server/plugins/openid/index.ts

import { Hooks, Plugin } from "@versia/kit";
import chalk from "chalk";
import { z } from "zod";
import { User } from "@versia/kit/db";
import authorizeRoute from "./routes/authorize.ts";
import jwksRoute from "./routes/jwks.ts";
import ssoLoginCallbackRoute from "./routes/oauth/callback.ts";
import tokenRevokeRoute from "./routes/oauth/revoke.ts";
import ssoLoginRoute from "./routes/oauth/sso.ts";
import tokenRoute from "./routes/oauth/token.ts";
import ssoIdRoute from "./routes/sso/:id/index.ts";
import ssoRoute from "./routes/sso/index.ts";

const plugin = new Plugin(
    z.object({
        forced: z.boolean().default(false),
        allow_registration: z.boolean().default(true),
        providers: z
            .array(
                z.object({
                    name: z.string().min(1),
                    id: z.string().min(1),
                    url: z.string().min(1),
                    client_id: z.string().min(1),
                    client_secret: z.string().min(1),
                    icon: z.string().min(1).optional(),
                }),
            )
            .default([]),
        keys: z
            .object({
                public: z
                    .string()
                    .min(1)
                    .transform(async (v) => {
                        try {
                            return await crypto.subtle.importKey(
                                "spki",
                                Buffer.from(v, "base64"),
                                "Ed25519",
                                true,
                                ["verify"],
                            );
                        } catch {
                            throw new Error(
                                "Public key at oidc.keys.public is invalid",
                            );
                        }
                    }),
                private: z
                    .string()
                    .min(1)
                    .transform(async (v) => {
                        try {
                            return await crypto.subtle.importKey(
                                "pkcs8",
                                Buffer.from(v, "base64"),
                                "Ed25519",
                                true,
                                ["sign"],
                            );
                        } catch {
                            throw new Error(
                                "Private key at oidc.keys.private is invalid",
                            );
                        }
                    }),
            })
            .optional()
            .transform(async (v, ctx) => {
                if (!(v?.private && v?.public)) {
                    const { public_key, private_key } =
                        await User.generateKeys();

                    ctx.addIssue({
                        code: z.ZodIssueCode.custom,
                        message: `Keys are missing, please add the following to your config:\n\nkeys.public: ${chalk.gray(public_key)}\nkeys.private: ${chalk.gray(private_key)}
                        `,
                    });
                }

                return v as Exclude<typeof v, undefined>;
            }),
    }),
);

// Test hook for screenshots
plugin.registerHandler(Hooks.Response, (req) => {
    console.info("Request received:", req);
    return req;
});

authorizeRoute(plugin);
ssoRoute(plugin);
ssoIdRoute(plugin);
tokenRoute(plugin);
tokenRevokeRoute(plugin);
jwksRoute(plugin);
ssoLoginRoute(plugin);
ssoLoginCallbackRoute(plugin);

export type PluginType = typeof plugin;
export default plugin;
refactor(api): :recycle: Move all SSO account linking endpoint logic to OpenID plugin 2024-09-25 12:31:35 +02:00			`import { Hooks, Plugin } from "@versia/kit";`
feat(cli): :sparkles: Add generate-keys CLI command 2024-10-24 18:18:39 +02:00			`import chalk from "chalk";`
refactor(plugin): :recycle: Move parts of OpenID logic to plugin 2024-08-29 20:32:04 +02:00			`import { z } from "zod";`
fix(plugin): :bug: Fix misleading error message related to plugin initialization 2024-10-24 18:41:11 +02:00			`import { User } from "@versia/kit/db";`
refactor: :truck: Explicitely add extensions to all imports 2024-10-04 15:22:48 +02:00			`import authorizeRoute from "./routes/authorize.ts";`
refactor(plugin): :truck: Move JWKS well-known endpoint to OpenID plugin 2024-10-07 12:52:22 +02:00			`import jwksRoute from "./routes/jwks.ts";`
refactor(plugin): :truck: Move SSO login callback route to OpenID plugin 2024-10-11 15:15:06 +02:00			`import ssoLoginCallbackRoute from "./routes/oauth/callback.ts";`
refactor: :truck: Explicitely add extensions to all imports 2024-10-04 15:22:48 +02:00			`import tokenRevokeRoute from "./routes/oauth/revoke.ts";`
refactor(plugin): :truck: Move SSO login route to OpenID plugin 2024-10-11 14:39:25 +02:00			`import ssoLoginRoute from "./routes/oauth/sso.ts";`
refactor: :truck: Explicitely add extensions to all imports 2024-10-04 15:22:48 +02:00			`import tokenRoute from "./routes/oauth/token.ts";`
			`import ssoIdRoute from "./routes/sso/:id/index.ts";`
			`import ssoRoute from "./routes/sso/index.ts";`
refactor(plugin): :recycle: Move parts of OpenID logic to plugin 2024-08-29 20:32:04 +02:00
refactor(api): :recycle: Move all SSO account linking endpoint logic to OpenID plugin 2024-09-25 12:31:35 +02:00			`const plugin = new Plugin(`
refactor(plugin): :recycle: Move parts of OpenID logic to plugin 2024-08-29 20:32:04 +02:00			`z.object({`
			`forced: z.boolean().default(false),`
			`allow_registration: z.boolean().default(true),`
			`providers: z`
			`.array(`
			`z.object({`
			`name: z.string().min(1),`
			`id: z.string().min(1),`
			`url: z.string().min(1),`
			`client_id: z.string().min(1),`
			`client_secret: z.string().min(1),`
			`icon: z.string().min(1).optional(),`
			`}),`
			`)`
			`.default([]),`
fix(plugin): :bug: Fix misleading error message related to plugin initialization 2024-10-24 18:41:11 +02:00			`keys: z`
			`.object({`
			`public: z`
			`.string()`
			`.min(1)`
			`.transform(async (v) => {`
			`try {`
			`return await crypto.subtle.importKey(`
			`"spki",`
			`Buffer.from(v, "base64"),`
			`"Ed25519",`
			`true,`
			`["verify"],`
			`);`
			`} catch {`
			`throw new Error(`
			`"Public key at oidc.keys.public is invalid",`
			`);`
			`}`
			`}),`
			`private: z`
			`.string()`
			`.min(1)`
			`.transform(async (v) => {`
			`try {`
			`return await crypto.subtle.importKey(`
			`"pkcs8",`
			`Buffer.from(v, "base64"),`
			`"Ed25519",`
			`true,`
			`["sign"],`
			`);`
			`} catch {`
			`throw new Error(`
			`"Private key at oidc.keys.private is invalid",`
			`);`
			`}`
			`}),`
			`})`
			`.optional()`
			`.transform(async (v, ctx) => {`
			`if (!(v?.private && v?.public)) {`
			`const { public_key, private_key } =`
			`await User.generateKeys();`

			`ctx.addIssue({`
			`code: z.ZodIssueCode.custom,`
			message: `Keys are missing, please add the following to your config:\n\nkeys.public: ${chalk.gray(public_key)}\nkeys.private: ${chalk.gray(private_key)}
			`,
			`});`
feat(cli): :sparkles: Add generate-keys CLI command 2024-10-24 18:18:39 +02:00			`}`
fix(plugin): :bug: Fix misleading error message related to plugin initialization 2024-10-24 18:41:11 +02:00
			`return v as Exclude<typeof v, undefined>;`
feat(cli): :sparkles: Add generate-keys CLI command 2024-10-24 18:18:39 +02:00			`}),`
refactor(plugin): :recycle: Move parts of OpenID logic to plugin 2024-08-29 20:32:04 +02:00			`}),`
			`);`

refactor(api): :recycle: Move token endpoint to OpenID plugin, add revoke endpoint 2024-09-30 13:42:12 +02:00			`// Test hook for screenshots`
refactor(plugin): :recycle: Move parts of OpenID logic to plugin 2024-08-29 20:32:04 +02:00			`plugin.registerHandler(Hooks.Response, (req) => {`
			`console.info("Request received:", req);`
			`return req;`
			`});`
refactor(api): :recycle: Move token endpoint to OpenID plugin, add revoke endpoint 2024-09-30 13:42:12 +02:00
refactor(plugin): :recycle: Move parts of OpenID logic to plugin 2024-08-29 20:32:04 +02:00			`authorizeRoute(plugin);`
refactor(api): :recycle: Move /api/v1/sso to OpenID plugin 2024-09-24 14:42:39 +02:00			`ssoRoute(plugin);`
refactor(api): :recycle: Move all SSO account linking endpoint logic to OpenID plugin 2024-09-25 12:31:35 +02:00			`ssoIdRoute(plugin);`
refactor(api): :recycle: Move token endpoint to OpenID plugin, add revoke endpoint 2024-09-30 13:42:12 +02:00			`tokenRoute(plugin);`
			`tokenRevokeRoute(plugin);`
refactor(plugin): :truck: Move JWKS well-known endpoint to OpenID plugin 2024-10-07 12:52:22 +02:00			`jwksRoute(plugin);`
refactor(plugin): :truck: Move SSO login route to OpenID plugin 2024-10-11 14:39:25 +02:00			`ssoLoginRoute(plugin);`
refactor(plugin): :truck: Move SSO login callback route to OpenID plugin 2024-10-11 15:15:06 +02:00			`ssoLoginCallbackRoute(plugin);`
refactor(plugin): :recycle: Move parts of OpenID logic to plugin 2024-08-29 20:32:04 +02:00
			`export type PluginType = typeof plugin;`
			`export default plugin;`