From abadc936a00e90776f3699daf2a89b971d7845ad Mon Sep 17 00:00:00 2001 From: Pier Dolique Date: Tue, 3 Sep 2024 22:15:29 +0300 Subject: [PATCH] fixup! Twitch authentication --- server/api/oauth/twitch/index.get.ts | 4 +--- server/api/oauth/twitch/index.post.ts | 2 +- server/utils/providers/twitch.ts | 34 ++++++++++++++++----------- 3 files changed, 22 insertions(+), 18 deletions(-) diff --git a/server/api/oauth/twitch/index.get.ts b/server/api/oauth/twitch/index.get.ts index bc5a98a..d7612ab 100644 --- a/server/api/oauth/twitch/index.get.ts +++ b/server/api/oauth/twitch/index.get.ts @@ -1,5 +1,4 @@ import { consola } from 'consola' -import { joinURL } from 'ufo' export default defineEventHandler(async (event) => { // TODO (#102): Check if the user is already logged in and linked their account @@ -17,8 +16,7 @@ export default defineEventHandler(async (event) => { } const authUrl = new URL('https://id.twitch.tv/oauth2/authorize') - const url = getRequestURL(event) - const redirectUri = joinURL(url.origin, '/auth/twitch') + const redirectUri = getTwitchRedirectUri(event) // TODO (#103): Add `state` to prevent CSRF attacks // https://dev.twitch.tv/docs/authentication/getting-tokens-oauth/#use-the-authorization-code-to-get-a-token diff --git a/server/api/oauth/twitch/index.post.ts b/server/api/oauth/twitch/index.post.ts index 0cf9c4d..5eb1ceb 100644 --- a/server/api/oauth/twitch/index.post.ts +++ b/server/api/oauth/twitch/index.post.ts @@ -9,7 +9,7 @@ function validateBody(body: unknown) { export default defineEventHandler(async (event) => { const { code } = await readValidatedBody(event, validateBody) - const token = await getTwitchOAuthToken(code) + const token = await getTwitchOAuthToken(event, code) const { id: twitchAccountId } = await getTwitchUserInfo(token) const currentUser = await getSessionUser(event) diff --git a/server/utils/providers/twitch.ts b/server/utils/providers/twitch.ts index ee30318..ab9e52e 100644 --- a/server/utils/providers/twitch.ts +++ b/server/utils/providers/twitch.ts @@ -1,11 +1,24 @@ +import { H3Event } from 'h3' import consola from 'consola' -import { TwitchOAuthTokenResponse, TwitchUser, TwitchUsersResponse } from '~/models/twitch' +import { joinURL } from 'ufo' -export async function getTwitchOAuthToken(code: string) : Promise { +import { + TwitchOAuthTokenResponse, + TwitchUser, + TwitchUsersResponse +} from '~/models/twitch' + +export function getTwitchRedirectUri(event: H3Event) : string { + const url = getRequestURL(event) + const redirectUri = joinURL(url.origin, '/auth/twitch') + + return redirectUri +} + +export async function getTwitchOAuthToken(event: H3Event, code: string) : Promise { const { OAUTH_TWITCH_CLIENT_ID, - OAUTH_TWITCH_CLIENT_SECRET, - OAUTH_TWITCH_REDIRECT_URI + OAUTH_TWITCH_CLIENT_SECRET } = process.env if (OAUTH_TWITCH_CLIENT_ID === undefined) { @@ -26,16 +39,9 @@ export async function getTwitchOAuthToken(code: string) : Promise { }) } - if (OAUTH_TWITCH_REDIRECT_URI === undefined) { - consola.error('OAUTH_TWITCH_REDIRECT_URI is not defined') - - throw createError({ - statusCode: 500, - message: 'Internal server error', - }) - } - try { + const redirectUri = getTwitchRedirectUri(event) + const tokenResponse = await $fetch('https://id.twitch.tv/oauth2/token', { method: 'POST', @@ -44,7 +50,7 @@ export async function getTwitchOAuthToken(code: string) : Promise { client_secret: OAUTH_TWITCH_CLIENT_SECRET, code, grant_type: 'authorization_code', - redirect_uri: OAUTH_TWITCH_REDIRECT_URI + redirect_uri: redirectUri } })