fix: only use oauth redirects and add website to app registration details

2022-11-29 22:55:53 +00:00 · 2022-11-29 22:55:53 +00:00 · 81732a4a8c
commit 81732a4a8c
parent 98a647f8ca
3 changed files with 27 additions and 19 deletions
--- a/server/api/[server]/login.ts
+++ b/server/api/[server]/login.ts
@ -1,19 +1,21 @@
 import { stringifyQuery } from 'ufo'
-import { HOST_URL, getApp } from '~/server/shared'
+import { getApp, getRedirectURI } from '~/server/shared'

 export default defineEventHandler(async (event) => {
-  const server = event.context.params.server
+  const { server } = getRouterParams(event)
  const app = await getApp(server)

  if (!app) {
-    event.node.res.statusCode = 400
-    return `App not registered for server: ${server}`
+    throw createError({
+      statusCode: 400,
+      statusMessage: `App not registered for server: ${server}`,
+    })
  }

  const query = stringifyQuery({
    client_id: app.client_id,
    scope: 'read write follow push',
-    redirect_uri: `${HOST_URL}/api/${server}/oauth`,
+    redirect_uri: getRedirectURI(server),
    response_type: 'code',
  })
  const url = `https://${server}/oauth/authorize?${query}`
--- a/server/api/[server]/oauth.ts
+++ b/server/api/[server]/oauth.ts
@ -1,29 +1,37 @@
 import { stringifyQuery } from 'vue-router'
-import { HOST_URL, getApp } from '~/server/shared'
+import { getApp, getRedirectURI } from '~/server/shared'

 export default defineEventHandler(async (event) => {
-  const server = event.context.params.server
+  const { server } = getRouterParams(event)
  const app = await getApp(server)

  if (!app) {
-    event.node.res.statusCode = 400
-    return `App not registered for server: ${server}`
+    throw createError({
+      statusCode: 400,
+      statusMessage: `App not registered for server: ${server}`,
+    })
  }

  const { code } = getQuery(event)
+  if (!code) {
+    throw createError({
+      statusCode: 422,
+      statusMessage: 'Missing authentication code.',
+    })
+  }

  const result: any = await $fetch(`https://${server}/oauth/token`, {
    method: 'POST',
    body: {
      client_id: app.client_id,
      client_secret: app.client_secret,
-      redirect_uri: `${HOST_URL}/api/${server}/oauth`,
+      redirect_uri: getRedirectURI(server),
      grant_type: 'authorization_code',
      code,
      scope: 'read write follow push',
    },
  })

-  const url = `${HOST_URL}/signin/callback?${stringifyQuery({ server, token: result.access_token })}`
+  const url = `/signin/callback?${stringifyQuery({ server, token: result.access_token })}`
  await sendRedirect(event, url, 302)
 })