Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-03-31 22:51:25 -05:00
Code Issues Activity

feat(core): add Alipay web connector (#522)

Browse source
This commit is contained in:
Darcy Ye 2022-04-14 12:22:30 +08:00 committed by GitHub
parent f669780ff9
commit 2f22a81a8f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 660 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
packages/core/package.json
View file

@ -28,6 +28,7 @@
"dotenv": "^10.0.0",
"got": "^11.8.2",
"i18next": "^20.3.5",
"iconv-lite": "0.6.3",
"jose": "^3.14.3",
"koa": "^2.13.1",
"koa-body": "^4.2.0",

2
packages/core/src/connectors/alipay/README.md Normal file
View file

@ -0,0 +1,2 @@
### Alipay Web Social Connector README
placeholder

3
packages/core/src/connectors/alipay/config-template.md Normal file
View file

@ -0,0 +1,3 @@
{
// placeholder
}

10
packages/core/src/connectors/alipay/constant.ts Normal file
View file

@ -0,0 +1,10 @@
export const authorizationEndpoint = 'https://openauth.alipay.com/oauth2/publicAppAuthorize.htm';
export const alipayEndpoint = 'https://openapi.alipay.com/gateway.do';
export const scope = 'auth_user';
export const methodForAccessToken = 'alipay.system.oauth.token';
export const methodForUserInfo = 'alipay.user.info.share';
export const alipaySigningAlgorithmMapping = {
RSA: 'RSA-SHA1',
RSA2: 'RSA-SHA256',
} as const;
export const alipaySigningAlgorithms = ['RSA', 'RSA2'] as const;

318
packages/core/src/connectors/alipay/index.test.ts Normal file
View file

@ -0,0 +1,318 @@
import nock from 'nock';
import snakeCaseKeys from 'snakecase-keys';
import * as AlipayMethods from '.';
import { ConnectorError, ConnectorErrorCodes } from '../types';
import { getConnectorConfig, getFormattedDate } from '../utilities';
import {
alipayEndpoint,
authorizationEndpoint,
methodForAccessToken,
methodForUserInfo,
} from './constant';
import {
mockedAlipayConfig,
mockedAlipayConfigWithValidPrivateKey,
mockedAlipayPublicParameters,
} from './mock';
jest.mock('../utilities');
beforeAll(() => {
(getConnectorConfig as jest.MockedFunction<typeof getConnectorConfig>).mockResolvedValue(
mockedAlipayConfig
);
(getFormattedDate as jest.MockedFunction<typeof getFormattedDate>).mockReturnValue(
'2022-02-22 22:22:22'
);
});
const listenJSONParse = jest.spyOn(JSON, 'parse');
const listenJSONStringify = jest.spyOn(JSON, 'stringify');
const mockSigningParameters = jest.spyOn(AlipayMethods, 'signingPamameters');
describe('validateConfig', () => {
it('should pass on valid config', async () => {
await expect(
AlipayMethods.validateConfig({ appId: 'appId', privateKey: 'privateKey', signType: 'RSA' })
).resolves.not.toThrow();
});
it('should throw on empty config', async () => {
await expect(AlipayMethods.validateConfig({})).rejects.toThrowError();
});
it('should throw when missing required properties', async () => {
await expect(AlipayMethods.validateConfig({ appId: 'appId' })).rejects.toThrowError();
});
});
describe('signingParameters', () => {
afterEach(() => {
nock.cleanAll();
jest.clearAllMocks();
});
const testingParameters = {
...mockedAlipayPublicParameters,
...mockedAlipayConfigWithValidPrivateKey,
method: methodForAccessToken,
code: '7ffeb112fbb6495c9e7dfb720380DD39',
};
it('should return exact signature with the given parameters (functionality check)', () => {
const decamelizedParameters = AlipayMethods.signingPamameters(testingParameters);
expect(decamelizedParameters.sign).toBe(
'td9+u0puul3HgbwLGL1X6z/vKKB/K25K5pjtLT/snQOp292RX3Y5j+FQUVuazTI2l65GpoSgA83LWNT9htQgtmdBmkCQ3bO6RWs38+2ZmBmH7MvpHx4ebUDhtebLUmHNuRFaNcpAZW92b0ZSuuJuahpLK8VNBgXljq+x0aD7WCRudPxc9fikR65NGxr5bwepl/9IqgMxwtajh1+PEJyhGGJhJxS1dCktGN0EiWXWNiogYT8NlFVCmw7epByKzCBWu4sPflU52gJMFHTdbav/0Tk/ZBs8RyP8Z8kcJA0jom2iT+dHqDpgkdzEmsR360UVNKCu5X7ltIiiObsAWmfluQ=='
);
});
it('should return exact signature with the given parameters (with empty property in testingParameters)', () => {
const decamelizedParameters = AlipayMethods.signingPamameters({
...testingParameters,
emptyProperty: '',
});
expect(decamelizedParameters.sign).toBe(
'td9+u0puul3HgbwLGL1X6z/vKKB/K25K5pjtLT/snQOp292RX3Y5j+FQUVuazTI2l65GpoSgA83LWNT9htQgtmdBmkCQ3bO6RWs38+2ZmBmH7MvpHx4ebUDhtebLUmHNuRFaNcpAZW92b0ZSuuJuahpLK8VNBgXljq+x0aD7WCRudPxc9fikR65NGxr5bwepl/9IqgMxwtajh1+PEJyhGGJhJxS1dCktGN0EiWXWNiogYT8NlFVCmw7epByKzCBWu4sPflU52gJMFHTdbav/0Tk/ZBs8RyP8Z8kcJA0jom2iT+dHqDpgkdzEmsR360UVNKCu5X7ltIiiObsAWmfluQ=='
);
});
it('should not call JSON.parse() when biz_content is empty', () => {
AlipayMethods.signingPamameters(testingParameters);
expect(listenJSONParse).not.toHaveBeenCalled();
});
it('should call JSON.parse() when biz_content is not empty', () => {
AlipayMethods.signingPamameters({
...testingParameters,
biz_content: JSON.stringify({ AB: 'AB' }),
});
expect(listenJSONParse).toHaveBeenCalled();
});
it('should call JSON.stringify() when some value is object string', () => {
AlipayMethods.signingPamameters({
...testingParameters,
testObject: JSON.stringify({ AB: 'AB' }),
});
expect(listenJSONStringify).toHaveBeenCalled();
});
});
describe('getAuthorizationUri', () => {
it('should get a valid uri by redirectUri and state', async () => {
const authorizationUri = await AlipayMethods.getAuthorizationUri(
'http://localhost:3001/callback',
'some_state'
);
expect(authorizationUri).toEqual(
`${authorizationEndpoint}?app_id=2021000000000000&redirect_uri=http%3A%2F%2Flocalhost%3A3001%2Fcallback&scope=auth_user&state=some_state`
);
});
});
describe('getAccessToken', () => {
afterEach(() => {
nock.cleanAll();
jest.clearAllMocks();
});
const alipayEndpointUrl = new URL(alipayEndpoint);
const parameters = {
...mockedAlipayPublicParameters,
method: methodForAccessToken,
...mockedAlipayConfig,
code: 'code',
sign: 'sign',
};
const searchParameters = new URLSearchParams(snakeCaseKeys(parameters));
it('should get an accessToken by exchanging with code', async () => {
mockSigningParameters.mockImplementationOnce((parameters) => {
return snakeCaseKeys({ ...parameters, sign: 'sign' });
});
nock(alipayEndpointUrl.origin)
.post(alipayEndpointUrl.pathname)
.query(searchParameters)
.reply(200, {
alipay_system_oauth_token_response: {
user_id: '2088000000000000',
access_token: 'access_token',
expires_in: '3600',
refresh_token: 'refresh_token',
re_expires_in: '7200', // Expiring time of refresh token, in seconds
},
sign: '<signature>',
});
const { accessToken } = await AlipayMethods.getAccessToken('code');
expect(accessToken).toEqual('access_token');
});
it('should throw when accessToken is empty', async () => {
mockSigningParameters.mockImplementationOnce((parameters) => {
return snakeCaseKeys({ ...parameters, sign: 'sign' });
});
nock(alipayEndpointUrl.origin)
.post(alipayEndpointUrl.pathname)
.query(searchParameters)
.reply(200, {
alipay_system_oauth_token_response: {
user_id: '2088000000000000',
access_token: undefined,
expires_in: '3600',
refresh_token: 'refresh_token',
re_expires_in: '7200', // Expiring time of refresh token, in seconds
},
sign: '<signature>',
});
await expect(AlipayMethods.getAccessToken('code')).rejects.toMatchError(
new ConnectorError(ConnectorErrorCodes.SocialAuthCodeInvalid)
);
});
it('should fail with wrong code', async () => {
mockSigningParameters.mockImplementationOnce((parameters) => {
return snakeCaseKeys({ ...parameters, sign: 'sign' });
});
nock(alipayEndpointUrl.origin)
.post(alipayEndpointUrl.pathname)
.query(new URLSearchParams(snakeCaseKeys({ ...parameters, code: 'wrong_code' })))
.reply(200, {
error_response: {
code: '20001',
msg: 'Invalid code',
sub_code: 'isv.code-invalid ',
},
sign: '<signature>',
});
await expect(AlipayMethods.getAccessToken('wrong_code')).rejects.toMatchError(
new ConnectorError(ConnectorErrorCodes.SocialAuthCodeInvalid, 'Invalid code')
);
});
});
describe('getUserInfo', () => {
afterEach(() => {
nock.cleanAll();
jest.clearAllMocks();
});
const alipayEndpointUrl = new URL(alipayEndpoint);
const parameters = {
...mockedAlipayPublicParameters,
method: methodForUserInfo,
...mockedAlipayConfig,
auth_token: 'access_token',
biz_content: '{}',
sign: 'sign',
};
const searchParameters = new URLSearchParams(snakeCaseKeys(parameters));
it('should get userInfo with accessToken', async () => {
mockSigningParameters.mockImplementationOnce((parameters) => {
return snakeCaseKeys({ ...parameters, sign: 'sign' });
});
nock(alipayEndpointUrl.origin)
.post(alipayEndpointUrl.pathname)
.query(searchParameters)
.reply(200, {
alipay_user_info_share_response: {
code: '10000',
msg: 'Success',
user_id: '2088000000000000',
nick_name: 'PlayboyEric',
avatar: 'https://www.alipay.com/xxx.jpg',
},
sign: '<signature>',
});
const { id, name, avatar } = await AlipayMethods.getUserInfo({ accessToken: 'access_token' });
expect(id).toEqual('2088000000000000');
expect(name).toEqual('PlayboyEric');
expect(avatar).toEqual('https://www.alipay.com/xxx.jpg');
});
it('should throw with wrong accessToken', async () => {
mockSigningParameters.mockImplementationOnce((parameters) => {
return snakeCaseKeys({ ...parameters, sign: 'sign' });
});
nock(alipayEndpointUrl.origin)
.post(alipayEndpointUrl.pathname)
.query(
new URLSearchParams(snakeCaseKeys({ ...parameters, auth_token: 'wrong_access_token' }))
)
.reply(200, {
alipay_user_info_share_response: {
code: '20001',
msg: 'Invalid auth token',
sub_code: 'aop.invalid-auth-token',
},
sign: '<signature>',
});
await expect(
AlipayMethods.getUserInfo({ accessToken: 'wrong_access_token' })
).rejects.toMatchError(
new ConnectorError(ConnectorErrorCodes.SocialAccessTokenInvalid, 'Invalid auth token')
);
});
it('should throw General error with other response error codes', async () => {
mockSigningParameters.mockImplementationOnce((parameters) => {
return snakeCaseKeys({ ...parameters, sign: 'sign' });
});
nock(alipayEndpointUrl.origin)
.post(alipayEndpointUrl.pathname)
.query(
new URLSearchParams(snakeCaseKeys({ ...parameters, auth_token: 'wrong_access_token' }))
)
.reply(200, {
alipay_user_info_share_response: {
code: '40002',
msg: 'Invalid parameter',
sub_code: 'isv.invalid-parameter',
},
sign: '<signature>',
});
await expect(
AlipayMethods.getUserInfo({ accessToken: 'wrong_access_token' })
).rejects.toMatchError(new ConnectorError(ConnectorErrorCodes.General));
});
it('should throw with right accessToken but empty userInfo', async () => {
mockSigningParameters.mockImplementationOnce((parameters) => {
return snakeCaseKeys({ ...parameters, sign: 'sign' });
});
nock(alipayEndpointUrl.origin)
.post(alipayEndpointUrl.pathname)
.query(searchParameters)
.reply(200, {
alipay_user_info_share_response: {
code: '10000',
msg: 'Success',
user_id: undefined,
nick_name: 'PlayboyEric',
avatar: 'https://www.alipay.com/xxx.jpg',
},
sign: '<signature>',
});
await expect(AlipayMethods.getUserInfo({ accessToken: 'access_token' })).rejects.toMatchError(
new ConnectorError(ConnectorErrorCodes.InvalidResponse)
);
});
it('should throw with other request errors', async () => {
mockSigningParameters.mockImplementationOnce((parameters) => {
return snakeCaseKeys({ ...parameters, sign: 'sign' });
});
nock(alipayEndpointUrl.origin)
.post(alipayEndpointUrl.pathname)
.query(searchParameters)
.reply(500);
await expect(AlipayMethods.getUserInfo({ accessToken: 'access_token' })).rejects.toThrow();
});
});

206
packages/core/src/connectors/alipay/index.ts Normal file
View file

@ -0,0 +1,206 @@
/**
* The Implementation of OpenID Connect of Alipay Web Open Platform.
* https://opendocs.alipay.com/support/01rg6h
* https://opendocs.alipay.com/open/263/105808
* https://opendocs.alipay.com/open/01emu5
*/
import * as crypto from 'crypto';
import { existsSync, readFileSync } from 'fs';
import path from 'path';
import got from 'got';
import * as iconv from 'iconv-lite';
import { stringify } from 'query-string';
import snakeCaseKeys from 'snakecase-keys';
import assertThat from '@/utils/assert-that';
import {
ConnectorError,
ConnectorErrorCodes,
ConnectorMetadata,
ConnectorType,
GetAccessToken,
GetAuthorizationUri,
GetUserInfo,
ValidateConfig,
} from '../types';
import { getConnectorConfig, getConnectorRequestTimeout, getFormattedDate } from '../utilities';
import {
alipayEndpoint,
authorizationEndpoint,
methodForAccessToken,
methodForUserInfo,
scope,
alipaySigningAlgorithmMapping,
} from './constant';
import { alipayConfigGuard, AlipayConfig, AccessTokenResponse, UserInfoResponse } from './types';
// eslint-disable-next-line unicorn/prefer-module
const currentPath = __dirname;
const pathToReadmeFile = path.join(currentPath, 'README.md');
const pathToConfigTemplate = path.join(currentPath, 'config-template.md');
const readmeContentFallback = 'Please check README.md file directory.';
const configTemplateFallback = 'Please check config-template.md file directory.';
export const metadata: ConnectorMetadata = {
id: 'alipay',
type: ConnectorType.Social,
name: {
en: 'Sign In with Alipay',
'zh-CN': '支付宝登录',
},
// TODO: add the real logo URL (LOG-1823)
logo: './logo.png',
description: {
en: 'Sign In with Alipay',
'zh-CN': '支付宝登录',
},
readme: existsSync(pathToReadmeFile)
? readFileSync(pathToReadmeFile, 'utf8')
: readmeContentFallback,
configTemplate: existsSync(pathToConfigTemplate)
? readFileSync(pathToConfigTemplate, 'utf-8')
: configTemplateFallback,
};
export const validateConfig: ValidateConfig = async (config: unknown) => {
const result = alipayConfigGuard.safeParse(config);
if (!result.success) {
throw new ConnectorError(ConnectorErrorCodes.InvalidConfig, result.error.message);
}
};
// Reference: https://github.com/alipay/alipay-sdk-nodejs-all/blob/10d78e0adc7f310d5b07567ce7e4c13a3f6c768f/lib/util.ts
export const signingPamameters = (
parameters: AlipayConfig & Record<string, string>
): Record<string, string> => {
const { biz_content, privateKey, ...rest } = parameters;
const signParameters = snakeCaseKeys(
biz_content
? {
...rest,
bizContent: JSON.stringify(snakeCaseKeys(JSON.parse(biz_content))),
}
: rest
);
const decamelizeParameters = snakeCaseKeys(signParameters);
// eslint-disable-next-line @silverhand/fp/no-mutating-methods
const sortedParametersAsString = Object.entries(decamelizeParameters)
.map(([key, value]) => {
// Supported Encodings can be found at https://github.com/ashtuchkin/iconv-lite/wiki/Supported-Encodings
if (value) {
// eslint-disable-next-line @typescript-eslint/restrict-template-expressions
return `${key}=${iconv.encode(value, rest.charset ?? 'UTF8')}`;
}
return '';
})
.filter((keyValueString) => keyValueString)
.sort()
.join('&');
const sign = crypto
.createSign(alipaySigningAlgorithmMapping[rest.signType])
.update(sortedParametersAsString, 'utf8')
.sign(privateKey, 'base64');
return { ...decamelizeParameters, sign };
};
export const getAuthorizationUri: GetAuthorizationUri = async (redirectUri, state) => {
const { appId: app_id } = await getConnectorConfig<AlipayConfig>(metadata.id);
const redirect_uri = encodeURI(redirectUri);
return `${authorizationEndpoint}?${stringify({
app_id,
redirect_uri, // The variable `redirectUri` should match {appId, appSecret}
scope,
state,
})}`;
};
export const getAccessToken: GetAccessToken = async (authCode) => {
const config = await getConnectorConfig<AlipayConfig>(metadata.id);
const initSearchParameters = {
method: methodForAccessToken,
format: 'JSON',
timestamp: getFormattedDate(),
version: '1.0',
grant_type: 'authorization_code',
code: authCode,
charset: 'UTF8',
...config,
};
const signedSearchParameters = signingPamameters(initSearchParameters);
const response = await got
.post(alipayEndpoint, {
searchParams: signedSearchParameters,
timeout: await getConnectorRequestTimeout(),
})
.json<AccessTokenResponse>();
const { msg, sub_msg } = response.error_response ?? {};
assertThat(
response.alipay_system_oauth_token_response,
new ConnectorError(ConnectorErrorCodes.SocialAuthCodeInvalid, msg ?? sub_msg)
);
const { access_token: accessToken } = response.alipay_system_oauth_token_response;
assertThat(accessToken, new ConnectorError(ConnectorErrorCodes.SocialAuthCodeInvalid));
return { accessToken };
};
export const getUserInfo: GetUserInfo = async (accessTokenObject) => {
const { accessToken } = accessTokenObject;
const config = await getConnectorConfig<AlipayConfig>(metadata.id);
const initSearchParameters = {
method: methodForUserInfo,
format: 'JSON',
timestamp: getFormattedDate(),
version: '1.0',
grant_type: 'authorization_code',
auth_token: accessToken,
biz_content: JSON.stringify({}),
charset: 'UTF8',
...config,
};
const signedSearchParameters = signingPamameters(initSearchParameters);
const response = await got
.post(alipayEndpoint, {
searchParams: signedSearchParameters,
timeout: await getConnectorRequestTimeout(),
})
.json<UserInfoResponse>();
const {
user_id: id,
avatar,
nick_name: name,
sub_msg,
sub_code,
msg,
code,
} = response.alipay_user_info_share_response;
if (sub_msg || sub_code) {
if (code === '20001') {
throw new ConnectorError(ConnectorErrorCodes.SocialAccessTokenInvalid, msg);
}
throw new ConnectorError(ConnectorErrorCodes.General);
}
// TODO: elaborate on the error messages for all social connectors (see LOG-2157)
assertThat(id, new ConnectorError(ConnectorErrorCodes.InvalidResponse));
return { id, avatar, name };
};

23
packages/core/src/connectors/alipay/mock.ts Normal file
View file

@ -0,0 +1,23 @@
import { AlipayConfig } from './types';
export const mockedAlipayConfig: AlipayConfig = {
appId: '2021000000000000',
signType: 'RSA2',
privateKey: '<private-key>',
};
export const mockedAlipayConfigWithValidPrivateKey: AlipayConfig = {
appId: '2021000000000000',
signType: 'RSA2',
privateKey:
'-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC52SvnlRfzJJDR\nA1h4MX2JWV7Yt1j+1gvtQuLh0RYbE0AgRyz8CXFcJegO8gNyUQ05vrc1RMVzvNh8\njfjLpIX8an88KE4FyoG5P8NWrwPw5ZXOnzdvNxAV8QWOU+rT4WAdCsx4++mLlb5v\nGL18R77f3WLgY23bFtcGr9q7/qOaLzNxEe4idX1eLf7Ba/gQRY0awA55/Epd1Mi7\nLqTfxTd11PoBZQPe0vnuChp3P2l1MNpIJ5G1eQ4RXgI4UMClEbGRlBN7GUlXy5p7\ng6RtvOcwmBNoE4i0/HbvaanY3u7oenST3iSzEXa2hXMjnZPvg0G4Y5mq/V6XJPTh\nJrFc9XzFAgMBAAECggEAXfmNtN10LdN4kugBLU3BL9mMF0Om8b1kbIXc2djzN5+l\nVm0HNy7DLphQXnZL/ds0N9XTKFFtEpgUU+8qNjcsNTXYvp+WzGDY9cZjTQrUkFRX\nSxLBYjBSpvWoHI8ceCVHh4f1Wtvu/VEr6Vt2PUi+IM7+d35vh1BmTJBRp6wcKBMH\nXdfjWIi5z37pTXD3OTfUjBCtzA2DX0vY6UTsmD9UI0Mb6IJdT6qugiGODFdlsduA\nWJoZlXV1VbHcvGt7DoeQgzA45sr5siUnm+ntTVBHOR/hoZQrr0DY/O/MLKYUj/+r\nZMKKpx/7VHnWfMia2EOHfjW8vUlnraUzI+5E2/FzIQKBgQDgi7S7pfRux8YONGP2\nRtHPkF8d0YllsfKedhqF3cQlJ1dhxzVqHOi1IFn6ttuuYy5UsP5apYa2kj2UUPCa\nZGGi19Vnc+RHThpR4K6/OGFrpbINAgiVJLj7F8GXzqeA7W2ZHMp1R+oB+oTxih6t\nU0dbeTP01kbBV1/7+ZUKPhLE6QKBgQDT4cMgq01F/WIGGd1GUHZQjH5bqtNiJpIf\n2Q2OTw/gn1DVnwDXpHuXPxtC3NRoaRW/dTqsF6AAkMja3voPM3sYJurGBdU8pZPC\nquc9mqqu6TR5gX3KL1lSESvMBEgfLUy/f0gI3JNw1mG17pIhnXmOB2be3HfZPcj3\nwKWlluY/fQKBgDLll97c3A3sPGll2K6vGMmqmNTCdRlW/36JmLN1NAuT4kuoguP9\nj4XWwm6A2kSp+It73vue/20MsuaWfiMQ08y8jYO4kirTekXK3vE7D2H+GeC28EkW\nHNPVa61ES1V++9Oz4fQ5i8JNDatOOmvhL5B9ZZh+pWUXsAsGZJEAxvJZAoGAMPHO\n5GYN1KQil6wz3EFMA3Fg4wYEDIFCcg7uvbfvwACtaJtxU18QmbCfOIPQoUndFzwa\nUJSohljrvPuTIh3PSpX618GTL45EIszd2/I1iXAfig3qo+DqLjX/OwKmMmWBfB8H\n4dwqRv+O1LsGkLNS2AdHsSWWnd1S5kBfQ3AnQfUCgYACM8ldXZv7uGt9uZBmxile\nB0Hg5w7F1v9VD/m9ko+INAISz8OVkD83pCEoyHwlr20JjiF+yzAakOuq6rBi+l/V\n1veSiTDUcZhciuq1G178dFYepJqisFBu7bAM+WBS4agTTtxdSLZkHeS4VX+H3DOc\ntri43NXw6QS7uQ5/+2TsEw==\n-----END PRIVATE KEY-----',
};
export const mockedAlipayPublicParameters = {
format: 'JSON',
grantType: 'authorization_code',
timestamp: '2022-02-22 22:22:22',
version: '1.0',
charset: 'UTF8',
method: '<method-placeholder>',
};

45
packages/core/src/connectors/alipay/types.ts Normal file
View file

@ -0,0 +1,45 @@
import { z } from 'zod';
import { alipaySigningAlgorithms } from './constant';
export const alipayConfigGuard = z.object({
appId: z.string(),
privateKey: z.string(),
signType: z.enum(alipaySigningAlgorithms),
});
export type AlipayConfig = z.infer<typeof alipayConfigGuard>;
// `error_response` and `alipay_system_oauth_token_response` are mutually exclusive.
export type AccessTokenResponse = {
error_response?: {
code: string;
msg: string; // To know `code` and `msg` details, see: https://opendocs.alipay.com/common/02km9f
sub_code?: string;
sub_msg?: string;
};
sign: string; // To know `sign` details, see: https://opendocs.alipay.com/common/02kf5q
alipay_system_oauth_token_response?: {
user_id: string; // Unique Alipay ID, 16 digits starts with '2088'
access_token: string;
expires_in: string; // In seconds
refresh_token: string;
re_expires_in: string; // Expiring time of refresh token, in seconds
};
};
export type UserInfoResponse = {
sign: string; // To know `sign` details, see: https://opendocs.alipay.com/common/02kf5q
alipay_user_info_share_response: {
user_id?: string; // String of digits with max length of 16
avatar?: string; // URL of avatar
province?: string;
city?: string;
nick_name?: string;
gender?: string; // Enum type: 'F' for female, 'M' for male
code: string;
msg: string; // To know `code` and `msg` details, see: https://opendocs.alipay.com/common/02km9f
sub_code?: string;
sub_msg?: string;
};
};

23
packages/core/src/connectors/index.test.ts
View file

@ -11,6 +11,13 @@ import {
} from '@/connectors/index';
import RequestError from '@/errors/RequestError';
const alipayConnector = {
id: 'alipay',
type: ConnectorType.Social,
enabled: true,
config: {},
createdAt: 1_646_382_233_911,
};
const aliyunDmConnector = {
id: 'aliyun-dm',
type: ConnectorType.Email,
@ -62,6 +69,7 @@ const wechatNativeConnector = {
};
const connectors = [
alipayConnector,
aliyunDmConnector,
aliyunSmsConnector,
facebookConnector,
@ -95,12 +103,13 @@ describe('getConnectorInstances', () => {
test('should return the connectors existing in DB', async () => {
const connectorInstances = await getConnectorInstances();
expect(connectorInstances).toHaveLength(connectorInstances.length);
expect(connectorInstances[0]).toHaveProperty('connector', aliyunDmConnector);
expect(connectorInstances[1]).toHaveProperty('connector', aliyunSmsConnector);
expect(connectorInstances[2]).toHaveProperty('connector', facebookConnector);
expect(connectorInstances[3]).toHaveProperty('connector', githubConnector);
expect(connectorInstances[4]).toHaveProperty('connector', googleConnector);
expect(connectorInstances[5]).toHaveProperty('connector', wechatConnector);
expect(connectorInstances[0]).toHaveProperty('connector', alipayConnector);
expect(connectorInstances[1]).toHaveProperty('connector', aliyunDmConnector);
expect(connectorInstances[2]).toHaveProperty('connector', aliyunSmsConnector);
expect(connectorInstances[3]).toHaveProperty('connector', facebookConnector);
expect(connectorInstances[4]).toHaveProperty('connector', githubConnector);
expect(connectorInstances[5]).toHaveProperty('connector', googleConnector);
expect(connectorInstances[6]).toHaveProperty('connector', wechatConnector);
});
test('should throw if any required connector does not exist in DB', async () => {
@ -152,7 +161,7 @@ describe('getSocialConnectorInstanceById', () => {
describe('getEnabledSocialConnectorIds', () => {
test('should return the enabled social connectors existing in DB', async () => {
const enabledSocialConnectorIds = await getEnabledSocialConnectorIds();
expect(enabledSocialConnectorIds).toEqual(['facebook', 'github']);
expect(enabledSocialConnectorIds).toEqual(['alipay', 'facebook', 'github']);
});
});

2
packages/core/src/connectors/index.ts
View file

@ -1,6 +1,7 @@
import RequestError from '@/errors/RequestError';
import { findAllConnectors, findConnectorById, insertConnector } from '@/queries/connector';
import * as Alipay from './alipay';
import * as AliyunDM from './aliyun-dm';
import * as AliyunSMS from './aliyun-sms';
import * as Facebook from './facebook';
@ -11,6 +12,7 @@ import * as WeChat from './wechat';
import * as WeChatNative from './wechat-native';
const allConnectors: IConnector[] = [
Alipay,
AliyunDM,
AliyunSMS,
Facebook,

1
packages/core/src/connectors/types.ts
View file

@ -68,6 +68,7 @@ export type TemplateType = PasscodeType | 'Test';
export enum ConnectorErrorCodes {
General,
InvalidConfig,
InvalidResponse,
TemplateNotFound,
SocialAuthCodeInvalid,
SocialAccessTokenInvalid,

5
packages/core/src/connectors/utilities/index.ts
View file

@ -1,4 +1,5 @@
import { ArbitraryObject } from '@logto/schemas';
import dayjs from 'dayjs';
import { findConnectorById, updateConnector } from '@/queries/connector';
@ -21,3 +22,7 @@ export const updateConnectorConfig = async <T extends ArbitraryObject>(
const connectorRequestTimeout = 5000;
export const getConnectorRequestTimeout = async (): Promise<number> => connectorRequestTimeout;
export const getFormattedDate = (): string => {
return dayjs().format('YYYY-MM-DD HH:mm:ss');
};

25
packages/core/src/routes/session.test.ts
View file

@ -312,19 +312,28 @@ describe('sessionRoutes', () => {
});
describe('POST /session/sign-in/social', () => {
it('sign-in with social and redirect', async () => {
it('should throw when redirectURI is invalid', async () => {
const response = await sessionRequest.post('/session/sign-in/social').send({
connectorId: 'social_enabled',
state: 'state',
redirectUri: 'logto.dev',
});
expect(response.statusCode).toEqual(400);
});
it('sign-in with social and redirect', async () => {
const response = await sessionRequest.post('/session/sign-in/social').send({
connectorId: 'social_enabled',
state: 'state',
redirectUri: 'https://logto.dev',
});
expect(response.body).toHaveProperty('redirectTo', '');
});
it('throw error when sign-in with social but miss state', async () => {
const response = await sessionRequest.post('/session/sign-in/social').send({
connectorId: 'social_enabled',
redirectUri: 'logto.dev',
redirectUri: 'https://logto.dev',
});
expect(response.statusCode).toEqual(400);
});
@ -341,7 +350,7 @@ describe('sessionRoutes', () => {
const response = await sessionRequest.post('/session/sign-in/social').send({
connectorId: 'social_disabled',
state: 'state',
redirectUri: 'logto.dev',
redirectUri: 'https://logto.dev',
});
expect(response.statusCode).toEqual(400);
});
@ -350,7 +359,7 @@ describe('sessionRoutes', () => {
const response = await sessionRequest.post('/session/sign-in/social').send({
connectorId: 'others',
state: 'state',
redirectUri: 'logto.dev',
redirectUri: 'https://logto.dev',
});
expect(response.statusCode).toEqual(404);
});
@ -359,7 +368,7 @@ describe('sessionRoutes', () => {
const response = await sessionRequest.post('/session/sign-in/social').send({
connectorId: 'connectorId',
state: 'state',
redirectUri: 'logto.dev',
redirectUri: 'https://logto.dev',
code: '123455',
});
expect(response.statusCode).toEqual(500);
@ -369,7 +378,7 @@ describe('sessionRoutes', () => {
const response = await sessionRequest.post('/session/sign-in/social').send({
connectorId: '_connectorId',
state: 'state',
redirectUri: 'logto.dev',
redirectUri: 'https://logto.dev',
code: '123456',
});
expect(response.statusCode).toEqual(422);
@ -379,7 +388,7 @@ describe('sessionRoutes', () => {
const response = await sessionRequest.post('/session/sign-in/social').send({
connectorId: 'connectorId',
state: 'state',
redirectUri: 'logto.dev',
redirectUri: 'https://logto.dev',
code: '123456',
});
expect(updateUserById).toHaveBeenCalledWith(
@ -401,7 +410,7 @@ describe('sessionRoutes', () => {
const response = await sessionRequest.post('/session/sign-in/social').send({
connectorId: '_connectorId_',
state: 'state',
redirectUri: 'logto.dev',
redirectUri: 'https://logto.dev',
code: '123456',
});
expect(interactionResult).toHaveBeenCalledWith(

10
packages/core/src/routes/session.ts
View file

@ -32,7 +32,13 @@ import {
findUserByIdentity,
} from '@/queries/user';
import assertThat from '@/utils/assert-that';
import { emailRegEx, passwordRegEx, phoneRegEx, usernameRegEx } from '@/utils/regex';
import {
redirectUriRegEx,
emailRegEx,
passwordRegEx,
phoneRegEx,
usernameRegEx,
} from '@/utils/regex';
import { AnonymousRouter } from './types';
@ -174,7 +180,7 @@ export default function sessionRoutes<T extends AnonymousRouter>(router: T, prov
connectorId: string(),
code: string().optional(),
state: string(),
redirectUri: string(),
redirectUri: string().regex(redirectUriRegEx),
}),
}),
async (ctx, next) => {

1
packages/core/src/utils/regex.ts
View file

@ -3,4 +3,5 @@ export const phoneRegEx = /^[1-9]\d{10}$/;
export const usernameRegEx = /^.{3,}$/;
export const nameRegEx = /^.{3,}$/;
export const passwordRegEx = /^.{6,}$/;
export const redirectUriRegEx = /^https?:\/\//;
export { hexColorRegEx } from '@logto/schemas';

4
pnpm-lock.yaml generated
View file

@ -172,6 +172,7 @@ importers:
eslint: ^8.10.0
got: ^11.8.2
i18next: ^20.3.5
iconv-lite: 0.6.3
jest: ^27.5.1
jest-matcher-specific-error: ^1.0.0
jose: ^3.14.3
@ -210,6 +211,7 @@ importers:
dotenv: 10.0.0
got: 11.8.3
i18next: 20.6.1
iconv-lite: 0.6.3
jose: 3.20.3
koa: 2.13.4
koa-body: 4.2.0
@ -10816,8 +10818,6 @@ packages:
engines: {node: '>=0.10.0'}
dependencies:
safer-buffer: 2.1.2
dev: true
optional: true
/icss-replace-symbols/1.1.0:
resolution: {integrity: sha1-Bupvg2ead0njhs/h/oEq5dsiPe0=}