Desktop oAuth integration

Co-authored-by: RagingLightning <RagingLightningCode@gmail.com>

apps/hub/app/api/auth/accessToken/route.ts

@@ -1,60 +1,83 @@
-import { prisma, PrismaClient } from "@repo/db";
-import { NextRequest, NextResponse } from "next/server";
+import { NextRequest } from "next/server";
 import { sign } from "jsonwebtoken";
-import { services } from "../../../(auth)/oauth/page";
+import { services } from "(auth)/oauth/page";
+import { prisma } from "@repo/db";
 
 export const POST = async (req: NextRequest) => {
-	const form = new URLSearchParams(await req.text());
-	const client = new PrismaClient();
-	const accessToken = form.get("token") || form.get("code");
-	const clientId = form.get("client_id");
-	const clientSecret = form.get("client_secret");
+	try {
+		if (
+			!req.headers
+				.get("content-type")
+				?.includes("application/x-www-form-urlencoded")
+		) {
+			return new Response("Unsupported Content-Type", { status: 415 });
+		}
 
-	const service = services.find((s) => s.id === clientId);
+		const form = new URLSearchParams(await req.text());
+		const accessToken = form.get("token") || form.get("code");
+		const clientId = form.get("client_id");
+		const clientSecret = form.get("client_secret");
 
-	if (!accessToken)
-		return new Response("No access token provided", { status: 400 });
+		if (!accessToken) {
+			console.log("No access token provided", accessToken);
+			return new Response("No access token provided", { status: 400 });
+		}
 
-	if (!clientId)
-		return new Response("No client ID token provided", { status: 400 });
+		if (!clientId) {
+			console.log("No client ID provided", clientId);
+			return new Response("No client ID provided", { status: 400 });
+		}
 
-	const accessRequest = await client.oAuthToken.findFirst({
-		where: {
-			accessToken: accessToken,
-			clientId: clientId,
-		},
-		include: {
-			user: true,
-		},
-	});
+		const service = services.find((s) => s.id === clientId);
 
-	if (!service || service.secret !== clientSecret)
-		return new Response("Invalid client ID or secret", { status: 400 });
+		if (!service || service.secret !== clientSecret) {
+			console.log("Invalid client ID or secret", clientId, clientSecret);
+			return new Response("Invalid client credentials", { status: 401 });
+		}
 
-	if (!accessRequest)
-		return new Response("Access token not found", { status: 404 });
-
-	if (new Date().getTime() - accessRequest?.createdAt.getTime() > 60 * 1000) {
-		await prisma.oAuthToken.delete({
+		const accessRequest = await prisma.oAuthToken.findFirst({
 			where: {
-				id: accessRequest.id,
+				accessToken: accessToken,
+				clientId: clientId,
+			},
+			include: {
+				user: true,
 			},
 		});
-		return new Response("Code expired", { status: 400 });
+
+		if (!accessRequest) {
+			console.log("Access token not found", accessToken);
+			return new Response("Access token not found", { status: 404 });
+		}
+
+		if (new Date().getTime() - accessRequest.createdAt.getTime() > 60 * 1000) {
+			await prisma.oAuthToken.delete({
+				where: {
+					id: accessRequest.id,
+				},
+			});
+			console.log("Code expired", accessRequest.id);
+			return new Response("Code expired", { status: 410 });
+		}
+
+		const jwt = sign(
+			{
+				...accessRequest.user,
+			},
+			process.env.NEXTAUTH_SECRET as string,
+			{
+				expiresIn: "30d",
+			},
+		);
+
+		return Response.json({
+			access_token: jwt,
+			token_type: "Bearer",
+		});
+	} catch (error) {
+		console.error("Error in accessToken route:", error);
+		return new Response((error as Error).message || "Internal Server Error", {
+			status: 500,
+		});
 	}
-
-	const jwt = sign(
-		{
-			...accessRequest.user,
-		},
-		process.env.NEXTAUTH_SECRET as string,
-		{
-			expiresIn: "30d",
-		},
-	);
-
-	return Response.json({
-		access_token: jwt,
-		token_type: "Bearer",
-	});
 };