stackpress
Version:
Incept is a content management framework.
57 lines (56 loc) • 1.97 kB
JavaScript
import { unauthorized } from '../helpers.js';
export default async function OAuth(req, res, ctx) {
if (res.body || (res.code && res.code !== 200)) {
return;
}
const view = ctx.config.path('view', {});
const brand = ctx.config.path('brand', {});
const { scopes = {}, endpoints = [] } = ctx.config.path('api');
res.data.set('api', { scopes, endpoints });
res.data.set('view', {
base: view.base || '/',
props: view.props || {}
});
res.data.set('brand', {
name: brand.name || 'Stackpress',
logo: brand.logo || '/logo.png',
icon: brand.icon || '/icon.png',
favicon: brand.favicon || '/favicon.ico',
});
const id = req.data('client_id');
const redirect = req.data('redirect_uri');
const state = req.data('state');
if (!id || !redirect) {
return unauthorized(res);
}
const session = await ctx.resolve('me', req);
if (!session.results?.id) {
const redirect = encodeURIComponent(req.url.pathname + req.url.search);
res.redirect(`/auth/signin?redirect_uri=${redirect}`);
return;
}
await ctx.resolve('application-detail', { id }, res);
if (res.code !== 200) {
return unauthorized(res);
}
if (req.method === 'POST') {
const { expires = 1000 * 60 * 60 * 24 } = ctx.config('api') || {};
const response = await ctx.resolve('session-create', {
...req.data(),
applicationId: id,
profileId: session.results.id,
expires: new Date(Date.now() + expires)
});
if (res.code !== 200 || !response.results) {
return;
}
const [uri, query] = redirect.split('?');
const params = new URLSearchParams(query);
params.set('code', response.results.id);
if (state) {
params.set('state', state);
}
res.redirect(`${uri}?${params.toString()}`);
return;
}
}