From 66808d6d02f2e4fa9455cc882dda68784cab8973 Mon Sep 17 00:00:00 2001 From: Wang Sijie Date: Fri, 11 Feb 2022 15:19:18 +0800 Subject: [PATCH] feat: social sign in (#218) --- packages/core/src/connectors/github/index.ts | 58 ++++++++++++------ packages/core/src/connectors/index.ts | 20 ++++++- packages/core/src/lib/sign-in.ts | 60 +++++++++++++++++++ packages/core/src/middleware/koa-user-log.ts | 1 + packages/core/src/queries/user.ts | 18 ++++++ packages/core/src/routes/session.ts | 12 +++- packages/phrases/src/locales/en.ts | 5 ++ packages/phrases/src/locales/zh-cn.ts | 7 ++- .../schemas/src/db-entries/custom-types.ts | 1 + packages/schemas/tables/user_logs.sql | 2 +- 10 files changed, 160 insertions(+), 24 deletions(-) diff --git a/packages/core/src/connectors/github/index.ts b/packages/core/src/connectors/github/index.ts index 6a2973e87..7d08a3f1c 100644 --- a/packages/core/src/connectors/github/index.ts +++ b/packages/core/src/connectors/github/index.ts @@ -1,7 +1,9 @@ -import got from 'got'; +import got, { RequestError as GotRequestError } from 'got'; import { stringify } from 'query-string'; import { z } from 'zod'; +import RequestError from '@/errors/RequestError'; + import { ConnectorConfigError, ConnectorMetadata, @@ -67,6 +69,7 @@ export const getAccessToken: GetAccessToken = async (code) => { const { clientId: client_id, clientSecret: client_secret } = await getConnectorConfig(metadata.id); + const { access_token: accessToken } = await got .post({ url: accessTokenEndpoint, @@ -78,6 +81,13 @@ export const getAccessToken: GetAccessToken = async (code) => { }) .json(); + if (!accessToken) { + throw new RequestError({ + code: 'connector.oauth_code_invalid', + status: 401, + }); + } + return accessToken; }; @@ -89,23 +99,33 @@ export const getUserInfo: GetUserInfo = async (accessToken: string) => { name: string; }; - const { - id, - avatar_url: avatar, - email, - name, - } = await got - .get(userInfoEndpoint, { - headers: { - authorization: `token ${accessToken}`, - }, - }) - .json(); + try { + const { + id, + avatar_url: avatar, + email, + name, + } = await got + .get(userInfoEndpoint, { + headers: { + authorization: `token ${accessToken}`, + }, + }) + .json(); - return { - id: String(id), - avatar, - email, - name, - }; + return { + id: String(id), + avatar, + email, + name, + }; + } catch (error: unknown) { + if (error instanceof GotRequestError && error.response?.statusCode === 401) { + throw new RequestError({ + code: 'connector.access_token_invalid', + status: 401, + }); + } + throw error; + } }; diff --git a/packages/core/src/connectors/index.ts b/packages/core/src/connectors/index.ts index 0b8484d77..2431107a8 100644 --- a/packages/core/src/connectors/index.ts +++ b/packages/core/src/connectors/index.ts @@ -4,7 +4,7 @@ import { findConnectorById, hasConnector, insertConnector } from '@/queries/conn import * as AliyunDM from './aliyun-dm'; import * as AliyunSMS from './aliyun-sms'; import * as GitHub from './github'; -import { ConnectorInstance, ConnectorType } from './types'; +import { ConnectorInstance, ConnectorType, SocialConector } from './types'; const allConnectors: ConnectorInstance[] = [AliyunDM, AliyunSMS, GitHub]; @@ -34,6 +34,24 @@ export const getConnectorInstanceById = async (id: string): Promise { + return connector.metadata.type === ConnectorType.Social; +}; + +export const getSocialConnectorInstanceById = async (id: string): Promise => { + const connector = await getConnectorInstanceById(id); + + if (!isSocialConnectorInstance(connector)) { + throw new RequestError({ + code: 'entity.not_found', + id, + status: 404, + }); + } + + return connector; +}; + export const getConnectorInstanceByType = async ( type: ConnectorType ): Promise => { diff --git a/packages/core/src/lib/sign-in.ts b/packages/core/src/lib/sign-in.ts index c31ec4796..8197a22bb 100644 --- a/packages/core/src/lib/sign-in.ts +++ b/packages/core/src/lib/sign-in.ts @@ -2,6 +2,7 @@ import { PasscodeType, UserLogType } from '@logto/schemas'; import { Context } from 'koa'; import { Provider } from 'oidc-provider'; +import { getSocialConnectorInstanceById } from '@/connectors'; import RequestError from '@/errors/RequestError'; import { WithUserLogContext } from '@/middleware/koa-user-log'; import { @@ -9,6 +10,8 @@ import { findUserByPhone, hasUserWithEmail, hasUserWithPhone, + hasUserWithIdentity, + findUserByIdentity, } from '@/queries/user'; import assertThat from '@/utils/assert-that'; import { emailRegEx, phoneRegEx } from '@/utils/regex'; @@ -98,3 +101,60 @@ export const signInWithPhoneAndPasscode = async ( await assignSignInResult(ctx, provider, id); }; + +// TODO: change this after frontend is ready. +// Should combine baseUrl(domain) from database with a 'callback' endpoint. +const connectorRedirectUrl = 'https://logto.dev/callback'; + +export const assignRedirectUrlForSocial = async ( + ctx: WithUserLogContext, + connectorId: string, + state: string +) => { + const connector = await getSocialConnectorInstanceById(connectorId); + assertThat(connector.connector?.enabled, 'connector.not_enabled'); + const redirectTo = await connector.getAuthorizationUri(connectorRedirectUrl, state); + ctx.body = { redirectTo }; +}; + +const getConnector = async (connectorId: string) => { + try { + return await getSocialConnectorInstanceById(connectorId); + } catch (error: unknown) { + // Throw a new error with status 422 when connector not found. + if (error instanceof RequestError && error.code === 'entity.not_found') { + throw new RequestError({ + code: 'session.invalid_connector_id', + status: 422, + data: { connectorId }, + }); + } + throw error; + } +}; + +export const signInWithSocial = async ( + ctx: WithUserLogContext, + provider: Provider, + { connectorId, code }: { connectorId: string; code: string } +) => { + ctx.userLog.connectorId = connectorId; + ctx.userLog.type = UserLogType.SignInSocial; + + const connector = await getConnector(connectorId); + const accessToken = await connector.getAccessToken(code); + + const userInfo = await connector.getUserInfo(accessToken); + + assertThat( + await hasUserWithIdentity(connectorId, userInfo.id), + new RequestError({ + code: 'user.identity_not_exists', + status: 422, + }) + ); + + const { id } = await findUserByIdentity(connectorId, userInfo.id); + ctx.userLog.userId = id; + await assignSignInResult(ctx, provider, id); +}; diff --git a/packages/core/src/middleware/koa-user-log.ts b/packages/core/src/middleware/koa-user-log.ts index 7d253e1dc..c8c348aad 100644 --- a/packages/core/src/middleware/koa-user-log.ts +++ b/packages/core/src/middleware/koa-user-log.ts @@ -14,6 +14,7 @@ export interface LogContext { username?: string; email?: string; phone?: string; + connectorId?: string; payload: UserLogPayload; createdAt: number; } diff --git a/packages/core/src/queries/user.ts b/packages/core/src/queries/user.ts index 8b913fe5a..234354edb 100644 --- a/packages/core/src/queries/user.ts +++ b/packages/core/src/queries/user.ts @@ -37,6 +37,15 @@ export const findUserById = async (id: string) => where ${fields.id}=${id} `); +export const findUserByIdentity = async (connectorId: string, userId: string) => + pool.one( + sql` + select ${sql.join(Object.values(fields), sql`,`)} + from ${table} + where ${fields.identities}::json#>>'{${sql.identifier([connectorId])},userId}' = ${userId} + ` + ); + export const hasUser = async (username: string) => pool.exists(sql` select ${fields.id} @@ -65,6 +74,15 @@ export const hasUserWithPhone = async (phone: string) => where ${fields.primaryPhone}=${phone} `); +export const hasUserWithIdentity = async (connectorId: string, userId: string) => + pool.exists( + sql` + select ${fields.id} + from ${table} + where ${fields.identities}::json#>>'{${sql.identifier([connectorId])},userId}' = ${userId} + ` + ); + export const insertUser = buildInsertInto(pool, Users, { returning: true }); export const findAllUsers = async () => diff --git a/packages/core/src/routes/session.ts b/packages/core/src/routes/session.ts index 225a476c4..c7c83fc56 100644 --- a/packages/core/src/routes/session.ts +++ b/packages/core/src/routes/session.ts @@ -10,8 +10,10 @@ import { sendPasscodeToEmail, } from '@/lib/register'; import { + assignRedirectUrlForSocial, sendSignInWithEmailPasscode, sendSignInWithPhonePasscode, + signInWithSocial, signInWithEmailAndPasscode, signInWithPhoneAndPasscode, signInWithUsernameAndPassword, @@ -31,6 +33,8 @@ export default function sessionRoutes(router: T, prov email: string().optional(), phone: string().optional(), code: string().optional(), + connectorId: string().optional(), + state: string().optional(), }), }), async (ctx, next) => { @@ -50,9 +54,13 @@ export default function sessionRoutes(router: T, prov } if (name === 'login') { - const { username, password, email, phone, code } = ctx.guard.body; + const { username, password, email, phone, code, connectorId, state } = ctx.guard.body; - if (email && !code) { + if (connectorId && state && !code) { + await assignRedirectUrlForSocial(ctx, connectorId, state); + } else if (connectorId && code) { + await signInWithSocial(ctx, provider, { connectorId, code }); + } else if (email && !code) { await sendSignInWithEmailPasscode(ctx, jti, email); } else if (email && code) { await signInWithEmailAndPasscode(ctx, provider, { jti, email, code }); diff --git a/packages/phrases/src/locales/en.ts b/packages/phrases/src/locales/en.ts index fe85b1a4c..478d06800 100644 --- a/packages/phrases/src/locales/en.ts +++ b/packages/phrases/src/locales/en.ts @@ -50,6 +50,7 @@ const errors = { invalid_phone: 'Invalid phone number.', email_not_exists: 'The email address has not been registered yet.', phone_not_exists: 'The phone number has not been registered yet.', + identity_not_exists: 'The social account has not been registered yet.', }, password: { unsupported_encryption_method: 'The encryption method {{name}} is not supported.', @@ -59,10 +60,14 @@ const errors = { not_found: 'Session not found. Please go back and sign in again.', invalid_credentials: 'Invalid credentials. Please check your input.', invalid_sign_in_method: 'Current sign-in method is not available.', + invalid_connector_id: 'Unable to find available connector with id {{connectorId}}.', insufficient_info: 'Insufficent sign-in info.', }, connector: { not_found: 'Cannot find any available connector for type: {{type}}.', + not_enabled: 'The connector is not enabled.', + access_token_invalid: "Connector's access token is invalid.", + oauth_code_invalid: 'Unable to get access token, please check authorization code.', }, passcode: { phone_email_empty: 'Both phone and email are empty.', diff --git a/packages/phrases/src/locales/zh-cn.ts b/packages/phrases/src/locales/zh-cn.ts index ba9b4fea0..21a3d7a3d 100644 --- a/packages/phrases/src/locales/zh-cn.ts +++ b/packages/phrases/src/locales/zh-cn.ts @@ -51,6 +51,7 @@ const errors = { invalid_phone: '手机号码不正确。', email_not_exists: '邮箱地址尚未注册。', phone_not_exists: '手机号码尚未注册。', + identity_not_exists: '该社交账号尚未注册。', }, password: { unsupported_encryption_method: '不支持的加密方法 {{name}}。', @@ -61,9 +62,13 @@ const errors = { invalid_credentials: '用户名或密码错误,请检查您的输入。', invalid_sign_in_method: '当前登录方式不可用。', insufficient_info: '登录信息缺失,请检查您的输入。', + invalid_connector_id: '无法找到 ID 为 {{connectorId}} 的可用连接器。', }, connector: { - not_found: '找不到可用的 {{type}} 类型的连接器.', + not_found: '找不到可用的 {{type}} 类型的连接器。', + not_enabled: '连接器尚未启用。', + access_token_invalid: '当前连接器的 access_token 无效。', + oauth_code_invalid: '无法获取 access_token,请检查授权 code 是否有效。', }, passcode: { phone_email_empty: '手机号与邮箱地址均为空。', diff --git a/packages/schemas/src/db-entries/custom-types.ts b/packages/schemas/src/db-entries/custom-types.ts index e81386c82..586aec5ae 100644 --- a/packages/schemas/src/db-entries/custom-types.ts +++ b/packages/schemas/src/db-entries/custom-types.ts @@ -14,6 +14,7 @@ export enum UserLogType { SignInUsernameAndPassword = 'SignInUsernameAndPassword', SignInEmail = 'SignInEmail', SignInSms = 'SignInSms', + SignInSocial = 'SignInSocial', ExchangeAccessToken = 'ExchangeAccessToken', } export enum UserLogResult { diff --git a/packages/schemas/tables/user_logs.sql b/packages/schemas/tables/user_logs.sql index ff4c003e4..8fa021140 100644 --- a/packages/schemas/tables/user_logs.sql +++ b/packages/schemas/tables/user_logs.sql @@ -1,4 +1,4 @@ -create type user_log_type as enum ('SignInUsernameAndPassword', 'SignInEmail', 'SignInSms', 'ExchangeAccessToken'); +create type user_log_type as enum ('SignInUsernameAndPassword', 'SignInEmail', 'SignInSms', 'SignInSocial', 'ExchangeAccessToken'); create type user_log_result as enum ('Success', 'Failed');