new utils_1.AcmeKitError(utils_1.AcmeKitError.Types.INVALID_DATA, "Email not verified, cannot proceed with authentication");
+        }
+        const entity_id = payload.sub;
+        const userMetadata = {
+            name: payload.name,
+            email: payload.email,
+            picture: payload.picture,
+            given_name: payload.given_name,
+            family_name: payload.family_name,
+        };
+        let authIdentity;
+        try {
+            authIdentity = await authIdentityService.retrieve({
+                entity_id,
+            });
+        }
+        catch (error) {
+            if (error.type === utils_1.AcmeKitError.Types.NOT_FOUND) {
+                const createdAuthIdentity = await authIdentityService.create({
+                    entity_id,
+                    user_metadata: userMetadata,
+                });
+                authIdentity = createdAuthIdentity;
+            }
+            else {
+                return { success: false, error: error.message };
+            }
+        }
+        return {
+            success: true,
+            authIdentity,
+        };
+    }
+    getRedirect(clientId, callbackUrl, stateKey) {
+        const authUrl = new URL(`https://accounts.google.com/o/oauth2/v2/auth`);
+        authUrl.searchParams.set("redirect_uri", callbackUrl);
+        authUrl.searchParams.set("client_id", clientId);
+        authUrl.searchParams.set("response_type", "code");
+        authUrl.searchParams.set("scope", "email profile openid");
+        authUrl.searchParams.set("state", stateKey);
+        return { success: true, location: authUrl.toString() };
+    }
+}
+exports.GoogleAuthService = GoogleAuthService;
+GoogleAuthService.identifier = "google";
+GoogleAuthService.DISPLAY_NAME = "Google Authentication";
+//# sourceMappingURL=google.js.map

package/dist/services/google.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"google.js","sourceRoot":"","sources":["../../src/services/google.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA2B;AAQ3B,oDAGiC;AACjC,gEAAmD;AAOnD,MAAa,iBAAkB,SAAQ,kCAA0B;IAO/D,MAAM,CAAC,eAAe,CAAC,OAAkC;QACvD,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAA;QAChD,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAA;QACpD,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAA;QACnD,CAAC;IACH,CAAC;IAED,YACE,EAAE,MAAM,EAAwB,EAChC,OAAkC;QAElC,aAAa;QACb,KAAK,CAAC,GAAG,SAAS,CAAC,CAAA;QACnB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;QACtB,IAAI,CAAC,OAAO,GAAG,MAAM,CAAA;IACvB,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,CAAC;QACd,MAAM,IAAI,oBAAY,CACpB,oBAAY,CAAC,KAAK,CAAC,WAAW,EAC9B,0EAA0E,CAC3E,CAAA;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,GAAwB,EACxB,mBAAgD;QAEhD,MAAM,KAAK,GAA2B,GAAG,CAAC,KAAK,IAAI,EAAE,CAAA;QACrD,MAAM,IAAI,GAA2B,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;QAEnD,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;YAChB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,GAAG,KAAK,CAAC,iBAAiB,mBAAmB,KAAK,CAAC,SAAS,EAAE;aACtE,CAAA;QACH,CAAC;QAED,MAAM,QAAQ,GAAG,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;QACvD,MAAM,KAAK,GAAG;YACZ,YAAY,EAAE,IAAI,EAAE,YAAY,IAAI,IAAI,CAAC,OAAO,CAAC,WAAW;SAC7D,CAAA;QAED,MAAM,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAA;QACnD,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAA;IAC9E,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,GAAwB,EACxB,mBAAgD;QAEhD,MAAM,KAAK,GAA2B,GAAG,CAAC,KAAK,IAAI,EAAE,CAAA;QACrD,MAAM,IAAI,GAA2B,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;QAEnD,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;YAChB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,GAAG,KAAK,CAAC,iBAAiB,mBAAmB,KAAK,CAAC,SAAS,EAAE;aACtE,CAAA;QACH,CAAC;QAED,MAAM,IAAI,GAAG,KAAK,EAAE,IAAI,IAAI,IAAI,EAAE,IAAI,CAAA;QACtC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAA;QACtD,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,mBAAmB,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAe,CAAC,CAAA;QACxE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,uCAAuC,EAAE,CAAA;QAC3E,CAAC;QAED,MAAM,MAAM,GAAG,aAAa,IAAI,CAAC,OAAO,CAAC,QAAQ,kBAAkB,IAAI,CAAC,OAAO,CAAC,YAAY,SAAS,IAAI,iBAAiB,KAAK,CAAC,YAAY,gCAAgC,CAAA;QAC5K,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAC9B,uCAAuC,MAAM,EAAE,CAChD,CAAA;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,QAAQ,EAAE,EAAE;gBACxD,MAAM,EAAE,MAAM;aACf,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;gBACZ,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;oBACV,MAAM,IAAI,oBAAY,CACpB,oBAAY,CAAC,KAAK,CAAC,YAAY,EAC/B,6BAA6B,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,UAAU,EAAE,CACzD,CAAA;gBACH,CAAC;gBAED,OAAO,CAAC,CAAC,IAAI,EAAE,CAAA;YACjB,CAAC,CAAC,CAAA;YAEF,MAAM,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAClD,QAAQ,CAAC,QAAkB,EAC3B,mBAAmB,CACpB,CAAA;YAED,OAAO;gBACL,OAAO;gBACP,YAAY;aACb,CAAA;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAA;QACjD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CACX,OAA2B,EAC3B,mBAAgD;QAEhD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,aAAa,EAAE,CAAA;QACjD,CAAC;QAED,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,OAAO,EAAE;YAClC,QAAQ,EAAE,IAAI;SACf,CAAe,CAAA;QAChB,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAA;QAE/B,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;YAC5B,MAAM,IAAI,oBAAY,CACpB,oBAAY,CAAC,KAAK,CAAC,YAAY,EAC/B,wDAAwD,CACzD,CAAA;QACH,CAAC;QAED,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAA;QAC7B,MAAM,YAAY,GAAG;YACnB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC,CAAA;QAED,IAAI,YAAY,CAAA;QAEhB,IAAI,CAAC;YACH,YAAY,GAAG,MAAM,mBAAmB,CAAC,QAAQ,CAAC;gBAChD,SAAS;aACV,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,CAAC,IAAI,KAAK,oBAAY,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;gBAChD,MAAM,mBAAmB,GAAG,MAAM,mBAAmB,CAAC,MAAM,CAAC;oBAC3D,SAAS;oBACT,aAAa,EAAE,YAAY;iBAC5B,CAAC,CAAA;gBACF,YAAY,GAAG,mBAAmB,CAAA;YACpC,CAAC;iBAAM,CAAC;gBACN,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAA;YACjD,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI;YACb,YAAY;SACb,CAAA;IACH,CAAC;IAEO,WAAW,CAAC,QAAgB,EAAE,WAAmB,EAAE,QAAgB;QACzE,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,8CAA8C,CAAC,CAAA;QACvE,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,CAAA;QACrD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAA;QAC/C,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAA;QACjD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,sBAAsB,CAAC,CAAA;QACzD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAA;QAE3C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAA;IACxD,CAAC;;AApLH,8CAqLC;AApLQ,4BAAU,GAAG,QAAQ,CAAA;AACrB,8BAAY,GAAG,uBAAuB,CAAA"}

package/dist/tsconfig.tsbuildinfo

@@ -0,0 +1 @@
+{"root":["../src/index.ts","../src/services/google.ts"],"version":"5.9.3"}

package/package.json

@@ -0,0 +1,41 @@
+{
+  "name": "@acmekit/auth-google",
+  "version": "2.13.1",
+  "description": "Google OAuth authentication provider for AcmeKit",
+  "main": "dist/index.js",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/acmekit/acmekit",
+    "directory": "packages/modules/providers/auth-google"
+  },
+  "files": [
+    "dist",
+    "!dist/**/__tests__",
+    "!dist/**/__mocks__",
+    "!dist/**/__fixtures__"
+  ],
+  "engines": {
+    "node": ">=20"
+  },
+  "author": "AcmeKit",
+  "license": "MIT",
+  "scripts": {
+    "test": "../../../../node_modules/.bin/jest --passWithNoTests src",
+    "test:integration": "../../../../node_modules/.bin/jest --passWithNoTests --forceExit --testPathPattern=\"integration-tests/__tests__/.*\\.spec\\.ts\"",
+    "build": "yarn run -T rimraf dist && yarn run -T tsc --build",
+    "watch": "yarn run -T tsc --watch"
+  },
+  "devDependencies": {
+    "@acmekit/framework": "2.13.1"
+  },
+  "dependencies": {
+    "jsonwebtoken": "^9.0.2"
+  },
+  "peerDependencies": {
+    "@acmekit/framework": "2.13.1"
+  },
+  "keywords": [
+    "acmekit-provider",
+    "acmekit-provider-auth-google"
+  ]
+}