fix: token + redirect

2022-03-16 21:44:57 +05:30 · 2022-03-16 21:44:57 +05:30 · 99b846811a
commit 99b846811a
parent 83001b859c
12 changed files with 65 additions and 32 deletions
--- a/.gitignore
+++ b/.gitignore
@ -11,4 +11,6 @@ data.db
 .DS_Store
 .env.local
 *.tar.gz
-.vscode/
+.vscode/
+.yalc
+yalc.lock
--- a/app/package-lock.json
+++ b/app/package-lock.json
@ -9,7 +9,7 @@
 			"version": "1.0.0",
 			"license": "ISC",
 			"dependencies": {
-				"@authorizerdev/authorizer-react": "latest",
+				"@authorizerdev/authorizer-react": "0.10.0",
 				"@types/react": "^17.0.15",
 				"@types/react-dom": "^17.0.9",
 				"esbuild": "^0.12.17",
@ -24,9 +24,9 @@
 			}
 		},
 		"node_modules/@authorizerdev/authorizer-js": {
-			"version": "0.4.0-beta.3",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-0.4.0-beta.3.tgz",
-			"integrity": "sha512-OGZc6I6cnpi/WkSotkjVIc3LEzl8pFeiohr8+Db9xWd75/oTfOZqWRuIHTnTc1FC+6Sv2EjTJ9Aa6lrloWG+NQ==",
+			"version": "0.5.0",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-0.5.0.tgz",
+			"integrity": "sha512-O7T275ry4fJznQObnjYHPXvOtTtbv91NNFPh/x1jGs5iOC8MWvpnd7lbLvcnKbs0vPnZmFTzEUx8kCW2Z0o9Hg==",
 			"dependencies": {
 				"node-fetch": "^2.6.1"
 			},
@ -35,11 +35,11 @@
 			}
 		},
 		"node_modules/@authorizerdev/authorizer-react": {
-			"version": "0.9.0-beta.7",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-0.9.0-beta.7.tgz",
-			"integrity": "sha512-hCGsVionKMZNk+uD0CLtMIkUzhQqpHbVntko3rY+O7ouOrTrikY/WQVPbo1bqX1cu/6/cHE4RVU3cZ7V5xnxVg==",
+			"version": "0.10.0",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-0.10.0.tgz",
+			"integrity": "sha512-0z/i+ystihxRbqERi984EGV5S9VK95uA2GwjtUfl8pEx7PwrmQYq+iis39kn/fSHDGVkekIHFkm071QDbn4XkQ==",
 			"dependencies": {
-				"@authorizerdev/authorizer-js": "^0.4.0-beta.3",
+				"@authorizerdev/authorizer-js": "^0.5.0",
 				"final-form": "^4.20.2",
 				"react-final-form": "^6.5.3",
 				"styled-components": "^5.3.0"
@ -829,19 +829,19 @@
 	},
 	"dependencies": {
 		"@authorizerdev/authorizer-js": {
-			"version": "0.4.0-beta.3",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-0.4.0-beta.3.tgz",
-			"integrity": "sha512-OGZc6I6cnpi/WkSotkjVIc3LEzl8pFeiohr8+Db9xWd75/oTfOZqWRuIHTnTc1FC+6Sv2EjTJ9Aa6lrloWG+NQ==",
+			"version": "0.5.0",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-0.5.0.tgz",
+			"integrity": "sha512-O7T275ry4fJznQObnjYHPXvOtTtbv91NNFPh/x1jGs5iOC8MWvpnd7lbLvcnKbs0vPnZmFTzEUx8kCW2Z0o9Hg==",
 			"requires": {
 				"node-fetch": "^2.6.1"
 			}
 		},
 		"@authorizerdev/authorizer-react": {
-			"version": "0.9.0-beta.7",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-0.9.0-beta.7.tgz",
-			"integrity": "sha512-hCGsVionKMZNk+uD0CLtMIkUzhQqpHbVntko3rY+O7ouOrTrikY/WQVPbo1bqX1cu/6/cHE4RVU3cZ7V5xnxVg==",
+			"version": "0.10.0",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-0.10.0.tgz",
+			"integrity": "sha512-0z/i+ystihxRbqERi984EGV5S9VK95uA2GwjtUfl8pEx7PwrmQYq+iis39kn/fSHDGVkekIHFkm071QDbn4XkQ==",
 			"requires": {
-				"@authorizerdev/authorizer-js": "^0.4.0-beta.3",
+				"@authorizerdev/authorizer-js": "^0.5.0",
 				"final-form": "^4.20.2",
 				"react-final-form": "^6.5.3",
 				"styled-components": "^5.3.0"
--- a/app/package.json
+++ b/app/package.json
@ -11,7 +11,7 @@
 	"author": "Lakhan Samani",
 	"license": "ISC",
 	"dependencies": {
-		"@authorizerdev/authorizer-react": "latest",
+		"@authorizerdev/authorizer-react": "0.10.0",
 		"@types/react": "^17.0.15",
 		"@types/react-dom": "^17.0.9",
 		"esbuild": "^0.12.17",
--- a/server/db/models/user.go
+++ b/server/db/models/user.go
@ -32,6 +32,9 @@ type User struct {
 func (user *User) AsAPIUser() *model.User {
 	isEmailVerified := user.EmailVerifiedAt != nil
 	isPhoneVerified := user.PhoneNumberVerifiedAt != nil
+	email := user.Email
+	createdAt := user.CreatedAt
+	updatedAt := user.UpdatedAt
 	return &model.User{
 		ID:                  user.ID,
 		Email:               user.Email,
@ -41,14 +44,14 @@ func (user *User) AsAPIUser() *model.User {
 		FamilyName:          user.FamilyName,
 		MiddleName:          user.MiddleName,
 		Nickname:            user.Nickname,
-		PreferredUsername:   &user.Email,
+		PreferredUsername:   &email,
 		Gender:              user.Gender,
 		Birthdate:           user.Birthdate,
 		PhoneNumber:         user.PhoneNumber,
 		PhoneNumberVerified: &isPhoneVerified,
 		Picture:             user.Picture,
 		Roles:               strings.Split(user.Roles, ","),
-		CreatedAt:           &user.CreatedAt,
-		UpdatedAt:           &user.UpdatedAt,
+		CreatedAt:           &createdAt,
+		UpdatedAt:           &updatedAt,
 	}
 }
--- a/server/db/models/verification_requests.go
+++ b/server/db/models/verification_requests.go
@ -17,15 +17,23 @@ type VerificationRequest struct {
 }

 func (v *VerificationRequest) AsAPIVerificationRequest() *model.VerificationRequest {
+	token := v.Token
+	createdAt := v.CreatedAt
+	updatedAt := v.UpdatedAt
+	email := v.Email
+	nonce := v.Nonce
+	redirectURI := v.RedirectURI
+	expires := v.ExpiresAt
+	identifier := v.Identifier
 	return &model.VerificationRequest{
 		ID:          v.ID,
-		Token:       &v.Token,
-		Identifier:  &v.Identifier,
-		Expires:     &v.ExpiresAt,
-		CreatedAt:   &v.CreatedAt,
-		UpdatedAt:   &v.UpdatedAt,
-		Email:       &v.Email,
-		Nonce:       &v.Nonce,
-		RedirectURI: &v.RedirectURI,
+		Token:       &token,
+		Identifier:  &identifier,
+		Expires:     &expires,
+		CreatedAt:   &createdAt,
+		UpdatedAt:   &updatedAt,
+		Email:       &email,
+		Nonce:       &nonce,
+		RedirectURI: &redirectURI,
 	}
 }
--- a/server/graph/generated/generated.go
+++ b/server/graph/generated/generated.go
@ -1358,6 +1358,7 @@ input SignUpInput {
 	confirm_password: String!
 	roles: [String!]
 	scope: [String!]
+	redirect_uri: String
 }

 input LoginInput {
@ -7415,6 +7416,14 @@ func (ec *executionContext) unmarshalInputSignUpInput(ctx context.Context, obj i
 			if err != nil {
 				return it, err
 			}
+		case "redirect_uri":
+			var err error
+
+			ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("redirect_uri"))
+			it.RedirectURI, err = ec.unmarshalOString2ᚖstring(ctx, v)
+			if err != nil {
+				return it, err
+			}
 		}
 	}

--- a/server/graph/model/models_gen.go
+++ b/server/graph/model/models_gen.go
@ -159,6 +159,7 @@ type SignUpInput struct {
 	ConfirmPassword string   `json:"confirm_password"`
 	Roles           []string `json:"roles"`
 	Scope           []string `json:"scope"`
+	RedirectURI     *string  `json:"redirect_uri"`
 }

 type UpdateEnvInput struct {
--- a/server/graph/schema.graphqls
+++ b/server/graph/schema.graphqls
@ -182,6 +182,7 @@ input SignUpInput {
 	confirm_password: String!
 	roles: [String!]
 	scope: [String!]
+	redirect_uri: String
 }

 input LoginInput {
--- a/server/handlers/authorize.go
+++ b/server/handlers/authorize.go
@ -1,6 +1,7 @@
 package handlers

 import (
+	"fmt"
 	"net/http"
 	"strconv"
 	"strings"
@ -50,6 +51,8 @@ func AuthorizeHandler() gin.HandlerFunc {
 			gc.JSON(400, gin.H{"error": "invalid response mode"})
 		}

+		fmt.Println("=> redirect URI:", redirectURI)
+		fmt.Println("=> state:", state)
 		if redirectURI == "" {
 			redirectURI = "/app"
 		}
--- a/server/handlers/oauth_login.go
+++ b/server/handlers/oauth_login.go
@ -16,7 +16,11 @@ import (
 func OAuthLoginHandler() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		hostname := utils.GetHost(c)
+		// deprecating redirectURL instead use redirect_uri
 		redirectURI := strings.TrimSpace(c.Query("redirectURL"))
+		if redirectURI == "" {
+			redirectURI = strings.TrimSpace(c.Query("redirect_uri"))
+		}
 		roles := strings.TrimSpace(c.Query("roles"))
 		state := strings.TrimSpace(c.Query("state"))
 		scopeString := strings.TrimSpace(c.Query("scope"))
--- a/server/handlers/token.go
+++ b/server/handlers/token.go
@ -110,8 +110,6 @@ func TokenHandler() gin.HandlerFunc {
 				return
 			}

-			// rollover the session for security
-			sessionstore.RemoveState(sessionDataSplit[1])
 			// validate session
 			claims, err := token.ValidateBrowserSession(gc, sessionDataSplit[1])
 			if err != nil {
@ -121,6 +119,8 @@ func TokenHandler() gin.HandlerFunc {
 				})
 				return
 			}
+			// rollover the session for security
+			sessionstore.RemoveState(sessionDataSplit[1])
 			userID = claims.Subject
 			roles = claims.Roles
 			scope = claims.Scope
--- a/server/resolvers/update_user.go
+++ b/server/resolvers/update_user.go
@ -154,6 +154,8 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
 		return res, err
 	}

+	createdAt := user.CreatedAt
+	updatedAt := user.UpdatedAt
 	res = &model.User{
 		ID:         params.ID,
 		Email:      user.Email,
@ -161,8 +163,8 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
 		GivenName:  user.GivenName,
 		FamilyName: user.FamilyName,
 		Roles:      strings.Split(user.Roles, ","),
-		CreatedAt:  &user.CreatedAt,
-		UpdatedAt:  &user.UpdatedAt,
+		CreatedAt:  &createdAt,
+		UpdatedAt:  &updatedAt,
 	}
 	return res, nil
 }