chore: migrate oauth to repo (#13211)

2026-03-06 10:07:48 +03:00 · 2024-10-05 22:37:33 +02:00
parent 9d9bf1c88d
commit a5e9adb593
8 changed files with 171 additions and 121 deletions
--- a/server/src/repositories/index.ts
+++ b/server/src/repositories/index.ts
@@ -20,6 +20,7 @@ import { IMetadataRepository } from 'src/interfaces/metadata.interface';
 import { IMetricRepository } from 'src/interfaces/metric.interface';
 import { IMoveRepository } from 'src/interfaces/move.interface';
 import { INotificationRepository } from 'src/interfaces/notification.interface';
+import { IOAuthRepository } from 'src/interfaces/oauth.interface';
 import { IPartnerRepository } from 'src/interfaces/partner.interface';
 import { IPersonRepository } from 'src/interfaces/person.interface';
 import { ISearchRepository } from 'src/interfaces/search.interface';
@@ -56,6 +57,7 @@ import { MetadataRepository } from 'src/repositories/metadata.repository';
 import { MetricRepository } from 'src/repositories/metric.repository';
 import { MoveRepository } from 'src/repositories/move.repository';
 import { NotificationRepository } from 'src/repositories/notification.repository';
+import { OAuthRepository } from 'src/repositories/oauth.repository';
 import { PartnerRepository } from 'src/repositories/partner.repository';
 import { PersonRepository } from 'src/repositories/person.repository';
 import { SearchRepository } from 'src/repositories/search.repository';
@@ -94,6 +96,7 @@ export const repositories = [
  { provide: IMetricRepository, useClass: MetricRepository },
  { provide: IMoveRepository, useClass: MoveRepository },
  { provide: INotificationRepository, useClass: NotificationRepository },
+  { provide: IOAuthRepository, useClass: OAuthRepository },
  { provide: IPartnerRepository, useClass: PartnerRepository },
  { provide: IPersonRepository, useClass: PersonRepository },
  { provide: ISearchRepository, useClass: SearchRepository },
--- a/server/src/repositories/oauth.repository.ts
+++ b/server/src/repositories/oauth.repository.ts
@@ -0,0 +1,73 @@
+import { Inject, Injectable, InternalServerErrorException } from '@nestjs/common';
+import { custom, generators, Issuer } from 'openid-client';
+import { ILoggerRepository } from 'src/interfaces/logger.interface';
+import { IOAuthRepository, OAuthConfig, OAuthProfile } from 'src/interfaces/oauth.interface';
+import { Instrumentation } from 'src/utils/instrumentation';
+
+@Instrumentation()
+@Injectable()
+export class OAuthRepository implements IOAuthRepository {
+  constructor(@Inject(ILoggerRepository) private logger: ILoggerRepository) {
+    this.logger.setContext(OAuthRepository.name);
+  }
+
+  init() {
+    custom.setHttpOptionsDefaults({ timeout: 30_000 });
+  }
+
+  async authorize(config: OAuthConfig, redirectUrl: string) {
+    const client = await this.getClient(config);
+    return client.authorizationUrl({
+      redirect_uri: redirectUrl,
+      scope: config.scope,
+      state: generators.state(),
+    });
+  }
+
+  async getLogoutEndpoint(config: OAuthConfig) {
+    const client = await this.getClient(config);
+    return client.issuer.metadata.end_session_endpoint;
+  }
+
+  async getProfile(config: OAuthConfig, url: string, redirectUrl: string): Promise<OAuthProfile> {
+    const client = await this.getClient(config);
+    const params = client.callbackParams(url);
+    try {
+      const tokens = await client.callback(redirectUrl, params, { state: params.state });
+      return await client.userinfo<OAuthProfile>(tokens.access_token || '');
+    } catch (error: Error | any) {
+      if (error.message.includes('unexpected JWT alg received')) {
+        this.logger.warn(
+          [
+            'Algorithm mismatch. Make sure the signing algorithm is set correctly in the OAuth settings.',
+            'Or, that you have specified a signing key in your OAuth provider.',
+          ].join(' '),
+        );
+      }
+
+      throw error;
+    }
+  }
+
+  private async getClient({
+    issuerUrl,
+    clientId,
+    clientSecret,
+    profileSigningAlgorithm,
+    signingAlgorithm,
+  }: OAuthConfig) {
+    try {
+      const issuer = await Issuer.discover(issuerUrl);
+      return new issuer.Client({
+        client_id: clientId,
+        client_secret: clientSecret,
+        response_types: ['code'],
+        userinfo_signed_response_alg: profileSigningAlgorithm === 'none' ? undefined : profileSigningAlgorithm,
+        id_token_signed_response_alg: signingAlgorithm,
+      });
+    } catch (error: any | AggregateError) {
+      this.logger.error(`Error in OAuth discovery: ${error}`, error?.stack, error?.errors);
+      throw new InternalServerErrorException(`Error in OAuth discovery: ${error}`, { cause: error });
+    }
+  }
+}