removed oAuth endpoint from dispatch, started oAuth endpoints for moodle

2025-02-25 23:23:18 +01:00
parent 4c35257cf0
commit b81bab1dc2
7 changed files with 137 additions and 182 deletions
--- a/apps/hub/app/api/auth/accessToken/route.ts
+++ b/apps/hub/app/api/auth/accessToken/route.ts
@@ -1,28 +1,48 @@
-import { PrismaClient } from '@repo/db';
-import { NextRequest, NextResponse } from 'next/server';
-import { sign } from 'jsonwebtoken';
+import { prisma, PrismaClient } from "@repo/db";
+import { NextRequest, NextResponse } from "next/server";
+import { sign } from "jsonwebtoken";

 export const GET = async (req: NextRequest) => {
-  const client = new PrismaClient();
-  const accessToken = req.nextUrl.searchParams.get('token');
-  if (!accessToken)
-    return new Response('No access token provided', { status: 400 });
-  const accessRequest = await client.oAuthToken.findFirst({
-    where: {
-      accessToken: accessToken,
-    },
-    include: {
-      user: true,
-    },
-  });
-  if (!accessRequest)
-    return new Response('Access token not found', { status: 404 });
+	const client = new PrismaClient();
+	const accessToken =
+		req.nextUrl.searchParams.get("token") ||
+		req.nextUrl.searchParams.get("code");
+	const client_id = req.nextUrl.searchParams.get("client_id");
+	const client_secret = req.nextUrl.searchParams.get("client_secret");

-  const jwt = sign(accessRequest.user, process.env.NEXTAUTH_SECRET as string, {
-    expiresIn: '30d',
-  });
-  return Response.json({
-    user: accessRequest.user,
-    jwt,
-  });
+	if (!accessToken)
+		return new Response("No access token provided", { status: 400 });
+
+	if (!client_id)
+		return new Response("No client ID token provided", { status: 400 });
+
+	const accessRequest = await client.oAuthToken.findFirst({
+		where: {
+			accessToken: accessToken,
+			clientId: client_id,
+		},
+		include: {
+			user: true,
+		},
+	});
+	if (!accessRequest)
+		return new Response("Access token not found", { status: 404 });
+
+	if (new Date().getTime() - accessRequest?.createdAt.getTime() > 60 * 1000) {
+		await prisma.oAuthToken.delete({
+			where: {
+				id: accessRequest.id,
+			},
+		});
+		return new Response("Code expired", { status: 400 });
+	}
+
+	const jwt = sign(accessRequest.user, process.env.NEXTAUTH_SECRET as string, {
+		expiresIn: "30d",
+	});
+
+	return Response.json({
+		user: accessRequest.user,
+		jwt,
+	});
 };
--- a/apps/hub/app/api/user/route.ts
+++ b/apps/hub/app/api/user/route.ts
@@ -0,0 +1,21 @@
+import { NextRequest, NextResponse } from "next/server";
+import { getServerSession } from "../auth/[...nextauth]/auth";
+import { prisma } from "@repo/db";
+
+export const GET = async (req: NextRequest) => {
+	const session = await getServerSession();
+	if (!session) {
+		return {
+			status: 401,
+			body: "Unauthorized",
+		};
+	}
+
+	const user = await prisma.user.findUnique({
+		where: {
+			id: session.user.id,
+		},
+	});
+
+	return NextResponse.json(user);
+};