server/plugins/openid/index.ts

import { Hooks, Plugin } from "@versia/kit";
import chalk from "chalk";
import { z } from "zod";
import authorizeRoute from "./routes/authorize.ts";
import jwksRoute from "./routes/jwks.ts";
import ssoLoginCallbackRoute from "./routes/oauth/callback.ts";
import tokenRevokeRoute from "./routes/oauth/revoke.ts";
import ssoLoginRoute from "./routes/oauth/sso.ts";
import tokenRoute from "./routes/oauth/token.ts";
import ssoIdRoute from "./routes/sso/:id/index.ts";
import ssoRoute from "./routes/sso/index.ts";

const plugin = new Plugin(
    z.object({
        forced: z.boolean().default(false),
        allow_registration: z.boolean().default(true),
        providers: z
            .array(
                z.object({
                    name: z.string().min(1),
                    id: z.string().min(1),
                    url: z.string().min(1),
                    client_id: z.string().min(1),
                    client_secret: z.string().min(1),
                    icon: z.string().min(1).optional(),
                }),
            )
            .default([]),
        keys: z.object({
            public: z.string().transform(async (v) => {
                try {
                    return await crypto.subtle.importKey(
                        "spki",
                        Buffer.from(v, "base64"),
                        "Ed25519",
                        true,
                        ["verify"],
                    );
                } catch {
                    throw new Error(
                        `Public key at keys.public is invalid. Run the ${chalk.bold("generate-keys")} command to generate a new keypair`,
                    );
                }
            }),
            private: z.string().transform(async (v) => {
                try {
                    return await crypto.subtle.importKey(
                        "pkcs8",
                        Buffer.from(v, "base64"),
                        "Ed25519",
                        true,
                        ["sign"],
                    );
                } catch {
                    throw new Error(
                        `Private key at keys.private is invalid. Run the ${chalk.bold("generate-keys")} command to generate a new keypair`,
                    );
                }
            }),
        }),
    }),
);

// Test hook for screenshots
plugin.registerHandler(Hooks.Response, (req) => {
    console.info("Request received:", req);
    return req;
});

authorizeRoute(plugin);
ssoRoute(plugin);
ssoIdRoute(plugin);
tokenRoute(plugin);
tokenRevokeRoute(plugin);
jwksRoute(plugin);
ssoLoginRoute(plugin);
ssoLoginCallbackRoute(plugin);

export type PluginType = typeof plugin;
export default plugin;