From 0acad7a0ea286a8b1b1792faac26e4abbb3502cc Mon Sep 17 00:00:00 2001
From: James Williams <james-williams@softwareimaging.com>
Date: Fri, 15 Nov 2024 21:24:22 +0000
Subject: [PATCH] Updated authentication

---
 census/api/src/services/auth/auth.ts   | 25 ++++++++++++++++++++-----
 census/api/src/services/auth/router.ts | 12 +++++++-----
 census/api/src/utils/env/config.ts     |  3 ++-
 3 files changed, 29 insertions(+), 11 deletions(-)

diff --git a/census/api/src/services/auth/auth.ts b/census/api/src/services/auth/auth.ts
index af097e7..1d5a94c 100644
--- a/census/api/src/services/auth/auth.ts
+++ b/census/api/src/services/auth/auth.ts
@@ -2,7 +2,7 @@ import { exchangeCode } from '@twurple/auth';
 import z from 'zod';
 import { useEnvironment } from '../../utils/env/env.js';
 
-const scopes = ['chat:read', 'chat:edit', 'user:read:chat', 'user:write:chat'];
+const scopes: string[] = [];
 export const createSignInRequest = (path: string, state: string) => {
   const env = useEnvironment();
   let origin = `http://${env.variables.HOST}:${env.variables.PORT}`;
@@ -19,12 +19,27 @@ export const createSignInRequest = (path: string, state: string) => {
   return url.toString();
 };
 
+export const getHost = () => {
+  const { variables } = useEnvironment();
+  const host = (() => {
+    if (variables.NODE_ENV === 'development') {
+      return `http://${variables.HOST}:${variables.PORT}`;
+    }
+    if (variables.API_URL) {
+      return variables.API_URL;
+    }
+    if (variables.CONTAINER_APP_NAME && variables.CONTAINER_APP_ENV_DNS_SUFFIX) {
+      return `https://${variables.CONTAINER_APP_NAME}.${variables.CONTAINER_APP_ENV_DNS_SUFFIX}`;
+    }
+  })();
+
+  if (!host) throw new Error('No host found');
+  return host;
+};
+
 export const exchangeCodeForToken = async (path: string, code: string) => {
   const env = useEnvironment();
-  let origin = `http://${env.variables.HOST}:${env.variables.PORT}`;
-  if (env.variables.API_URL) {
-    origin = env.variables.API_URL;
-  }
+  const origin = getHost();
 
   const token = await exchangeCode(
     env.variables.TWITCH_CLIENT_ID,
diff --git a/census/api/src/services/auth/router.ts b/census/api/src/services/auth/router.ts
index 84922ed..929006b 100644
--- a/census/api/src/services/auth/router.ts
+++ b/census/api/src/services/auth/router.ts
@@ -12,17 +12,19 @@ const TwitchRedirectResponse = z.object({
 });
 
 const SignInRequest = z.object({
-  from: z.string().optional()
+  from: z.string().optional(),
+  origin: z.string()
 });
 const cache = new Map<string, string>();
 
 export default async function register(router: FastifyInstance) {
   router.get('/auth/signin', async (request, reply) => {
     const key = crypto.randomUUID();
-    const state: { key: string; from?: string } = { key };
+    const state: { key: string; from?: string; origin?: string } = { key };
 
-    const { from } = SignInRequest.parse(request.query);
+    const { from, origin } = SignInRequest.parse(request.query);
     if (from) state.from = from;
+    if (origin) state.origin = origin;
 
     cache.set(key, JSON.stringify(state));
 
@@ -41,7 +43,7 @@ export default async function register(router: FastifyInstance) {
     if (!(await validateToken(token.accessToken))) {
       throw new Error('Invalid token');
     }
-    const { from } = SignInRequest.parse(JSON.parse(state));
+    const { from, origin } = SignInRequest.parse(JSON.parse(state));
 
     const user = await getUserInformation(token.accessToken);
     const jwt = await createJWT(
@@ -57,6 +59,6 @@ export default async function register(router: FastifyInstance) {
     if (from) params.set('from', from);
     cache.delete(query.state);
 
-    return reply.redirect(`${variables.UI_URL}/auth/redirect?${params.toString()}`);
+    return reply.redirect(`${origin}/auth/redirect?${params.toString()}`);
   });
 }
diff --git a/census/api/src/utils/env/config.ts b/census/api/src/utils/env/config.ts
index 1fa8bb6..ee4deff 100644
--- a/census/api/src/utils/env/config.ts
+++ b/census/api/src/utils/env/config.ts
@@ -18,8 +18,9 @@ export const config = z.object({
   POSTGRES_DB: z.string(),
   POSTGRES_SSL: z.coerce.boolean().default(false),
 
-  UI_URL: z.string(),
   API_URL: z.string().optional(),
+  CONTAINER_APP_NAME: z.string().optional(),
+  CONTAINER_APP_ENV_DNS_SUFFIX: z.string().optional(),
 
   STORAGE_ACCOUNT_NAME: z.string(),
   STORAGE_ACCOUNT_KEY: z.string(),