forked from kriasoft/graphql-starter-kit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
account.js
106 lines (95 loc) · 3.31 KB
/
account.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
/**
* Node.js API Starter Kit (https://reactstarter.com/nodejs)
*
* Copyright © 2016-present Kriasoft, LLC. All rights reserved.
*
* This source code is licensed under the MIT license found in the
* LICENSE.txt file in the root directory of this source tree.
*/
/* @flow */
/* eslint-disable no-param-reassign */
import passport from 'passport';
import validator from 'validator';
import { Router } from 'express';
/**
* '/about' => `false`
* 'http://localhost:3000/about' => `true` (but only if this domain name is whitelisted)
*/
function isValidReturnURL(value) {
return validator.isURL(value, {
require_protocol: true,
protocols: ['http', 'https'],
host_whitelist: process.env.FRONTEND_HOST_WHITELIST ?
process.env.FRONTEND_HOST_WHITELIST.split(',').map(x => x.trim()) : ['localhost'],
});
}
/**
* '/about' => ''
* 'http://localhost:3000/about' => 'http://localhost:3000'
*/
function getBaseURL(returnURL) {
if (!returnURL || returnURL[0] === '/') return '';
const result = returnURL.match(/^https?:\/\/[^\\/]+/i);
return result ? result[0] : '';
}
const router = new Router();
const loginProviders = [
{
provider: 'facebook',
options: { scope: ['email', 'user_location'] },
},
{
provider: 'google',
options: { scope: 'profile email' },
},
{
provider: 'twitter',
options: {},
},
];
loginProviders.forEach(({ provider, options }) => {
router.get(`/login/${provider}/return`, (req, res, next) => {
passport.authenticate(provider, (err, user) => {
const returnURL = req.session.returnURL || '/';
const baseURL = getBaseURL(returnURL);
const { error, info } = req.app.locals;
if (err) {
res.redirect(`${baseURL}/login?error=${encodeURIComponent(err.message)}&code=500`);
} else if (!user) {
res.redirect(`${baseURL}/login${error ? `?error=${encodeURIComponent(error)}` : ''}`);
} else {
req.login(user, (loginErr) => {
if (loginErr) {
res.redirect(`${baseURL}/login?error=${encodeURIComponent(loginErr.message)}&code=500`);
} else if (baseURL) {
// eslint-disable-next-line prefer-template
res.redirect(`${returnURL}${returnURL.includes('?') ? '&' : '?'}sessionID=${req.session.id}` +
(req.session.cookie.originalMaxAge ? `&maxAge=${req.session.cookie.originalMaxAge}` : '') +
(info ? `&info=${encodeURIComponent(info)}` : ''));
} else {
req.flash('info', info);
res.redirect(returnURL);
}
});
}
})(req, res, next);
});
router.get([`/login/${provider}`, `/login/${provider}/*`], (req, res, next) => {
const returnURL = decodeURIComponent(req.path.substr(`/login/${provider}/`.length));
req.session.returnURL = isValidReturnURL(returnURL) ? returnURL : `/${returnURL}`;
res.header('Cache-Control', 'private, no-cache, no-store, must-revalidate');
res.header('Expires', '-1');
res.header('Pragma', 'no-cache');
passport.authenticate(provider, options)(req, res, next);
});
});
router.all(['/logout', '/logout/*'], (req, res) => {
const returnURL = decodeURIComponent(req.path.substr(8));
req.logout();
if (isValidReturnURL(returnURL)) {
res.redirect(`${getBaseURL(returnURL)}/logout`);
} else {
res.redirect('/');
}
});
export default router;