37 lines
1.6 KiB
TypeScript
37 lines
1.6 KiB
TypeScript
import type { Client } from 'openid-client';
|
|
import { generators } from 'openid-client';
|
|
import { Request, Response } from 'express';
|
|
|
|
export function setupAuthRoutes(app: any, client: Client, redirectUri: string, scope: string, cookieOptionsBase: any) {
|
|
app.get('/auth/login', (req: Request, res: Response) => {
|
|
const code_verifier = generators.codeVerifier();
|
|
const code_challenge = generators.codeChallenge(code_verifier);
|
|
res.cookie('pkce_verifier', code_verifier, { ...cookieOptionsBase, maxAge: 600000 });
|
|
const authUrl = client.authorizationUrl({ scope, code_challenge, code_challenge_method: 'S256', redirect_uri: redirectUri });
|
|
res.redirect(authUrl);
|
|
});
|
|
|
|
app.get('/auth/callback', async (req: Request, res: Response) => {
|
|
const params = client.callbackParams(req);
|
|
const verifier = req.signedCookies['pkce_verifier'];
|
|
const tokenSet = await client.callback(redirectUri, params, { code_verifier: verifier });
|
|
res.clearCookie('pkce_verifier');
|
|
res.cookie('access_token', tokenSet.access_token, { ...cookieOptionsBase });
|
|
res.cookie('id_token', tokenSet.id_token, { ...cookieOptionsBase });
|
|
res.redirect('/');
|
|
});
|
|
|
|
app.get('/api/userinfo', async (req: Request, res: Response) => {
|
|
const access = req.signedCookies['access_token'];
|
|
if (!access) return res.status(401).json({ error: 'unauthorized' });
|
|
const userinfo = await client.userinfo(access);
|
|
res.json(userinfo);
|
|
});
|
|
|
|
app.post('/auth/logout', (_req: Request, res: Response) => {
|
|
res.clearCookie('access_token');
|
|
res.clearCookie('id_token');
|
|
res.clearCookie('refresh_token');
|
|
res.json({ ok: true });
|
|
});
|
|
}
|