server/utils/oauth.ts

import type { Application } from "@prisma/client";

/**
 * Check if an OAuth application is valid for a route
 * @param application The OAuth application
 * @param routeScopes The scopes required for the route
 * @returns Whether the OAuth application is valid for the route
 */
export const checkIfOauthIsValid = (
	application: Application,
	routeScopes: string[]
) => {
	if (routeScopes.length === 0) {
		return true;
	}

	const hasAllWriteScopes =
		application.scopes.split(" ").includes("write:*") ||
		application.scopes.split(" ").includes("write");

	const hasAllReadScopes =
		application.scopes.split(" ").includes("read:*") ||
		application.scopes.split(" ").includes("read");

	if (hasAllWriteScopes && hasAllReadScopes) {
		return true;
	}

	let nonMatchedScopes = routeScopes;

	if (hasAllWriteScopes) {
		// Filter out all write scopes as valid
		nonMatchedScopes = routeScopes.filter(
			scope => !scope.startsWith("write:")
		);
	}

	if (hasAllReadScopes) {
		// Filter out all read scopes as valid
		nonMatchedScopes = routeScopes.filter(
			scope => !scope.startsWith("read:")
		);
	}

	// If there are still scopes left, check if they match
	// If there are no scopes left, return true
	if (nonMatchedScopes.length === 0) {
		return true;
	}

	// If there are scopes left, check if they match
	if (
		nonMatchedScopes.every(scope =>
			application.scopes.split(" ").includes(scope)
		)
	) {
		return true;
	}

	return false;
};

export const oauthCodeVerifiers: Record<string, string> = {};
Enable verbatim module syntax + more API routes 2023-11-23 05:10:37 +01:00			`import type { Application } from "@prisma/client";`
Add new oauth matching function with tests for it 2023-11-22 05:16:31 +01:00
			`/**`
			`* Check if an OAuth application is valid for a route`
			`* @param application The OAuth application`
			`* @param routeScopes The scopes required for the route`
			`* @returns Whether the OAuth application is valid for the route`
			`*/`
			`export const checkIfOauthIsValid = (`
			`application: Application,`
			`routeScopes: string[]`
			`) => {`
			`if (routeScopes.length === 0) {`
			`return true;`
			`}`

			`const hasAllWriteScopes =`
			`application.scopes.split(" ").includes("write:*") \|\|`
			`application.scopes.split(" ").includes("write");`

			`const hasAllReadScopes =`
			`application.scopes.split(" ").includes("read:*") \|\|`
			`application.scopes.split(" ").includes("read");`

			`if (hasAllWriteScopes && hasAllReadScopes) {`
			`return true;`
			`}`

			`let nonMatchedScopes = routeScopes;`

			`if (hasAllWriteScopes) {`
			`// Filter out all write scopes as valid`
			`nonMatchedScopes = routeScopes.filter(`
			`scope => !scope.startsWith("write:")`
			`);`
			`}`

			`if (hasAllReadScopes) {`
			`// Filter out all read scopes as valid`
			`nonMatchedScopes = routeScopes.filter(`
			`scope => !scope.startsWith("read:")`
			`);`
			`}`

			`// If there are still scopes left, check if they match`
			`// If there are no scopes left, return true`
			`if (nonMatchedScopes.length === 0) {`
			`return true;`
			`}`

			`// If there are scopes left, check if they match`
			`if (`
			`nonMatchedScopes.every(scope =>`
			`application.scopes.split(" ").includes(scope)`
			`)`
			`) {`
			`return true;`
			`}`

			`return false;`
			`};`
Add full OpenID connect provider support 2023-12-06 23:10:22 +01:00
			`export const oauthCodeVerifiers: Record<string, string> = {};`