Skip to content

Commit

Permalink
feat: Disable Registration with social login (danny-avila#813)
Browse files Browse the repository at this point in the history 
* Google, Github and Discord

* update .env.example with ALLOW_SOCIAL_REGISTRATION

* fix some conflict

* refactor strategy

* Update user_auth_system.md

* Update user_auth_system.md
  • Loading branch information
@berry-13
berry-13 authored Aug 18, 2023
1 parent 46ed5aa commit c40b95f
Show file tree
Hide file tree
Showing 8 changed files with 249 additions and 221 deletions.
3 changes: 3 additions & 0 deletions .env.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -203,6 +203,9 @@ ALLOW_REGISTRATION=true
# Allow Social Registration
ALLOW_SOCIAL_LOGIN=false

# Allow Social Registration (WORKS ONLY for Google, Github, Discord)
ALLOW_SOCIAL_REGISTRATION=false

# JWT Secrets
JWT_SECRET=secret
JWT_REFRESH_SECRET=secret
Expand Down
59 changes: 31 additions & 28 deletions api/server/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,34 +49,37 @@ config.validate(); // Validate the config
app.use(passport.initialize());
passport.use(await jwtLogin());
passport.use(await passportLogin());
if (process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET) {
passport.use(await googleLogin());
}
if (process.env.FACEBOOK_CLIENT_ID && process.env.FACEBOOK_CLIENT_SECRET) {
passport.use(await facebookLogin());
}
if (process.env.GITHUB_CLIENT_ID && process.env.GITHUB_CLIENT_SECRET) {
passport.use(await githubLogin());
}
if (process.env.DISCORD_CLIENT_ID && process.env.DISCORD_CLIENT_SECRET) {
passport.use(await discordLogin());
}
if (
process.env.OPENID_CLIENT_ID &&
process.env.OPENID_CLIENT_SECRET &&
process.env.OPENID_ISSUER &&
process.env.OPENID_SCOPE &&
process.env.OPENID_SESSION_SECRET
) {
app.use(
session({
secret: process.env.OPENID_SESSION_SECRET,
resave: false,
saveUninitialized: false,
}),
);
app.use(passport.session());
await setupOpenId();

if (process.env.ALLOW_SOCIAL_LOGIN === 'true') {
if (process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET) {
passport.use(await googleLogin());
}
if (process.env.FACEBOOK_CLIENT_ID && process.env.FACEBOOK_CLIENT_SECRET) {
passport.use(await facebookLogin());
}
if (process.env.GITHUB_CLIENT_ID && process.env.GITHUB_CLIENT_SECRET) {
passport.use(await githubLogin());
}
if (process.env.DISCORD_CLIENT_ID && process.env.DISCORD_CLIENT_SECRET) {
passport.use(await discordLogin());
}
if (
process.env.OPENID_CLIENT_ID &&
process.env.OPENID_CLIENT_SECRET &&
process.env.OPENID_ISSUER &&
process.env.OPENID_SCOPE &&
process.env.OPENID_SESSION_SECRET
) {
app.use(
session({
secret: process.env.OPENID_SESSION_SECRET,
resave: false,
saveUninitialized: false,
}),
);
app.use(passport.session());
await setupOpenId();
}
}
app.use('/oauth', routes.oauth);
// api endpoint
Expand Down
89 changes: 48 additions & 41 deletions api/strategies/discordStrategy.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,51 +3,58 @@ const User = require('../models/User');
const config = require('../../config/loader');
const domains = config.domains;

const discordLogin = async () =>
const discordLogin = async (accessToken, refreshToken, profile, cb) => {
try {
const email = profile.email;
const discordId = profile.id;
const oldUser = await User.findOne({
email,
});
const ALLOW_SOCIAL_REGISTRATION =
process.env.ALLOW_SOCIAL_REGISTRATION?.toLowerCase() === 'true';
let avatarURL;
if (profile.avatar) {
const format = profile.avatar.startsWith('a_') ? 'gif' : 'png';
avatarURL = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`;
} else {
const defaultAvatarNum = Number(profile.discriminator) % 5;
avatarURL = `https://cdn.discordapp.com/embed/avatars/${defaultAvatarNum}.png`;
}

if (oldUser) {
oldUser.avatar = avatarURL;
await oldUser.save();
return cb(null, oldUser);
} else if (ALLOW_SOCIAL_REGISTRATION) {
const newUser = await new User({
provider: 'discord',
discordId,
username: profile.username,
email,
name: profile.global_name,
avatar: avatarURL,
}).save();

return cb(null, newUser);
}

return cb(null, false, {
message: 'User not found.',
});
} catch (err) {
console.error(err);
return cb(err);
}
};

module.exports = () =>
new DiscordStrategy(
{
clientID: process.env.DISCORD_CLIENT_ID,
clientSecret: process.env.DISCORD_CLIENT_SECRET,
callbackURL: `${domains.server}${process.env.DISCORD_CALLBACK_URL}`,
scope: ['identify', 'email'], // Request scopes
authorizationURL: 'https://discord.com/api/oauth2/authorize?prompt=none', // Add the prompt query parameter
},
async (accessToken, refreshToken, profile, cb) => {
try {
const email = profile.email;
const discordId = profile.id;

let avatarURL;
if (profile.avatar) {
const format = profile.avatar.startsWith('a_') ? 'gif' : 'png';
avatarURL = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`;
} else {
const defaultAvatarNum = Number(profile.discriminator) % 5;
avatarURL = `https://cdn.discordapp.com/embed/avatars/${defaultAvatarNum}.png`;
}

const oldUser = await User.findOne({ email });
if (oldUser) {
oldUser.avatar = avatarURL;
await oldUser.save();
return cb(null, oldUser);
}

const newUser = await User.create({
provider: 'discord',
discordId,
username: profile.username,
email,
name: profile.global_name,
avatar: avatarURL,
});

cb(null, newUser);
} catch (err) {
console.error(err);
cb(err);
}
scope: ['identify', 'email'],
authorizationURL: 'https://discord.com/api/oauth2/authorize?prompt=none',
},
discordLogin,
);

module.exports = discordLogin;
72 changes: 39 additions & 33 deletions api/strategies/facebookStrategy.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,44 @@ const User = require('../models/User');
const config = require('../../config/loader');
const domains = config.domains;

// facebook strategy
const facebookLogin = async () =>
const facebookLogin = async (accessToken, refreshToken, profile, cb) => {
try {
console.log('facebookLogin => profile', profile);
const email = profile.emails[0].value;
const facebookId = profile.id;
const oldUser = await User.findOne({
email,
});
const ALLOW_SOCIAL_REGISTRATION =
process.env.ALLOW_SOCIAL_REGISTRATION?.toLowerCase() === 'true';

if (oldUser) {
oldUser.avatar = profile.photos[0].value;
await oldUser.save();
return cb(null, oldUser);
} else if (ALLOW_SOCIAL_REGISTRATION) {
const newUser = await new User({
provider: 'facebook',
facebookId,
username: profile.name.givenName + profile.name.familyName,
email,
name: profile.displayName,
avatar: profile.photos[0].value,
}).save();

return cb(null, newUser);
}

return cb(null, false, {
message: 'User not found.',
});
} catch (err) {
console.error(err);
return cb(err);
}
};

module.exports = () =>
new FacebookStrategy(
{
clientID: process.env.FACEBOOK_APP_ID,
Expand All @@ -25,35 +61,5 @@ const facebookLogin = async () =>
// 'picture.type(large)'
// ]
},
async (accessToken, refreshToken, profile, done) => {
console.log('facebookLogin => profile', profile);
try {
const oldUser = await User.findOne({ email: profile.emails[0].value });

if (oldUser) {
console.log('FACEBOOK LOGIN => found user', oldUser);
return done(null, oldUser);
}
} catch (err) {
console.log(err);
}

// register user
try {
const newUser = await new User({
provider: 'facebook',
facebookId: profile.id,
username: profile.name.givenName + profile.name.familyName,
email: profile.emails[0].value,
name: profile.displayName,
avatar: profile.photos[0].value,
}).save();

done(null, newUser);
} catch (err) {
console.log(err);
}
},
facebookLogin,
);

module.exports = facebookLogin;
72 changes: 36 additions & 36 deletions api/strategies/githubStrategy.js
View file
Original file line number Diff line number Diff line change
@@ -1,49 +1,49 @@
const { Strategy: GitHubStrategy } = require('passport-github2');
const User = require('../models/User');
const config = require('../../config/loader');
const domains = config.domains;

const User = require('../models/User');
const githubLogin = async (accessToken, refreshToken, profile, cb) => {
try {
const email = profile.emails[0].value;
const githubId = profile.id;
const oldUser = await User.findOne({ email });
const ALLOW_SOCIAL_REGISTRATION =
process.env.ALLOW_SOCIAL_REGISTRATION?.toLowerCase() === 'true';

if (oldUser) {
oldUser.avatar = profile.photos[0].value;
await oldUser.save();
return cb(null, oldUser);
} else if (ALLOW_SOCIAL_REGISTRATION) {
const newUser = await new User({
provider: 'github',
githubId,
username: profile.username,
email,
emailVerified: profile.emails[0].verified,
name: profile.displayName,
avatar: profile.photos[0].value,
}).save();

return cb(null, newUser);
}

return cb(null, false, { message: 'User not found.' });
} catch (err) {
console.error(err);
return cb(err);
}
};

// GitHub strategy
const githubLogin = async () =>
module.exports = () =>
new GitHubStrategy(
{
clientID: process.env.GITHUB_CLIENT_ID,
clientSecret: process.env.GITHUB_CLIENT_SECRET,
callbackURL: `${domains.server}${process.env.GITHUB_CALLBACK_URL}`,
proxy: false,
scope: ['user:email'], // Request email scope
},
async (accessToken, refreshToken, profile, cb) => {
try {
let email;
if (profile.emails && profile.emails.length > 0) {
email = profile.emails[0].value;
}

const oldUser = await User.findOne({ email });
if (oldUser) {
oldUser.avatar = profile.photos[0].value;
await oldUser.save();
return cb(null, oldUser);
}

const newUser = await new User({
provider: 'github',
githubId: profile.id,
username: profile.username,
email,
emailVerified: profile.emails[0].verified,
name: profile.displayName,
avatar: profile.photos[0].value,
}).save();

cb(null, newUser);
} catch (err) {
console.error(err);
cb(err);
}
scope: ['user:email'],
},
githubLogin,
);

module.exports = githubLogin;
Loading

0 comments on commit c40b95f

Please sign in to comment.