fix auth session

prostgles · Nov 25, 2024 · 05ec001 · 05ec001
1 parent 6813268
commit 05ec001
Show file tree

Hide file tree

Showing 6 changed files with 45 additions and 22 deletions.
diff --git a/lib/Auth/AuthTypes.ts b/lib/Auth/AuthTypes.ts
@@ -1,5 +1,5 @@
 import { Express, NextFunction, Request, Response } from "express";
-import { AnyObject, FieldFilter, UserLike } from "prostgles-types";
+import { AnyObject, FieldFilter, IdentityProvider, UserLike } from "prostgles-types";
 import { DB } from "../Prostgles";
 import { DBOFullyTyped } from "../DBSchemaBuilder";
 import { PRGLIOSocket } from "../DboBuilder/DboBuilderTypes";
@@ -119,6 +119,11 @@ export type AuthRegistrationConfig = RegistrationProviders & {
    * Do something with the registered user
    */
   onRegister: (data: RegistrationData) => void | Promise<any>;
+
+  /**
+   * Used to identify abuse
+   */
+  onProviderLoginFail: (data: { provider: IdentityProvider; error: any, req: ExpressReq, res: ExpressRes}) => void | Promise<void>;
 };
 
 export type SessionUser<ServerUser extends UserLike = UserLike, ClientUser extends UserLike = UserLike> = {

diff --git a/lib/Auth/setAuthProviders.ts b/lib/Auth/setAuthProviders.ts
@@ -22,7 +22,7 @@ export const upsertNamedExpressMiddleware = (app: e.Express, handler: RequestHan
 
 export function setAuthProviders (this: AuthHandler, { registrations, app }: Required<Auth>["expressConfig"]) {
   if(!registrations) return;
-  const { email, onRegister, websiteUrl, ...providers } = registrations;
+  const { email, onRegister, onProviderLoginFail, websiteUrl, ...providers } = registrations;
   if(email){
     app.post(AUTH_ROUTES_AND_PARAMS.emailSignup, async (req, res) => {
       const { username, password } = req.body;
@@ -86,22 +86,37 @@ export function setAuthProviders (this: AuthHandler, { registrations, app }: Req
       passport.authenticate(providerName, authOpts ?? {})
     );
 
-    app.get(callbackPath,
-      passport.authenticate(providerName, {
-        session: false, 
-        failureRedirect: "/login",
-        failWithError: true,
-      }, console.log),
-      async (req, res) => {
-        this.loginThrottledAndSetCookie(req, res, { type: "provider", provider: providerName, ...req.authInfo as any })
-          .then(() => {
-            res.redirect("/");
-          })
-          .catch((e: any) => {
-            res.status(500).json(getErrorAsObject(e));
-          });
+    app.get(
+      callbackPath,
+      (req, res) => {
+
+        passport.authenticate(
+          providerName, 
+          {
+            session: false, 
+            failureRedirect: "/login",
+            failWithError: true,
+          },
+          async (error: any, profile: any, authInfo: any) => {
+            if(error){
+              await onProviderLoginFail({ provider: providerName, error, req, res });
+              res.status(500).json({
+                error: "Failed to login with provider",
+              });
+            } else {
+              this.loginThrottledAndSetCookie(req, res, { type: "provider", provider: providerName, ...authInfo })
+              .then(() => {
+                res.redirect("/");
+              })
+              .catch((e: any) => {
+                res.status(500).json(getErrorAsObject(e));
+              });
+            }
+          } 
+        )(req, res);
       }
     );
+
   });
 }
 
@@ -110,7 +125,7 @@ export function getProviders(this: AuthHandler): AuthSocketSchema["providers"] |
   if(!registrations) return undefined;
   const { 
     // eslint-disable-next-line @typescript-eslint/no-unused-vars
-    email, websiteUrl, onRegister, 
+    email, websiteUrl, onRegister, onProviderLoginFail,
     ...providers 
   } = registrations;
   if(isEmpty(providers)) return undefined;

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "prostgles-server",
-  "version": "4.2.146",
+  "version": "4.2.147",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

diff --git a/tests/server/index.ts b/tests/server/index.ts
@@ -174,7 +174,9 @@ function dd(){
 				}
 				return undefined;
 			},
-			login: async ({ username, password } = {}) => {
+			login: async (loginData) => {
+				if(loginData.type !== "username") throw "Only username login is supported";
+				const { username, password } = loginData;
 				const u = users.find(u => u.username === username && u.password === password);
 				if(!u) throw "something went wrong: " + JSON.stringify({ username, password });
 				let s = sessions.find(s => s.user_id === u.id)
@@ -203,6 +205,7 @@ function dd(){
 						clientID: "GITHUB_CLIENT_ID",
 						clientSecret: "GITHUB"
 					},
+					onProviderLoginFail: console.error,
 					onRegister: console.log
 				},
 			}

diff --git a/tests/server/package-lock.json b/tests/server/package-lock.json