versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2026-03-13 22:09:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor(api): ♻️ Move all SSO account linking endpoint logic to OpenID plugin

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-09-25 12:31:35 +02:00
parent 6d4b4eb13b
commit 74ec563ba5
No known key found for this signature in database
9 changed files with 267 additions and 286 deletions
Download patch file Download diff file Expand all files Collapse all files

50
api/api/v1/sso/:id/index.test.ts
View file

@ -1,50 +0,0 @@
import { afterAll, describe, expect, test } from "bun:test";
import { fakeRequest, getTestUsers } from "~/tests/utils";
import { meta } from "./index";
const { deleteUsers, tokens } = await getTestUsers(1);
afterAll(async () => {
await deleteUsers();
});
// /api/v1/sso/:id
describe(meta.route, () => {
test("should not find unknown issuer", async () => {
const response = await fakeRequest(
meta.route.replace(":id", "unknown"),
{
method: "GET",
headers: {
Authorization: `Bearer ${tokens[0]?.accessToken}`,
},
},
);
expect(response.status).toBe(404);
expect(await response.json()).toMatchObject({
error: "Issuer not found",
});
const response2 = await fakeRequest(
meta.route.replace(":id", "unknown"),
{
method: "DELETE",
headers: {
Authorization: `Bearer ${tokens[0]?.accessToken}`,
"Content-Type": "application/json",
},
},
);
expect(response2.status).toBe(404);
expect(await response2.json()).toMatchObject({
error: "Issuer not found",
});
});
/*
Unfortunately, we cannot test actual linking, as it requires a valid OpenID provider
setup in config, which we don't have in tests
*/
});

189
api/api/v1/sso/:id/index.ts
View file

@ -1,189 +0,0 @@
import { apiRoute, applyConfig, auth } from "@/api";
import { proxyUrl } from "@/response";
import { createRoute } from "@hono/zod-openapi";
import { eq } from "drizzle-orm";
import { z } from "zod";
import { db } from "~/drizzle/db";
import { OpenIdAccounts, RolePermissions } from "~/drizzle/schema";
import { config } from "~/packages/config-manager";
import { ErrorSchema } from "~/types/api";
export const meta = applyConfig({
allowedMethods: ["GET", "DELETE"],
auth: {
required: true,
},
ratelimits: {
duration: 60,
max: 20,
},
route: "/api/v1/sso/:id",
permissions: {
required: [RolePermissions.OAuth],
},
});
export const schemas = {
param: z.object({
id: z.string(),
}),
};
const routeGet = createRoute({
method: "get",
path: "/api/v1/sso/{id}",
summary: "Get linked account",
middleware: [auth(meta.auth, meta.permissions)],
request: {
params: schemas.param,
},
responses: {
200: {
description: "Linked account",
content: {
"application/json": {
schema: z.object({
id: z.string(),
name: z.string(),
icon: z.string().optional(),
}),
},
},
},
401: {
description: "Unauthorized",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
404: {
description: "Account not found",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
const routeDelete = createRoute({
method: "delete",
path: "/api/v1/sso/{id}",
summary: "Unlink account",
middleware: [auth(meta.auth, meta.permissions)],
request: {
params: schemas.param,
},
responses: {
204: {
description: "Account unlinked",
},
401: {
description: "Unauthorized",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
404: {
description: "Account not found",
content: {
"application/json": {
schema: ErrorSchema,
},
},
},
},
});
export default apiRoute((app) => {
app.openapi(routeGet, async (context) => {
const { id: issuerId } = context.req.valid("param");
const { user } = context.get("auth");
if (!user) {
return context.json({ error: "Unauthorized" }, 401);
}
// Check if issuer exists
const issuer = config.oidc.providers.find(
(provider) => provider.id === issuerId,
);
if (!issuer) {
return context.json({ error: "Issuer not found" }, 404);
}
// Get all linked accounts
const account = await db.query.OpenIdAccounts.findFirst({
where: (account, { eq, and }) =>
and(
eq(account.userId, account.id),
eq(account.issuerId, issuerId),
),
});
if (!account) {
return context.json(
{
error: "Account not found or is not linked to this issuer",
},
404,
);
}
return context.json(
{
id: issuer.id,
name: issuer.name,
icon: proxyUrl(issuer.icon) || undefined,
},
200,
);
});
app.openapi(routeDelete, async (context) => {
const { id: issuerId } = context.req.valid("param");
const { user } = context.get("auth");
if (!user) {
return context.json({ error: "Unauthorized" }, 401);
}
// Check if issuer exists
const issuer = config.oidc.providers.find(
(provider) => provider.id === issuerId,
);
if (!issuer) {
return context.json({ error: "Issuer not found" }, 404);
}
const account = await db.query.OpenIdAccounts.findFirst({
where: (account, { eq, and }) =>
and(
eq(account.userId, user.id),
eq(account.issuerId, issuerId),
),
});
if (!account) {
return context.json(
{
error: "Account not found or is not linked to this issuer",
},
404,
);
}
await db
.delete(OpenIdAccounts)
.where(eq(OpenIdAccounts.id, account.id));
return context.newResponse(null, 204);
});
});