@studiocms/google 0.1.0-beta.23

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025-present StudioCMS - withstudiocms (https://github.com/withstudiocms)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,27 @@
+# @studiocms/google Plugin
+
+This plugin integrates Google OAuth authentication into StudioCMS. It defines the necessary configuration, including the required environment variables, OAuth provider details, and the endpoint paths for authentication.
+
+## Usage
+
+Add this plugin in your StudioCMS config. (`studiocms.config.mjs`)
+
+```ts
+import { defineStudioCMSConfig } from 'studiocms/config';
+import google from '@studiocms/google';
+
+export default defineStudioCMSConfig({
+    // other options here
+    plugins: [google()]
+});
+```
+
+## Required ENV Variables
+
+- `CMS_GOOGLE_CLIENT_ID`
+- `CMS_GOOGLE_CLIENT_SECRET`
+- `CMS_GOOGLE_REDIRECT_URI`
+
+## License
+
+[MIT Licensed](./LICENSE).

package/dist/effect/google.d.ts

@@ -0,0 +1,80 @@
+import { HttpClient } from '@effect/platform';
+import type { APIContext } from 'astro';
+import { Effect, Schema } from 'studiocms/effect';
+declare const GoogleUser_base: Schema.Class<GoogleUser, {
+    sub: typeof Schema.String;
+    picture: typeof Schema.String;
+    name: typeof Schema.String;
+    email: typeof Schema.String;
+}, Schema.Struct.Encoded<{
+    sub: typeof Schema.String;
+    picture: typeof Schema.String;
+    name: typeof Schema.String;
+    email: typeof Schema.String;
+}>, never, {
+    readonly sub: string;
+} & {
+    readonly picture: string;
+} & {
+    readonly name: string;
+} & {
+    readonly email: string;
+}, {}, {}>;
+/**
+ * Represents a user authenticated via Google OAuth.
+ *
+ * @property sub - The unique identifier for the user (subject).
+ * @property picture - The URL of the user's profile picture.
+ * @property name - The full name of the user.
+ * @property email - The user's email address.
+ */
+export declare class GoogleUser extends GoogleUser_base {
+}
+declare const GoogleOAuthAPI_base: Effect.Service.Class<GoogleOAuthAPI, "GoogleOAuthAPI", {
+    readonly dependencies: readonly [import("effect/Layer").Layer<import("studiocms/lib/auth/session").Session, never, never>, import("effect/Layer").Layer<import("studiocms/lib/auth/verify-email").VerifyEmail, import("studiocms/lib/effects/smtp").SMTPError | import("effect/Cause").UnknownException, never>, import("effect/Layer").Layer<import("studiocms/lib/auth/user").User, import("studiocms/lib/effects/smtp").SMTPError | import("effect/Cause").UnknownException, never>, import("effect/Layer").Layer<HttpClient.HttpClient, never, never>];
+    readonly effect: Effect.Effect<{
+        initSession: (context: APIContext) => Effect.Effect<Response, import("studiocms/lib/auth/session").SessionError, never>;
+        initCallback: (context: APIContext) => Effect.Effect<Response, import("studiocms/sdk/effect/db").LibSQLDatabaseError | import("studiocms/sdk/errors").SDKCoreError | Error, never>;
+    }, never, import("studiocms/lib/auth/session").Session | import("studiocms/lib/auth/verify-email").VerifyEmail | import("studiocms/lib/auth/user").User | HttpClient.HttpClient>;
+}>;
+/**
+ * Provides Google OAuth authentication effects for the StudioCMS API.
+ *
+ * @remarks
+ * This service handles the OAuth flow for Google authentication, including session initialization,
+ * authorization code validation, user account linking, and user creation. It integrates with
+ * session management, user data libraries, and email verification.
+ *
+ * @example
+ * ```typescript
+ * const googleOAuth = new GoogleOAuthAPI();
+ * yield* googleOAuth.initSession(context);
+ * yield* googleOAuth.initCallback(context);
+ * ```
+ *
+ * @method initSession
+ * Initializes the OAuth session by generating a state and code verifier, setting cookies,
+ * and redirecting the user to Google's authorization URL.
+ *
+ * @param context - The API context containing request and response information.
+ * @returns Redirects the user to the Google OAuth authorization URL.
+ *
+ * @method initCallback
+ * Handles the OAuth callback from Google. Validates the authorization code and state,
+ * fetches user information, links or creates user accounts, verifies email, and creates a user session.
+ *
+ * @param context - The API context containing request and response information.
+ * @returns Redirects the user to the appropriate page based on authentication and verification status.
+ *
+ * @dependencies
+ * - Session.Default: Session management utilities.
+ * - SDKCore.Default: Core SDK for user and OAuth provider operations.
+ * - VerifyEmail.Default: Email verification utilities.
+ * - User.Default: User data management utilities.
+ */
+export declare class GoogleOAuthAPI extends GoogleOAuthAPI_base {
+    static ProviderID: string;
+    static ProviderCookieName: string;
+    static ProviderCodeVerifier: string;
+}
+export {};

package/dist/effect/google.js

@@ -0,0 +1,158 @@
+import { getSecret } from "astro:env/server";
+import { Session, User, VerifyEmail } from "studiocms:auth/lib";
+import config from "studiocms:config";
+import { StudioCMSRoutes } from "studiocms:lib";
+import { SDKCore } from "studiocms:sdk";
+import { FetchHttpClient, HttpClient, HttpClientResponse } from "@effect/platform";
+import { Google, generateCodeVerifier, generateState } from "arctic";
+import { Effect, genLogger, Schema } from "studiocms/effect";
+import { getCookie, getUrlParam, ValidateAuthCodeError } from "studiocms/oAuthUtils";
+class GoogleUser extends Schema.Class("GoogleUser")({
+  sub: Schema.String,
+  picture: Schema.String,
+  name: Schema.String,
+  email: Schema.String
+}) {
+}
+const GOOGLE = {
+  CLIENT_ID: getSecret("GOOGLE_CLIENT_ID") ?? "",
+  CLIENT_SECRET: getSecret("GOOGLE_CLIENT_SECRET") ?? "",
+  REDIRECT_URI: getSecret("GOOGLE_REDIRECT_URI") ?? ""
+};
+class GoogleOAuthAPI extends Effect.Service()("GoogleOAuthAPI", {
+  dependencies: [Session.Default, VerifyEmail.Default, User.Default, FetchHttpClient.layer],
+  effect: genLogger("studiocms/routes/api/auth/google/effect")(function* () {
+    const [
+      sdk,
+      fetchClient,
+      { setOAuthSessionTokenCookie, createUserSession },
+      { isEmailVerified, sendVerificationEmail },
+      { getUserData, createOAuthUser }
+    ] = yield* Effect.all([SDKCore, HttpClient.HttpClient, Session, VerifyEmail, User]);
+    const { CLIENT_ID, CLIENT_SECRET, REDIRECT_URI } = GOOGLE;
+    const google = new Google(CLIENT_ID, CLIENT_SECRET, REDIRECT_URI);
+    const validateAuthCode = (code, codeVerifier) => genLogger("studiocms/routes/api/auth/google/effect.validateAuthCode")(function* () {
+      const tokens = yield* Effect.tryPromise(
+        () => google.validateAuthorizationCode(code, codeVerifier)
+      );
+      return yield* fetchClient.get("https://openidconnect.googleapis.com/v1/userinfo", {
+        headers: {
+          Authorization: `Bearer ${tokens.accessToken}`
+        }
+      }).pipe(
+        Effect.flatMap(HttpClientResponse.schemaBodyJson(GoogleUser)),
+        Effect.catchAll(
+          (error) => Effect.fail(
+            new ValidateAuthCodeError({
+              provider: GoogleOAuthAPI.ProviderID,
+              message: `Failed to fetch user info: ${error.message}`
+            })
+          )
+        )
+      );
+    });
+    return {
+      initSession: (context) => genLogger("studiocms/routes/api/auth/google/effect.initSession")(function* () {
+        const state = generateState();
+        const codeVerifier = generateCodeVerifier();
+        const scopes = ["profile", "email"];
+        const url = google.createAuthorizationURL(state, codeVerifier, scopes);
+        yield* setOAuthSessionTokenCookie(context, GoogleOAuthAPI.ProviderCookieName, state);
+        yield* setOAuthSessionTokenCookie(
+          context,
+          GoogleOAuthAPI.ProviderCodeVerifier,
+          codeVerifier
+        );
+        return context.redirect(url.toString());
+      }),
+      initCallback: (context) => genLogger("studiocms/routes/api/auth/google/effect.initCallback")(function* () {
+        const { cookies, redirect } = context;
+        const [code, state, storedState, codeVerifier] = yield* Effect.all([
+          getUrlParam(context, "code"),
+          getUrlParam(context, "state"),
+          getCookie(context, GoogleOAuthAPI.ProviderCookieName),
+          getCookie(context, GoogleOAuthAPI.ProviderCodeVerifier)
+        ]);
+        if (!code || !storedState || !codeVerifier || state !== storedState) {
+          return redirect(StudioCMSRoutes.authLinks.loginURL);
+        }
+        const googleUser = yield* validateAuthCode(code, codeVerifier);
+        const { sub: googleUserId, name: googleUsername } = googleUser;
+        const existingOAuthAccount = yield* sdk.AUTH.oAuth.searchProvidersForId(
+          GoogleOAuthAPI.ProviderID,
+          googleUserId
+        );
+        if (existingOAuthAccount) {
+          const user = yield* sdk.GET.users.byId(existingOAuthAccount.userId);
+          if (!user) {
+            return new Response("User not found", { status: 404 });
+          }
+          const isEmailAccountVerified2 = yield* isEmailVerified(user);
+          if (!isEmailAccountVerified2) {
+            return new Response("Email not verified, please verify your account first.", {
+              status: 400
+            });
+          }
+          yield* createUserSession(user.id, context);
+          return redirect(StudioCMSRoutes.mainLinks.dashboardIndex);
+        }
+        const loggedInUser = yield* getUserData(context);
+        const linkNewOAuth = !!cookies.get(User.LinkNewOAuthCookieName)?.value;
+        if (loggedInUser.user && linkNewOAuth) {
+          const existingUser2 = yield* sdk.GET.users.byId(loggedInUser.user.id);
+          if (existingUser2) {
+            yield* sdk.AUTH.oAuth.create({
+              userId: existingUser2.id,
+              provider: GoogleOAuthAPI.ProviderID,
+              providerUserId: googleUserId
+            });
+            const isEmailAccountVerified2 = yield* isEmailVerified(existingUser2);
+            if (!isEmailAccountVerified2) {
+              return new Response("Email not verified, please verify your account first.", {
+                status: 400
+              });
+            }
+            yield* createUserSession(existingUser2.id, context);
+            return redirect(StudioCMSRoutes.mainLinks.dashboardIndex);
+          }
+        }
+        const newUser = yield* createOAuthUser(
+          {
+            // @ts-expect-error drizzle broke the id variable...
+            id: crypto.randomUUID(),
+            username: googleUsername,
+            email: googleUser.email,
+            name: googleUser.name,
+            avatar: googleUser.picture,
+            createdAt: /* @__PURE__ */ new Date()
+          },
+          { provider: GoogleOAuthAPI.ProviderID, providerUserId: googleUserId }
+        );
+        if ("error" in newUser) {
+          return new Response("Error creating user", { status: 500 });
+        }
+        if (config.dbStartPage) {
+          return redirect("/done");
+        }
+        yield* sendVerificationEmail(newUser.id, true);
+        const existingUser = yield* sdk.GET.users.byId(newUser.id);
+        const isEmailAccountVerified = yield* isEmailVerified(existingUser);
+        if (!isEmailAccountVerified) {
+          return new Response("Email not verified, please verify your account first.", {
+            status: 400
+          });
+        }
+        yield* createUserSession(newUser.id, context);
+        return redirect(StudioCMSRoutes.mainLinks.dashboardIndex);
+      })
+    };
+  })
+}) {
+  static ProviderID = "google";
+  static ProviderCookieName = "google_oauth_state";
+  static ProviderCodeVerifier = "google_oauth_code_verifier";
+}
+export {
+  GoogleOAuthAPI,
+  GoogleUser
+};

package/dist/endpoint.d.ts

@@ -0,0 +1,24 @@
+import type { APIRoute } from 'astro';
+/**
+ * API route handler for initializing a Google session.
+ *
+ * This function uses the Effect system to compose asynchronous operations,
+ * retrieving the `initSession` method from the `GoogleOAuthAPI` and invoking it
+ * with the provided API context. The result is converted to a vanilla response
+ * using `convertToVanilla`.
+ *
+ * @param context - The API context containing request and environment information.
+ * @returns A promise resolving to the API response after session initialization.
+ */
+export declare const initSession: APIRoute;
+/**
+ * Handles the Google OAuth callback endpoint.
+ *
+ * This API route initializes the Google OAuth callback process by invoking the `initCallback`
+ * method from the `GoogleOAuthAPI`. It uses the Effect system to manage dependencies and
+ * asynchronous control flow, providing the default implementation of `GoogleOAuthAPI`.
+ *
+ * @param context - The API context containing request and response objects.
+ * @returns A promise resolving to the result of the Google OAuth callback process.
+ */
+export declare const initCallback: APIRoute;

package/dist/endpoint.js

@@ -0,0 +1,18 @@
+import { convertToVanilla, Effect } from "studiocms/effect";
+import { GoogleOAuthAPI } from "./effect/google.js";
+const initSession = async (context) => await convertToVanilla(
+  Effect.gen(function* () {
+    const { initSession: initSession2 } = yield* GoogleOAuthAPI;
+    return yield* initSession2(context);
+  }).pipe(Effect.provide(GoogleOAuthAPI.Default))
+);
+const initCallback = async (context) => await convertToVanilla(
+  Effect.gen(function* () {
+    const { initCallback: initCallback2 } = yield* GoogleOAuthAPI;
+    return yield* initCallback2(context);
+  }).pipe(Effect.provide(GoogleOAuthAPI.Default))
+);
+export {
+  initCallback,
+  initSession
+};

package/dist/index.d.ts

@@ -0,0 +1,25 @@
+/**
+ * These triple-slash directives defines dependencies to various declaration files that will be
+ * loaded when a user imports the StudioCMS plugin in their Astro configuration file. These
+ * directives must be first at the top of the file and can only be preceded by this comment.
+ */
+import { type StudioCMSPlugin } from 'studiocms/plugins';
+/**
+ * Creates and returns the StudioCMS Google Plugin.
+ *
+ * This plugin integrates Google OAuth authentication into StudioCMS.
+ * It defines the necessary configuration, including the required environment variables,
+ * OAuth provider details, and the endpoint path for authentication.
+ *
+ * @returns {StudioCMSPlugin} The configured StudioCMS Google Plugin instance.
+ *
+ * @remarks
+ * - Requires the following environment variables to be set:
+ *   - `CMS_GOOGLE_CLIENT_ID`
+ *   - `CMS_GOOGLE_CLIENT_SECRET`
+ *   - `CMS_GOOGLE_REDIRECT_URI`
+ * - Minimum supported StudioCMS version: `0.1.0-beta.22`
+ * - Registers the Google OAuth provider with a custom SVG logo.
+ */
+export declare function studiocmsGoogle(): StudioCMSPlugin;
+export default studiocmsGoogle;

package/dist/index.js

@@ -0,0 +1,33 @@
+import { createResolver } from "astro-integration-kit";
+import { definePlugin } from "studiocms/plugins";
+function studiocmsGoogle() {
+  const { resolve } = createResolver(import.meta.url);
+  const packageIdentifier = "@studiocms/google";
+  return definePlugin({
+    identifier: packageIdentifier,
+    name: "StudioCMS Google Plugin",
+    studiocmsMinimumVersion: "0.1.0-beta.22",
+    hooks: {
+      "studiocms:config:setup": ({ setAuthService }) => {
+        setAuthService({
+          oAuthProvider: {
+            name: "google",
+            formattedName: "Google",
+            endpointPath: resolve("./endpoint.js"),
+            requiredEnvVariables: [
+              "CMS_GOOGLE_CLIENT_ID",
+              "CMS_GOOGLE_CLIENT_SECRET",
+              "CMS_GOOGLE_REDIRECT_URI"
+            ],
+            svg: '<svg xmlns="http://www.w3.org/2000/svg" width="24px" height="24px" viewBox="0 0 256 262" class="oauth-logo"><path fill="#4285f4" d="M255.878 133.451c0-10.734-.871-18.567-2.756-26.69H130.55v48.448h71.947c-1.45 12.04-9.283 30.172-26.69 42.356l-.244 1.622l38.755 30.023l2.685.268c24.659-22.774 38.875-56.282 38.875-96.027"/><path fill="#34a853" d="M130.55 261.1c35.248 0 64.839-11.605 86.453-31.622l-41.196-31.913c-11.024 7.688-25.82 13.055-45.257 13.055c-34.523 0-63.824-22.773-74.269-54.25l-1.531.13l-40.298 31.187l-.527 1.465C35.393 231.798 79.49 261.1 130.55 261.1"/><path fill="#fbbc05" d="M56.281 156.37c-2.756-8.123-4.351-16.827-4.351-25.82c0-8.994 1.595-17.697 4.206-25.82l-.073-1.73L15.26 71.312l-1.335.635C5.077 89.644 0 109.517 0 130.55s5.077 40.905 13.925 58.602z"/><path fill="#eb4335" d="M130.55 50.479c24.514 0 41.05 10.589 50.479 19.438l36.844-35.974C195.245 12.91 165.798 0 130.55 0C79.49 0 35.393 29.301 13.925 71.947l42.211 32.783c10.59-31.477 39.891-54.251 74.414-54.251"/></svg>'
+          }
+        });
+      }
+    }
+  });
+}
+var index_default = studiocmsGoogle;
+export {
+  index_default as default,
+  studiocmsGoogle
+};

package/package.json

@@ -0,0 +1,70 @@
+{
+  "name": "@studiocms/google",
+  "version": "0.1.0-beta.23",
+  "description": "Add Google OAuth Support to your StudioCMS project with ease!",
+  "author": {
+    "name": "withstudiocms",
+    "url": "https://studiocms.dev"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/withstudiocms/studiocms.git",
+    "directory": "packages/@studiocms/google"
+  },
+  "contributors": [
+    "Adammatthiesen",
+    "jdtjenkins",
+    "dreyfus92",
+    "code.spirit"
+  ],
+  "license": "MIT",
+  "keywords": [
+    "astro",
+    "astrocms",
+    "astrodb",
+    "astrostudio",
+    "astro-integration",
+    "astro-studio",
+    "astro-studiocms",
+    "cms",
+    "studiocms",
+    "withastro",
+    "plugin",
+    "studiocms-plugin"
+  ],
+  "homepage": "https://studiocms.dev",
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
+  "sideEffects": false,
+  "files": [
+    "dist"
+  ],
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "type": "module",
+  "dependencies": {
+    "astro-integration-kit": "^0.18",
+    "arctic": "^3.7.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0"
+  },
+  "peerDependencies": {
+    "@effect/platform": "^0.90.0",
+    "astro": "^5.12.6",
+    "effect": "^3.17.3",
+    "vite": "^6.3.4",
+    "studiocms": "0.1.0-beta.23"
+  },
+  "scripts": {
+    "build": "buildkit build 'src/**/*.{ts,astro,css,json,png}'",
+    "dev": "buildkit dev 'src/**/*.{ts,astro,css,json,png}'",
+    "typecheck": "tspc -p tsconfig.tspc.json"
+  }
+}