ljj
/
Hydro
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
training-maintainer
contest-virtual-scroll
disable_tfa
scoreboard_ui
flexsearch
milkdown
next
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7d7b08ecf1'
${ noResults }
Hydro/packages/login-with-github/index.ts

83 lines
2.9 KiB
TypeScript
Raw Blame History

import {
Context, ForbiddenError, Handler, superagent, SystemModel,
TokenModel, UserFacingError, ValidationError,
} from 'hydrooj';
declare module 'hydrooj' {
interface SystemKeys {
'login-with-github.id': string;
'login-with-github.secret': string;
'login-with-github.endpoint': string;
}
}
async function get(this: Handler) {
const [appid, [state]] = await Promise.all([
SystemModel.get('login-with-github.id'),
TokenModel.add(TokenModel.TYPE_OAUTH, 600, { redirect: this.request.referer }),
]);
this.response.redirect = `https://github.com/login/oauth/authorize?client_id=${appid}&state=${state}&scope=read:user,user:email`;
}
async function callback({ state, code }) {
const [[appid, secret, endpoint, url], s] = await Promise.all([
SystemModel.getMany([
'login-with-github.id',
'login-with-github.secret',
'login-with-github.endpoint',
'server.url',
]),
TokenModel.get(state, TokenModel.TYPE_OAUTH),
]);
if (!s) throw new ValidationError('token');
const res = await superagent.post(`${endpoint || 'https://github.com'}/login/oauth/access_token`)
.send({
client_id: appid,
client_secret: secret,
code,
redirect_uri: `${url}oauth/github/callback`,
state,
})
.set('accept', 'application/json');
if (res.body.error) {
throw new UserFacingError(
res.body.error, res.body.error_description, res.body.error_uri,
);
}
const t = res.body.access_token;
const userInfo = await superagent.get(`${endpoint ? `${endpoint}/api` : 'https://api.github.com'}/user`)
.set('User-Agent', 'Hydro-OAuth')
.set('Accept', 'application/vnd.github.v3+json')
.set('Authorization', `token ${t}`);
const ret = {
_id: `${userInfo.body.id}@github.local`,
email: userInfo.body.email,
bio: userInfo.body.bio,
uname: [userInfo.body.name, userInfo.body.login].filter((i) => i),
avatar: `github:${userInfo.body.login}`,
};
if (!ret.email) {
const emailInfo = await superagent.get(`${endpoint ? `${endpoint}/api` : 'https://api.github.com'}/user/emails`)
.set('User-Agent', 'Hydro-OAuth')
.set('Accept', 'application/vnd.github.v3+json')
.set('Authorization', `token ${t}`);
if (emailInfo.body.length) {
ret.email = emailInfo.body.find((e) => e.primary && e.verified).email;
}
}
await TokenModel.del(s._id, TokenModel.TYPE_OAUTH);
if (!ret.email) throw new ForbiddenError("You don't have a verified email.");
return ret;
}
export function apply(ctx: Context) {
ctx.provideModule('oauth', 'github', {
text: 'Login with Github',
callback,
get,
});
ctx.i18n.load('zh', {
'Login With Github': '使用 Github 登录',
});
}
Reference in New Issue View Git Blame Copy Permalink