@strav/social 0.4.30 → 1.0.0-alpha.22

package/src/providers/facebook_provider.ts

@@ -1,69 +0,0 @@
-import { ExternalServiceError, scrubProviderError } from '@strav/kernel'
-import { AbstractProvider } from '../abstract_provider.ts'
-import type { SocialUser } from '../types.ts'
-
-const API_VERSION = 'v21.0'
-
-export class FacebookProvider extends AbstractProvider {
-  readonly name = 'Facebook'
-
-  protected getDefaultScopes(): string[] {
-    return ['email', 'public_profile']
-  }
-
-  /**
-   * Facebook's Graph API token endpoint reads `client_secret` from the
-   * request body (its docs don't advertise HTTP Basic support reliably),
-   * so default to `'post'` here. Apps can still override via
-   * `ProviderConfig.tokenEndpointAuthMethod`.
-   */
-  protected override defaultTokenEndpointAuthMethod(): 'basic' | 'post' {
-    return 'post'
-  }
-
-  protected getAuthUrl(): string {
-    return `https://www.facebook.com/${API_VERSION}/dialog/oauth`
-  }
-
-  protected getTokenUrl(): string {
-    return `https://graph.facebook.com/${API_VERSION}/oauth/access_token`
-  }
-
-  protected async getUserByToken(token: string): Promise<Record<string, unknown>> {
-    const fields = 'id,name,email,picture.type(large)'
-    const response = await fetch(
-      `https://graph.facebook.com/${API_VERSION}/me?fields=${fields}&access_token=${token}`
-    )
-
-    if (!response.ok) {
-      throw new ExternalServiceError(
-        'Facebook',
-        response.status,
-        scrubProviderError(await response.text())
-      )
-    }
-
-    return (await response.json()) as Record<string, unknown>
-  }
-
-  protected mapUserToObject(data: Record<string, unknown>): SocialUser {
-    const picture = data.picture as { data?: { url?: string } } | undefined
-    const email = (data.email as string) ?? null
-
-    return {
-      id: data.id as string,
-      name: (data.name as string) ?? null,
-      email,
-      // Facebook's Graph API only returns the user's verified primary email;
-      // an unverified address is omitted from the response entirely.
-      emailVerified: email !== null,
-      avatar: picture?.data?.url ?? null,
-      nickname: null,
-      token: '',
-      refreshToken: null,
-      expiresIn: null,
-      approvedScopes: [],
-      raw: data,
-    }
-  }
-}

package/src/providers/github_provider.ts

@@ -1,75 +0,0 @@
-import { ExternalServiceError, scrubProviderError } from '@strav/kernel'
-import { AbstractProvider } from '../abstract_provider.ts'
-import type { SocialUser } from '../types.ts'
-
-export class GitHubProvider extends AbstractProvider {
-  readonly name = 'GitHub'
-
-  protected getDefaultScopes(): string[] {
-    return ['read:user', 'user:email']
-  }
-
-  protected getAuthUrl(): string {
-    return 'https://github.com/login/oauth/authorize'
-  }
-
-  protected getTokenUrl(): string {
-    return 'https://github.com/login/oauth/access_token'
-  }
-
-  protected async getUserByToken(token: string): Promise<Record<string, unknown>> {
-    const headers = {
-      Authorization: `Bearer ${token}`,
-      Accept: 'application/json',
-      'User-Agent': 'Strav-Social',
-    }
-
-    const [userResponse, emailsResponse] = await Promise.all([
-      fetch('https://api.github.com/user', { headers }),
-      fetch('https://api.github.com/user/emails', { headers }),
-    ])
-
-    if (!userResponse.ok) {
-      throw new ExternalServiceError(
-        'GitHub',
-        userResponse.status,
-        scrubProviderError(await userResponse.text())
-      )
-    }
-
-    const user = (await userResponse.json()) as Record<string, unknown>
-
-    // If the user's profile email is private, fall back to the primary verified email
-    if (!user.email && emailsResponse.ok) {
-      const emails = (await emailsResponse.json()) as Array<{
-        email: string
-        primary: boolean
-        verified: boolean
-      }>
-      const primary = emails.find(e => e.primary && e.verified)
-      if (primary) user.email = primary.email
-    }
-
-    return user
-  }
-
-  protected mapUserToObject(data: Record<string, unknown>): SocialUser {
-    const email = (data.email as string) ?? null
-    return {
-      id: String(data.id),
-      name: (data.name as string) ?? null,
-      email,
-      // GitHub only exposes verified emails: the profile `email` is required
-      // to be a verified address, and the fallback path in getUserByToken
-      // filters /user/emails for `verified === true`.
-      emailVerified: email !== null,
-      avatar: (data.avatar_url as string) ?? null,
-      nickname: (data.login as string) ?? null,
-      token: '',
-      refreshToken: null,
-      expiresIn: null,
-      approvedScopes: [],
-      raw: data,
-    }
-  }
-}

package/src/providers/google_provider.ts

@@ -1,51 +0,0 @@
-import { ExternalServiceError, scrubProviderError } from '@strav/kernel'
-import { AbstractProvider } from '../abstract_provider.ts'
-import type { SocialUser } from '../types.ts'
-
-export class GoogleProvider extends AbstractProvider {
-  readonly name = 'Google'
-
-  protected getDefaultScopes(): string[] {
-    return ['openid', 'email', 'profile']
-  }
-
-  protected getAuthUrl(): string {
-    return 'https://accounts.google.com/o/oauth2/v2/auth'
-  }
-
-  protected getTokenUrl(): string {
-    return 'https://oauth2.googleapis.com/token'
-  }
-
-  protected async getUserByToken(token: string): Promise<Record<string, unknown>> {
-    const response = await fetch('https://www.googleapis.com/oauth2/v3/userinfo', {
-      headers: { Authorization: `Bearer ${token}` },
-    })
-
-    if (!response.ok) {
-      throw new ExternalServiceError(
-        'Google',
-        response.status,
-        scrubProviderError(await response.text())
-      )
-    }
-
-    return (await response.json()) as Record<string, unknown>
-  }
-
-  protected mapUserToObject(data: Record<string, unknown>): SocialUser {
-    return {
-      id: data.sub as string,
-      name: (data.name as string) ?? null,
-      email: (data.email as string) ?? null,
-      emailVerified: data.email_verified === true,
-      avatar: (data.picture as string) ?? null,
-      nickname: null,
-      token: '',
-      refreshToken: null,
-      expiresIn: null,
-      approvedScopes: [],
-      raw: data,
-    }
-  }
-}

package/src/providers/line_provider.ts

@@ -1,73 +0,0 @@
-import { ExternalServiceError, scrubProviderError } from '@strav/kernel'
-import { AbstractProvider } from '../abstract_provider.ts'
-import type { SocialUser } from '../types.ts'
-
-/**
- * LINE Login OAuth 2.1 provider.
- *
- * Distinct from the LINE Messaging API (handled by @strav/line) — this is
- * the user-facing OAuth flow that lets a website log a user in with their
- * LINE account.
- *
- * Scope notes:
- *   - `profile` (default) returns userId, displayName, pictureUrl.
- *   - `openid` (default) returns an ID token alongside the access token.
- *   - `email` is optional and requires the "Email permission" to be
- *     approved on the LINE Login channel — uncommon for new apps. The
- *     SocialUser.email will be null when this scope is not granted.
- *
- * @see https://developers.line.biz/en/docs/line-login/integrate-line-login/
- */
-export class LineProvider extends AbstractProvider {
-  readonly name = 'LINE'
-
-  protected getDefaultScopes(): string[] {
-    return ['profile', 'openid']
-  }
-
-  /** LINE expects client_secret in the body, not as HTTP Basic. */
-  protected override defaultTokenEndpointAuthMethod(): 'basic' | 'post' {
-    return 'post'
-  }
-
-  protected getAuthUrl(): string {
-    return 'https://access.line.me/oauth2/v2.1/authorize'
-  }
-
-  protected getTokenUrl(): string {
-    return 'https://api.line.me/oauth2/v2.1/token'
-  }
-
-  protected async getUserByToken(token: string): Promise<Record<string, unknown>> {
-    const response = await fetch('https://api.line.me/v2/profile', {
-      headers: { Authorization: `Bearer ${token}` },
-    })
-
-    if (!response.ok) {
-      throw new ExternalServiceError(
-        'LINE',
-        response.status,
-        scrubProviderError(await response.text())
-      )
-    }
-
-    return (await response.json()) as Record<string, unknown>
-  }
-
-  protected mapUserToObject(data: Record<string, unknown>): SocialUser {
-    return {
-      id: data.userId as string,
-      name: (data.displayName as string) ?? null,
-      email: (data.email as string) ?? null,
-      // LINE does not surface a "verified" flag on email; treat presence as verified.
-      emailVerified: typeof data.email === 'string',
-      avatar: (data.pictureUrl as string) ?? null,
-      nickname: null,
-      token: '',
-      refreshToken: null,
-      expiresIn: null,
-      approvedScopes: [],
-      raw: data,
-    }
-  }
-}

package/src/providers/linkedin_provider.ts

@@ -1,51 +0,0 @@
-import { ExternalServiceError, scrubProviderError } from '@strav/kernel'
-import { AbstractProvider } from '../abstract_provider.ts'
-import type { SocialUser } from '../types.ts'
-
-export class LinkedInProvider extends AbstractProvider {
-  readonly name = 'LinkedIn'
-
-  protected getDefaultScopes(): string[] {
-    return ['openid', 'profile', 'email']
-  }
-
-  protected getAuthUrl(): string {
-    return 'https://www.linkedin.com/oauth/v2/authorization'
-  }
-
-  protected getTokenUrl(): string {
-    return 'https://www.linkedin.com/oauth/v2/accessToken'
-  }
-
-  protected async getUserByToken(token: string): Promise<Record<string, unknown>> {
-    const response = await fetch('https://api.linkedin.com/v2/userinfo', {
-      headers: { Authorization: `Bearer ${token}` },
-    })
-
-    if (!response.ok) {
-      throw new ExternalServiceError(
-        'LinkedIn',
-        response.status,
-        scrubProviderError(await response.text())
-      )
-    }
-
-    return (await response.json()) as Record<string, unknown>
-  }
-
-  protected mapUserToObject(data: Record<string, unknown>): SocialUser {
-    return {
-      id: data.sub as string,
-      name: (data.name as string) ?? null,
-      email: (data.email as string) ?? null,
-      emailVerified: data.email_verified === true,
-      avatar: (data.picture as string) ?? null,
-      nickname: null,
-      token: '',
-      refreshToken: null,
-      expiresIn: null,
-      approvedScopes: [],
-      raw: data,
-    }
-  }
-}

package/src/schema.ts

@@ -1,13 +0,0 @@
-import { defineSchema, t, Archetype } from '@strav/database'
-
-export const schema = defineSchema('social_account', {
-  archetype: Archetype.Component,
-  parents: ['user'],
-  fields: {
-    provider: t.varchar(50).required().index(),
-    providerId: t.varchar(255).required().index(),
-    token: t.text().required().sensitive(),
-    refreshToken: t.text().nullable().sensitive(),
-    expiresAt: t.timestamptz().nullable(),
-  },
-})

package/src/social_account.ts

@@ -1,238 +0,0 @@
-import { EncryptionManager, Emitter } from '@strav/kernel'
-import { extractUserId } from '@strav/database'
-import SocialManager from './social_manager.ts'
-import type { SocialUser } from './types.ts'
-
-const ENC_PREFIX = 'enc:v1:'
-
-/**
- * Encrypt an OAuth token before persisting it. The `enc:v1:` prefix is the
- * sentinel that lets reads distinguish encrypted values from legacy
- * plaintext rows that predate the encryption-at-rest migration.
- */
-function encryptToken(plain: string): string {
-  return ENC_PREFIX + EncryptionManager.encrypt(plain)
-}
-
-/**
- * Decrypt a stored token. Values without the `enc:v1:` prefix are assumed
- * to be legacy plaintext (predate encryption-at-rest); they are returned
- * as-is and re-encrypted on next write.
- */
-function decryptToken(stored: string): string {
-  if (!stored.startsWith(ENC_PREFIX)) return stored
-  return EncryptionManager.decrypt(stored.slice(ENC_PREFIX.length))
-}
-
-/** The DB record for a social account link. */
-export interface SocialAccountData {
-  id: number
-  userId: string | number
-  provider: string
-  providerId: string
-  token: string
-  refreshToken: string | null
-  expiresAt: Date | null
-  createdAt: Date
-  updatedAt: Date
-}
-
-/**
- * Static helper for managing social account records.
- *
- * Follows the same pattern as AccessToken: all methods are static,
- * database access goes through the parent manager (SocialManager.db).
- *
- * @example
- * const account = await SocialAccount.findByProvider('github', '12345')
- * const accounts = await SocialAccount.findByUser(user)
- * const created = await SocialAccount.create({ user, provider: 'google', ... })
- */
-export default class SocialAccount {
-  private static get sql() {
-    return SocialManager.db.sql
-  }
-
-  private static get fk() {
-    return SocialManager.userFkColumn
-  }
-
-  /**
-   * Find a social account by provider name and provider-specific user ID.
-   * This is the primary lookup used during OAuth callback.
-   */
-  static async findByProvider(
-    provider: string,
-    providerId: string
-  ): Promise<SocialAccountData | null> {
-    const rows = await SocialAccount.sql`
-      SELECT * FROM "social_account"
-      WHERE "provider" = ${provider}
-        AND "provider_id" = ${providerId}
-      LIMIT 1
-    `
-    return rows.length > 0 ? SocialAccount.hydrate(rows[0] as Record<string, unknown>) : null
-  }
-
-  /**
-   * Find all social accounts linked to a user.
-   */
-  static async findByUser(user: unknown): Promise<SocialAccountData[]> {
-    const userId = extractUserId(user)
-    const fk = SocialAccount.fk
-    const rows = await SocialAccount.sql.unsafe(
-      `SELECT * FROM "social_account" WHERE "${fk}" = $1 ORDER BY "created_at" ASC`,
-      [userId]
-    )
-    return rows.map((r: any) => SocialAccount.hydrate(r))
-  }
-
-  /**
-   * Create a new social account link. Emits `social_account:linked`
-   * after a successful insert so apps can wire `@strav/audit` (or any
-   * other observability sink) without forcing a hard dependency.
-   */
-  static async create(data: {
-    user: unknown
-    provider: string
-    providerId: string
-    token: string
-    refreshToken?: string | null
-    expiresAt?: Date | null
-  }): Promise<SocialAccountData> {
-    const userId = extractUserId(data.user)
-    const fk = SocialAccount.fk
-    const rows = await SocialAccount.sql.unsafe(
-      `INSERT INTO "social_account" ("${fk}", "provider", "provider_id", "token", "refresh_token", "expires_at")
-       VALUES ($1, $2, $3, $4, $5, $6)
-       RETURNING *`,
-      [
-        userId,
-        data.provider,
-        data.providerId,
-        encryptToken(data.token),
-        data.refreshToken != null ? encryptToken(data.refreshToken) : null,
-        data.expiresAt ?? null,
-      ]
-    )
-    const account = SocialAccount.hydrate(rows[0] as Record<string, unknown>)
-    void Emitter.emit('social_account:linked', {
-      accountId: account.id,
-      userId: account.userId,
-      provider: account.provider,
-      providerId: account.providerId,
-    }).catch(() => {})
-    return account
-  }
-
-  /**
-   * Find an existing social account by `(provider, providerId)` or create a
-   * new one. If the account already exists, its tokens are updated.
-   *
-   * SECURITY: This function does NOT validate the email. If the caller is
-   * passing in an existing application `user` that was located by
-   * `socialUser.email`, the caller MUST first verify
-   * `socialUser.emailVerified === true`. Linking by an unverified
-   * provider email is a known account-takeover vector — see the
-   * "Verified-email gate" section in this package's CLAUDE.md.
-   */
-  static async findOrCreate(
-    provider: string,
-    socialUser: SocialUser,
-    user: unknown
-  ): Promise<{ account: SocialAccountData; created: boolean }> {
-    const existing = await SocialAccount.findByProvider(provider, socialUser.id)
-    if (existing) {
-      await SocialAccount.updateTokens(
-        existing.id,
-        socialUser.token,
-        socialUser.refreshToken,
-        socialUser.expiresIn ? new Date(Date.now() + socialUser.expiresIn * 1000) : null
-      )
-      existing.token = socialUser.token
-      existing.refreshToken = socialUser.refreshToken
-      existing.expiresAt = socialUser.expiresIn
-        ? new Date(Date.now() + socialUser.expiresIn * 1000)
-        : null
-      return { account: existing, created: false }
-    }
-
-    const account = await SocialAccount.create({
-      user,
-      provider,
-      providerId: socialUser.id,
-      token: socialUser.token,
-      refreshToken: socialUser.refreshToken,
-      expiresAt: socialUser.expiresIn ? new Date(Date.now() + socialUser.expiresIn * 1000) : null,
-    })
-    return { account, created: true }
-  }
-
-  /**
-   * Update OAuth tokens for an existing social account. Tokens are
-   * encrypted at rest — pass plaintext values; the column stores ciphertext.
-   * Emits `social_account:tokens_updated` so an audit hook can record the
-   * token swap.
-   */
-  static async updateTokens(
-    id: number,
-    token: string,
-    refreshToken: string | null,
-    expiresAt: Date | null
-  ): Promise<void> {
-    const encryptedToken = encryptToken(token)
-    const encryptedRefresh = refreshToken != null ? encryptToken(refreshToken) : null
-    await SocialAccount.sql`
-      UPDATE "social_account"
-      SET "token" = ${encryptedToken},
-          "refresh_token" = ${encryptedRefresh},
-          "expires_at" = ${expiresAt},
-          "updated_at" = NOW()
-      WHERE "id" = ${id}
-    `
-    void Emitter.emit('social_account:tokens_updated', {
-      accountId: id,
-      hasRefreshToken: refreshToken != null,
-      expiresAt,
-    }).catch(() => {})
-  }
-
-  /**
-   * Delete a social account by its database ID. Emits
-   * `social_account:unlinked` for the audit trail.
-   */
-  static async delete(id: number): Promise<void> {
-    await SocialAccount.sql`
-      DELETE FROM "social_account" WHERE "id" = ${id}
-    `
-    void Emitter.emit('social_account:unlinked', { accountId: id }).catch(() => {})
-  }
-
-  /** Delete all social accounts for a user. */
-  static async deleteByUser(user: unknown): Promise<void> {
-    const userId = extractUserId(user)
-    const fk = SocialAccount.fk
-    await SocialAccount.sql.unsafe(`DELETE FROM "social_account" WHERE "${fk}" = $1`, [userId])
-    void Emitter.emit('social_account:unlinked_all', { userId }).catch(() => {})
-  }
-
-  // ---------------------------------------------------------------------------
-  // Internal
-  // ---------------------------------------------------------------------------
-
-  private static hydrate(row: Record<string, unknown>): SocialAccountData {
-    const fk = SocialAccount.fk
-    const rawRefresh = (row.refresh_token as string) ?? null
-    return {
-      id: row.id as number,
-      userId: row[fk] as string | number,
-      provider: row.provider as string,
-      providerId: row.provider_id as string,
-      token: decryptToken(row.token as string),
-      refreshToken: rawRefresh != null ? decryptToken(rawRefresh) : null,
-      expiresAt: (row.expires_at as Date) ?? null,
-      createdAt: row.created_at as Date,
-      updatedAt: row.updated_at as Date,
-    }
-  }
-}

package/stubs/config/social.ts

@@ -1,22 +0,0 @@
-import { env } from '@strav/kernel'
-
-export default {
-  userKey: 'id',
-  providers: {
-    // google: {
-    //   clientId: env('GOOGLE_CLIENT_ID', ''),
-    //   clientSecret: env('GOOGLE_CLIENT_SECRET', ''),
-    //   redirectUrl: env('GOOGLE_REDIRECT_URL', 'http://localhost:3000/auth/google/callback'),
-    // },
-    // github: {
-    //   clientId: env('GITHUB_CLIENT_ID', ''),
-    //   clientSecret: env('GITHUB_CLIENT_SECRET', ''),
-    //   redirectUrl: env('GITHUB_REDIRECT_URL', 'http://localhost:3000/auth/github/callback'),
-    // },
-    // discord: {
-    //   clientId: env('DISCORD_CLIENT_ID', ''),
-    //   clientSecret: env('DISCORD_CLIENT_SECRET', ''),
-    //   redirectUrl: env('DISCORD_REDIRECT_URL', 'http://localhost:3000/auth/discord/callback'),
-    // },
-  },
-}

package/stubs/schemas/social_account.ts

@@ -1,13 +0,0 @@
-import { defineSchema, t, Archetype } from '@strav/database'
-
-export default defineSchema('social_account', {
-  archetype: Archetype.Component,
-  parents: ['user'],
-  fields: {
-    provider: t.varchar(50).required().index(),
-    providerId: t.varchar(255).required().index(),
-    token: t.text().required().sensitive(),
-    refreshToken: t.text().nullable().sensitive(),
-    expiresAt: t.timestamptz().nullable(),
-  },
-})

package/tsconfig.json

@@ -1,5 +0,0 @@
-{
-  "extends": "../../tsconfig.json",
-  "include": ["src/**/*.ts"],
-  "exclude": ["node_modules", "tests"]
-}