@x-sls/google-auth 1.0.1 → 1.1.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@x-sls/google-auth",
-  "version": "1.0.1",
+  "version": "1.1.0",
   "main": "src/index.js",
   "scripts": {},
   "dependencies": {

package/src/client.js

@@ -1,63 +1,60 @@
-function createClient({
+const createAuthUrl = ({ GOOGLE_CLIENT_ID, REDIRECT_URI, state = {} }) =>
+  `https://accounts.google.com/o/oauth2/v2/auth?client_id=${GOOGLE_CLIENT_ID}&redirect_uri=${REDIRECT_URI}&response_type=code&scope=profile+email&state=${encodeURIComponent(JSON.stringify(state))}`
+
+const getAccessToken = async ({
   GOOGLE_CLIENT_ID,
   GOOGLE_CLIENT_SECRET,
-  REDIRECT_URI
-}) {
-  const createAuthUrl = () =>
-    `https://accounts.google.com/o/oauth2/v2/auth?client_id=${GOOGLE_CLIENT_ID}&redirect_uri=${REDIRECT_URI}&response_type=code&scope=profile email`
-
-  const getAccessToken = async ({ code }) => {
-    let text
-    try {
-      const res = await fetch('https://oauth2.googleapis.com/token', {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/json'
-        },
-        body: JSON.stringify({
-          client_id: GOOGLE_CLIENT_ID,
-          client_secret: GOOGLE_CLIENT_SECRET,
-          code,
-          redirect_uri: REDIRECT_URI,
-          grant_type: 'authorization_code'
-        })
+  REDIRECT_URI,
+  code
+}) => {
+  let text
+  try {
+    const res = await fetch('https://oauth2.googleapis.com/token', {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json'
+      },
+      body: JSON.stringify({
+        client_id: GOOGLE_CLIENT_ID,
+        client_secret: GOOGLE_CLIENT_SECRET,
+        code,
+        redirect_uri: REDIRECT_URI,
+        grant_type: 'authorization_code'
       })
+    })
 
-      text = await res.text()
+    text = await res.text()
 
-      return JSON.parse(text)
-    } catch (error) {
-      if (text) {
-        console.error({ text })
-      }
-      throw error
+    return JSON.parse(text)
+  } catch (error) {
+    if (text) {
+      console.error({ text })
     }
+    throw error
   }
+}
 
-  const getUserInfo = async ({ access_token }) => {
-    let text
-    try {
-      const res = await fetch('https://www.googleapis.com/oauth2/v1/userinfo', {
-        headers: {
-          Authorization: `Bearer ${access_token}`
-        }
-      })
-
-      text = await res.text()
-      return JSON.parse(text)
-    } catch (error) {
-      if (text) {
-        console.error({ text })
+const getUserInfo = async ({ access_token }) => {
+  let text
+  try {
+    const res = await fetch('https://www.googleapis.com/oauth2/v1/userinfo', {
+      headers: {
+        Authorization: `Bearer ${access_token}`
       }
-      throw error
-    }
-  }
+    })
 
-  return {
-    getUserInfo,
-    getAccessToken,
-    createAuthUrl
+    text = await res.text()
+    return JSON.parse(text)
+  } catch (error) {
+    if (text) {
+      console.error({ text })
+    }
+    throw error
   }
 }
 
-module.exports = createClient
+module.exports = {
+  createAuthUrl,
+  getAccessToken,
+  getUserInfo
+}

package/src/handlers.js

@@ -1,82 +1,115 @@
 const jwt = require('jsonwebtoken')
+const { createAuthUrl, getAccessToken, getUserInfo } = require('./client')
 
-const { createAuthUrl, getAccessToken, getUserInfo } = require('./index')
+function initiate({ GOOGLE_CLIENT_ID, REDIRECT_URI }) {
+  return event => {
+    const { returnUrl } = event?.queryStringParameters || {}
 
-async function initiate() {
-  return {
-    statusCode: 302,
-    headers: {
-      Location: createAuthUrl({ GOOGLE_CLIENT_ID, REDIRECT_URI })
+    const state = { returnUrl }
+    return {
+      statusCode: 302,
+      headers: {
+        Location: createAuthUrl({
+          GOOGLE_CLIENT_ID,
+          REDIRECT_URI,
+          state
+        })
+      }
     }
   }
 }
 
-async function callback(event) {
-  const { code } = event.queryStringParameters
-  const headers = {
-    'Access-Control-Allow-Origin': '*',
-    'Access-Control-Allow-Credentials': true,
-    'Access-Control-Allow-Headers': 'Content-Type, Authorization'
-  }
+function callback({
+  GOOGLE_CLIENT_ID,
+  GOOGLE_CLIENT_SECRET,
+  JWT_SECRET,
+  REDIRECT_URI,
+  isUserAllowed
+}) {
+  return async event => {
+    const { code, state } = event.queryStringParameters
+
+    let returnUrl
+    try {
+      const data = JSON.parse(state)
+      returnUrl = data.returnUrl
+    } catch (error) {
+      console.error('Invalid state:', state)
+      returnUrl = '/'
+    }
 
-  try {
-    const { access_token } = await getAccessToken({
-      code,
-      GOOGLE_CLIENT_ID,
-      GOOGLE_CLIENT_SECRET,
-      REDIRECT_URI
-    })
-    const info = await getUserInfo({ access_token })
+    try {
+      const { access_token } = await getAccessToken({
+        code,
+        GOOGLE_CLIENT_ID,
+        GOOGLE_CLIENT_SECRET,
+        REDIRECT_URI
+      })
+      const info = await getUserInfo({ access_token })
 
-    const { email, name, picture } = info
-    const sessionToken = jwt.sign(
-      {
-        email,
-        name,
-        picture
-      },
-      JWT_SECRET,
-      { expiresIn: '1d' }
-    )
+      const { email, name, picture } = info
 
-    console.log({ sessionToken })
+      const isAllowed = await isUserAllowed(email)
+      if (!isAllowed) {
+        throw new Error('Contact admin for access.')
+      }
 
-    return {
-      statusCode: 200,
-      headers,
-      body: JSON.stringify({ token: sessionToken })
-    }
-  } catch (error) {
-    console.error('Error:', error)
-    return {
-      statusCode: 401,
-      headers,
-      body: JSON.stringify({ error: 'Authentication failed' })
+      const sessionToken = jwt.sign(
+        {
+          email,
+          name,
+          picture
+        },
+        JWT_SECRET,
+        { expiresIn: '1d' }
+      )
+
+      return {
+        statusCode: 302,
+        headers: {
+          Location: `${returnUrl}#token=${sessionToken}`
+        }
+      }
+    } catch (error) {
+      console.error('Error:', error)
+      return {
+        statusCode: 302,
+        headers: {
+          Location: `${returnUrl}#authError=${error}`
+        }
+      }
     }
   }
 }
 
-async function verify(event) {
-  try {
-    const { token } = JSON.parse(event.body)
-    const decoded = jwt.verify(token, JWT_SECRET)
+function verify({ JWT_SECRET, isUserAllowed }) {
+  return async event => {
+    try {
+      const { token } = JSON.parse(event.body)
+      const decoded = jwt.verify(token, JWT_SECRET)
 
-    return {
-      statusCode: 200,
-      headers: {
-        'Access-Control-Allow-Origin': '*',
-        'Access-Control-Allow-Credentials': true
-      },
-      body: JSON.stringify({ user: decoded })
-    }
-  } catch (error) {
-    return {
-      statusCode: 401,
-      headers: {
-        'Access-Control-Allow-Origin': '*',
-        'Access-Control-Allow-Credentials': true
-      },
-      body: JSON.stringify({ error: 'Invalid token' })
+      const isAllowed = await isUserAllowed(decoded.email)
+      if (!isAllowed) {
+        throw new Error('Contact admin for access.')
+      }
+
+      return {
+        statusCode: 200,
+        headers: {
+          'Access-Control-Allow-Origin': '*',
+          'Access-Control-Allow-Credentials': true
+        },
+        body: JSON.stringify({ user: decoded })
+      }
+    } catch (error) {
+      return {
+        statusCode: 401,
+        headers: {
+          'Access-Control-Allow-Origin': '*',
+          'Access-Control-Allow-Credentials': true
+        },
+        body: JSON.stringify({ error: error.message })
+      }
     }
   }
 }

package/src/index.js

@@ -1,7 +1,7 @@
-const jwt = require('jsonwebtoken')
-const createClient = require('./client')
+const client = require('./client')
+const handlers = require('./handlers')
 
 module.exports = {
-  createClient,
-  jwt
+  client,
+  handlers
 }