fixup! Twitch authentication

Perdolique · Sep 3, 2024 · abadc93 · abadc93
1 parent 8d9c242
commit abadc93
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 18 deletions.
diff --git a/server/api/oauth/twitch/index.get.ts b/server/api/oauth/twitch/index.get.ts
@@ -1,5 +1,4 @@
 import { consola } from 'consola'
-import { joinURL } from 'ufo'
 
 export default defineEventHandler(async (event) => {
   // TODO (#102): Check if the user is already logged in and linked their account
@@ -17,8 +16,7 @@ export default defineEventHandler(async (event) => {
   }
 
   const authUrl = new URL('https://id.twitch.tv/oauth2/authorize')
-  const url = getRequestURL(event)
-  const redirectUri = joinURL(url.origin, '/auth/twitch')
+  const redirectUri = getTwitchRedirectUri(event)
 
   // TODO (#103): Add `state` to prevent CSRF attacks
   // https://dev.twitch.tv/docs/authentication/getting-tokens-oauth/#use-the-authorization-code-to-get-a-token

diff --git a/server/api/oauth/twitch/index.post.ts b/server/api/oauth/twitch/index.post.ts
@@ -9,7 +9,7 @@ function validateBody(body: unknown) {
 
 export default defineEventHandler(async (event) => {
   const { code } = await readValidatedBody(event, validateBody)
-  const token = await getTwitchOAuthToken(code)
+  const token = await getTwitchOAuthToken(event, code)
   const { id: twitchAccountId } = await getTwitchUserInfo(token)
   const currentUser = await getSessionUser(event)
 

diff --git a/server/utils/providers/twitch.ts b/server/utils/providers/twitch.ts
@@ -1,11 +1,24 @@
+import { H3Event } from 'h3'
 import consola from 'consola'
-import { TwitchOAuthTokenResponse, TwitchUser, TwitchUsersResponse } from '~/models/twitch'
+import { joinURL } from 'ufo'
 
-export async function getTwitchOAuthToken(code: string) : Promise<string> {
+import {
+  TwitchOAuthTokenResponse,
+  TwitchUser,
+  TwitchUsersResponse
+} from '~/models/twitch'
+
+export function getTwitchRedirectUri(event: H3Event) : string {
+  const url = getRequestURL(event)
+  const redirectUri = joinURL(url.origin, '/auth/twitch')
+
+  return redirectUri
+}
+
+export async function getTwitchOAuthToken(event: H3Event, code: string) : Promise<string> {
   const {
     OAUTH_TWITCH_CLIENT_ID,
-    OAUTH_TWITCH_CLIENT_SECRET,
-    OAUTH_TWITCH_REDIRECT_URI
+    OAUTH_TWITCH_CLIENT_SECRET
   } = process.env
 
   if (OAUTH_TWITCH_CLIENT_ID === undefined) {
@@ -26,16 +39,9 @@ export async function getTwitchOAuthToken(code: string) : Promise<string> {
     })
   }
 
-  if (OAUTH_TWITCH_REDIRECT_URI === undefined) {
-    consola.error('OAUTH_TWITCH_REDIRECT_URI is not defined')
-
-    throw createError({
-      statusCode: 500,
-      message: 'Internal server error',
-    })
-  }
-
   try {
+    const redirectUri = getTwitchRedirectUri(event)
+
     const tokenResponse = await $fetch<TwitchOAuthTokenResponse>('https://id.twitch.tv/oauth2/token', {
       method: 'POST',
 
@@ -44,7 +50,7 @@ export async function getTwitchOAuthToken(code: string) : Promise<string> {
         client_secret: OAUTH_TWITCH_CLIENT_SECRET,
         code,
         grant_type: 'authorization_code',
-        redirect_uri: OAUTH_TWITCH_REDIRECT_URI
+        redirect_uri: redirectUri
       }
     })