UNPKG

payload-oauth2

Version:

OAuth2 plugin for Payload CMS

github.com/WilsonLe/payload-oauth2

WilsonLe/payload-oauth2

93 lines 4.52 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
import crypto from "crypto"; import { jwtVerify } from "jose"; import { parseCookies, } from "payload"; export const createAuthStrategy = (pluginOptions, subFieldName) => { const authStrategy = { name: pluginOptions.strategyName, authenticate: async ({ headers, payload }) => { try { const cookie = parseCookies(headers); const token = cookie.get(`${payload.config.cookiePrefix}-token`); if (!token) return { user: null }; let jwtUser = null; try { const secret = crypto .createHash("sha256") .update(payload.config.secret) .digest("hex") .slice(0, 32); const { payload: verifiedPayload } = await jwtVerify(token, new TextEncoder().encode(secret), { algorithms: ["HS256"] }); jwtUser = verifiedPayload; } catch (e) { // Handle token expiration if (e.code === "ERR_JWT_EXPIRED") return { user: null }; throw e; } if (!jwtUser) return { user: null }; // Find the user by email from the verified jwt token // coerce userCollection to CollectionSlug because it is already checked // in `modify-auth-collection.ts` that it is a valud collection slug const userCollection = ((typeof jwtUser.collection === "string" && jwtUser.collection) || pluginOptions.authCollection || "users"); let user = null; if (pluginOptions.useEmailAsIdentity) { if (!jwtUser.email || typeof jwtUser.email !== "string") { payload.logger.warn("Using email as identity but no email is found in jwt token"); return { user: null }; } const usersQuery = await payload.find({ collection: userCollection, where: { email: { equals: jwtUser.email } }, }); if (usersQuery.docs.length === 0) { // coerce to User because `userCollection` is a valid auth collection, checked by `modify-auth-collection.ts` already user = (await payload.create({ collection: userCollection, data: jwtUser, })); } else { // coerce to User because payload warns that some collection may not have property `collection` - i.e. `PayloadMigration; user = usersQuery.docs[0]; } } else { if (typeof jwtUser[subFieldName] !== "string") { payload.logger.warn(`No ${subFieldName} found in jwt token. Make sure the jwt token contains the ${subFieldName} field`); return { user: null }; } const usersQuery = await payload.find({ collection: userCollection, where: { [subFieldName]: { equals: jwtUser[subFieldName] } }, }); if (usersQuery.docs.length === 0) { // coerce to User because payload warns that some collection may not have property `collection` - i.e. `PayloadMigration; user = (await payload.create({ collection: userCollection, data: jwtUser, })); } else { // coerce to User because payload warns that some collection may not have property `collection` - i.e. `PayloadMigration; user = usersQuery.docs[0]; } } user.collection = userCollection; // Return the user object return { user }; } catch (e) { payload.logger.error(e); return { user: null }; } }, }; return authStrategy; }; //# sourceMappingURL=auth-strategy.js.map