feat: auth and redirect landing create user

2023-07-23 18:27:49 +00:00 · 2023-07-23 18:27:49 +00:00 · ef6646e004
parent f742acd6f9
commit ef6646e004
4 changed files with 109 additions and 16 deletions
--- a/src/main/resources/out.css
+++ b/src/main/resources/out.css
@ -623,3 +623,7 @@ video {
  --tw-text-opacity: 1;
  color: rgb(37 99 235 / var(--tw-text-opacity));
 }
+
+.filter {
+  filter: var(--tw-blur) var(--tw-brightness) var(--tw-contrast) var(--tw-grayscale) var(--tw-hue-rotate) var(--tw-invert) var(--tw-saturate) var(--tw-sepia) var(--tw-drop-shadow);
+}
--- a/src/main/scala/example/AuthService.scala
+++ b/src/main/scala/example/AuthService.scala
@ -2,6 +2,8 @@ package example

 import AuthService._
 import example.pocketbase.Api
+import upickle.default._
+import example.pocketbase.Models._

 case class AuthService()(implicit cc: castor.Context, log: cask.Logger)
    extends cask.Routes {
@ -23,14 +25,18 @@ case class AuthService()(implicit cc: castor.Context, log: cask.Logger)
  @cask.get("/login")
  def getLoginPage() = {
    // render auth page with the available oauth providers
-    val authOptions = pocketbaseApi.listAuthMethods().authProviders
+    val authOptions = pocketbaseApi.listAuthMethods()

    val options = s"got following auth opitons: $authOptions"
    // save states and verifiers into cookie

-    val githubOption = authOptions.find(_.name == "github")
+    val oauthVerificationCookie = authOptions.toOauthCookieInfo()
+    val yoyo = write(oauthVerificationCookie)

-    val githubRedirect = githubOption.map(_.authUrl).getOrElse("") ++ getRedirectUrl("github")
+    val githubOption = authOptions.authProviders.find(_.name == "github")
+
+    val githubRedirect =
+      githubOption.map(_.authUrl).getOrElse("") ++ getRedirectUrl("github")

    val html = s"""
 <h1>good enough, right</h1>
@ -41,12 +47,59 @@ case class AuthService()(implicit cc: castor.Context, log: cask.Logger)
    cask.Response(
      html,
      headers = Seq("Content-Type" -> "text/html;charset=UTF-8"),
+      cookies = Seq(cask.Cookie(name = oauthVerifiersCookieName, value = yoyo))
    )
+
  }

+  /** @oauthVerifiers
+    *   \- required cookie from start of oauth initialization cask will fail
+    *   request if this is not present
+    */
  @cask.get(s"${baseRedirectUrl}/:provider")
-  def receiveOauthRedirect(provider: String, state: String, code: String) = {
-    println(s"received redirect for $provider with state: $state and code: $code")
+  def receiveOauthRedirect(
+      provider: String,
+      state: String,
+      code: String,
+      request: cask.Request
+  ) = {
+    println(
+      s"received redirect for $provider with state: $state and code: $code"
+    )
+
+    val authVerifierOpt = request.cookies
+      .get(oauthVerifiersCookieName)
+      .map(cookie => read[OauthInfoCookie](cookie.value))
+      .flatMap(_.providersVerification.find(_.name == provider))
+
+    val resultOpt = for {
+      authVerifier <- authVerifierOpt
+      _ <- Some(()).filter(_ => state == authVerifier.state)
+      pocketbaseAuthResult <- pocketbaseApi
+        .authWithOauth(
+          provider = provider,
+          code = code,
+          verifier = authVerifier.codeVerifier,
+          redirectUrl = getRedirectUrl(provider)
+        )
+        .toOption
+    } yield pocketbaseAuthResult
+
+    val okMessageFirst = resultOpt match {
+      case None =>
+        // i guess with the SSR i'll need to return message about unsuccessful auth?
+        s"""
+<h1>Auth unsuccessful</h1>
+"""
+      case Some(result) =>
+        // this is already fully successful auth
+        s"""
+<h1>Ok, good</h1>
+<p>user should be already created, current jwt : ${result.token}</p>
+<p>the account is on ${result.record.email} and ${result.record.username}</p>
+"""
+    }
+
    /*
     *
     get provider from path param, get verifiers and state from cookie,
@ -59,7 +112,18 @@ and delete the state\verifiers cookie
 but then what? i guess call for redirect to root page again?
 which should trigger auth check and main page render?
     */
-    s"received redirect for $provider with state: $state and code: $code"
+    import java.time.Instant
+    cask.Response(
+      okMessageFirst,
+      headers = Seq("Content-Type" -> "text/html;charset=UTF-8"),
+      cookies = Seq(
+        cask.Cookie(
+          name = oauthVerifiersCookieName,
+          value = "",
+          expires = Instant.now()
+        )
+      )
+    )
  }

  initialize()
@ -67,6 +131,12 @@ which should trigger auth check and main page render?

 object AuthService {
  val authCookieName = "auth"
+  // this is to share info between /auth page and /redirect-landing
+  // can be improved by generating same state and codeVerifier for all oauth links
+  // and can also be stored purely on the backend - a tad more secure, i guess
+  // but if cookie is under https, should be ok
+  val oauthVerifiersCookieName = "oauthVerifiers"
+
  val pocketbaseApi = Api("http://127.0.0.1:8090")
  val selfUri = "http://127.0.0.1:8080"

--- a/src/main/scala/example/pocketbase/Api.scala
+++ b/src/main/scala/example/pocketbase/Api.scala
@ -47,7 +47,7 @@ final case class Api(pocketbaseUrl: String, usersCollection: String = "users") {
        "provider" -> provider,
        "code" -> code,
        "codeVerifier" -> verifier,
-        "redirectUri" -> redirectUrl
+        "redirectUrl" -> redirectUrl
      )
    )

--- a/src/main/scala/example/pocketbase/Models.scala
+++ b/src/main/scala/example/pocketbase/Models.scala
@ -4,6 +4,22 @@ import upickle.default._

 object Models {

+  final case class AvailableAuthMethods(
+    usernamePassword: Boolean,
+    emailPassword: Boolean,
+    authProviders: List[AuthProviderInfo]
+  ) derives ReadWriter {
+    def toOauthCookieInfo() = OauthInfoCookie(
+      providersVerification = authProviders.map(provider =>
+        AuthProviderVerification(
+          name = provider.name,
+          state = provider.state,
+          codeVerifier = provider.codeVerifier
+        )
+      )
+    )
+  }
+
  final case class AuthProviderInfo(
    name: String,
    state: String,
@ -13,12 +29,15 @@ object Models {
    authUrl: String
  ) derives ReadWriter

-  final case class AvailableAuthMethods(
-    usernamePassword: Boolean,
-    emailPassword: Boolean,
-    authProviders: List[AuthProviderInfo]
+  final case class OauthInfoCookie(
+    providersVerification: List[AuthProviderVerification]
  ) derives ReadWriter

+  final case class AuthProviderVerification(
+    name: String,
+    state: String,
+    codeVerifier: String,
+  ) derives ReadWriter

  // auth methods
  /*
@ -39,6 +58,11 @@ object Models {
   *
   */

+  final case class AuthReply(
+    token: String,
+    record: BaseAccountData
+  ) derives ReadWriter
+
  final case class BaseAccountData(
    id: String,
    collectionId: String,
@ -51,11 +75,6 @@ object Models {
    emailVisibility: Boolean
  ) derives ReadWriter

-  final case class AuthReply(
-    token: String,
-    record: BaseAccountData
-  ) derives ReadWriter
-
  // auth reply
  /*
   *