npm - @epic-web/workshop-app - Versions diffs - 5.9.2 → 5.9.3 - Mend

@epic-web/workshop-app 5.9.2 → 5.9.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/build/server/index.js CHANGED Viewed

@@ -71,8 +71,7 @@ import { useEventSource } from "remix-utils/sse/react";
 import { eventStream } from "remix-utils/sse/server";
 import { EventEmitter } from "events";
 import { remember } from "@epic-web/remember";
-import md5 from "md5-hex";
-import { Issuer } from "openid-client";
+import * as client from "openid-client";
 import inspector from "node:inspector";
 import { getCommitInfo, getLatestWorkshopAppVersion } from "@epic-web/workshop-utils/git.server";
 import { Resvg } from "@resvg/resvg-js";
@@ -9773,6 +9772,11 @@ const EVENTS = {
   AUTH_RESOLVED: "AUTH_RESOLVED",
   AUTH_REJECTED: "AUTH_REJECTED"
 };
+const UserInfoSchema = z.object({
+  id: z.string(),
+  email: z.string().optional(),
+  name: z.string().optional()
+});
 const authEmitter = remember("authEmitter", () => new EventEmitter());
 authEmitter.removeAllListeners();
 async function registerDevice() {
@@ -9780,47 +9784,55 @@ async function registerDevice() {
     product: { host }
   } = getWorkshopConfig();
   const { ISSUER = `https://${host}/oauth` } = process.env;
-  const GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device_code";
   try {
-    const issuer = await Issuer.discover(ISSUER);
-    const client = await issuer.Client.register({
-      grant_types: [GRANT_TYPE],
-      response_types: [],
-      redirect_uris: [],
-      token_endpoint_auth_method: "none",
-      application_type: "native"
-    });
-    const handle2 = await client.deviceAuthorization();
+    const config = await client.discovery(new URL(ISSUER), "EPICSHOP_APP");
+    const deviceResponse = await client.initiateDeviceAuthorization(config, {});
     authEmitter.emit(EVENTS.USER_CODE_RECEIVED, {
-      code: handle2.user_code,
-      url: handle2.verification_uri_complete
+      code: deviceResponse.user_code,
+      url: deviceResponse.verification_uri_complete
     });
-    const timeout = setTimeout(() => handle2.abort(), handle2.expires_in * 1e3);
-    const tokenSet = await handle2.poll().catch(() => {
-    });
-    clearTimeout(timeout);
-    if (!tokenSet) {
-      authEmitter.emit(EVENTS.AUTH_REJECTED, {
-        error: `Timed out in ${handle2.expires_in} seconds waiting for user to authorize device.`
+    const timeout = setTimeout(() => {
+      throw new Error("Device authorization timed out");
+    }, deviceResponse.expires_in * 1e3);
+    try {
+      const tokenSet = await client.pollDeviceAuthorizationGrant(
+        config,
+        deviceResponse
+      );
+      clearTimeout(timeout);
+      if (!tokenSet) {
+        authEmitter.emit(EVENTS.AUTH_REJECTED, {
+          error: "No token set"
+        });
+        return;
+      }
+      const protectedResourceResponse = await client.fetchProtectedResource(
+        config,
+        tokenSet.access_token,
+        new URL(`${ISSUER}/userinfo`),
+        "GET"
+      );
+      const userinfoRaw = await protectedResourceResponse.json();
+      const userinfoResult = UserInfoSchema.safeParse(userinfoRaw);
+      if (!userinfoResult.success) {
+        authEmitter.emit(EVENTS.AUTH_REJECTED, {
+          error: `Failed to parse user info: ${userinfoResult.error.message}`
+        });
+        return;
+      }
+      const userinfo = userinfoResult.data;
+      await setAuthInfo({
+        id: userinfo.id,
+        tokenSet,
+        email: userinfo.email,
+        name: userinfo.name
       });
-      return;
+      await getUserInfo({ forceFresh: true });
+      authEmitter.emit(EVENTS.AUTH_RESOLVED);
+    } catch (error) {
+      clearTimeout(timeout);
+      throw error;
     }
-    const userinfo = await client.userinfo(tokenSet);
-    let id;
-    if (typeof userinfo.id === "string") {
-      id = userinfo.id;
-    } else {
-      console.warn("[UNEXPECTED] User ID is not a string:", userinfo.id);
-      id = userinfo.email ? md5(userinfo.email) : createId();
-    }
-    await setAuthInfo({
-      id,
-      tokenSet,
-      email: userinfo.email,
-      name: userinfo.name
-    });
-    await getUserInfo({ forceFresh: true });
-    authEmitter.emit(EVENTS.AUTH_RESOLVED);
   } catch (error) {
     authEmitter.emit(EVENTS.AUTH_REJECTED, {
       error: getErrorMessage(error)