sudoxreboot/habitica-self-host
1
0
Fork 0
mirror of https://github.com/sudoxnym/habitica-self-host.git synced 2026-04-15 12:07:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
habitica-self-host/website/server/libs/auth/apple.js

53 lines
1.8 KiB
JavaScript
Raw Normal View History

Sign in with Apple (#11793) * add date check * achievements modal polishing * refresh private-messages page when you are already on it * add countbadge knob to change the example * fix lint * typos * typos * typos * add toggle for achievements categories * typo * fix test * fix edit avatar modal cannot be closed * WIP(settings): subscriber page improvements * WIP(subscriptions): more design build-out * fix(css): disabled button styles * fix(css): better Amazon targeting * fix hide tooltip + align header correctly * disable perfect scroll * load messages on refresh event * fix header label + conversation actions not breaking layout on hover * WIP(g1g1): notif * WIP(g1g1): notif cont'd * fix(test): snowball change * fix(event): feature NYE card * chore(sprites): compile * fix(bgs): include TT required field * add gifting banner to the max height calculation * chore(event): enable winter customizations * WIP(gifting): partial modal implementation * feat(gifting): select giftee modal * fix(gifting): notification order, modal dismiss * Begin implementing sign in with apple # Conflicts: # package-lock.json # website/common/script/constants.js # website/server/libs/auth/social.js # website/server/models/user/schema.js * Add apple sign in button to website * fix lint errors * fix config json * fix(modals): correct some repops * fix(gifting): style updates * fix(buy): modal style changes * fix(modals): also clean out "prev" * Attempt workaround for sign in with apple on android * temporarily log everything as error * refactor(modals): hide in dismiss event * fix temporary test failure * changes to sign in with apple * fix: first batch of layout issues for private messages + auto sizing textarea * fix(modals): new dismiss logic * fix(modals): new dismiss no go?? * Only use email scope * print debugging * . * .. * ... * username second line - open profile on face-avatar/conversation name - fix textarea height * temporarily disable apple auth and just return data for debugging * Hopefully this works * ..... * WIP(subscription): unsubscribed state * . * .. * MAYBE THIS ACTUALLY WORKS??? * Implement apple sign in * fix some urls * fix urls * fix redirect and auth * attempt to also request name * fix lint error * WIP(subscription): partial subscribed * chore(sprites): compile * Change approach so that it actually works * fix config error * fix lint errors * Fix * fix lint error * lint error * WIP(subscription): finish subscribed * refresh on sync * new "you dont have any messages" style + changed min textarea height * new conversationItem style / layout * reset message unread on reload * chore(npm): update package-locks * fix styles / textarea height * feat(subscription): revised sub page RC * list optOut / chatRevoked informations for each conversation + show why its disabled * Improve apple redirect view * Fix apple icon on group task registration page * WIP(adventure): prereqs * Block / Unblock - correct disabled states - $gray-200 instead of 300/400 * canReceive not checking chatRevoked * fix: faceAvatar / userLink open the selected conversation user * check if the target user is blocking the logged-in user * fix(subs): style tweaks * fix(profiles): short circuit contributor Attempted fix for #11830 * chore(sprites): compile * fix(content): missing potion data * fix(content): missing string * WIP(drops): new modal * fix(subs): moar style tweaks * check if blocks is undefined * max-height instead of height * fix "no messages" state + canReceive on a new conversation * WIP(adventure): analytics fixes etc * Improve apple signin handling * fixed conversations width (280px on max 768 width page) * feat(adventure): random egg+potion on 2nd task * fix(lint): noworkies * fix(modal): correctly construct classes * fix(tests): expectations and escape * Fix typo * use base url from env variables * fix lint * call autosize after message is sent * fix urls * always verify token * throw error when social auth could not retrieve id * Store emails correctly for apple auth * Retrieve name when authenticating through apple * Fix lint errors * fix all lint errors * fix(content): missing strings * Revert "always verify token" This reverts commit 8ac40c76bfa880f68fa3ce350a86ce2151b9cf95. # Conflicts: # website/server/libs/auth/social.js * Correctly load name * remove extra changes * remove extra logger call * reset package and package-lock * add back missing packages * use name from apple * add support for multiple apple public keys * add some unit and integration tests * add apple auth integration test * tweak social signup buttons * pixel pushing Co-authored-by: Matteo Pagliazzi <matteopagliazzi@gmail.com> Co-authored-by: Sabe Jones <sabrecat@gmail.com> Co-authored-by: negue <eugen.bolz@gmail.com> Co-authored-by: Phillip Thelen <phillip@habitica.com>
2020-04-08 16:44:30 +00:00
import AppleAuth from 'apple-auth';
import nconf from 'nconf';
import jwt from 'jsonwebtoken';
import jwksClient from 'jwks-rsa';
import util from 'util';
const APPLE_PRIVATE_KEY = nconf.get('APPLE_AUTH_PRIVATE_KEY');
const APPLE_AUTH_CLIENT_ID = nconf.get('APPLE_AUTH_CLIENT_ID');
const APPLE_TEAM_ID = nconf.get('APPLE_TEAM_ID');
const APPLE_AUTH_KEY_ID = nconf.get('APPLE_AUTH_KEY_ID');
const BASE_URL = nconf.get('BASE_URL');
const appleAuth = new AppleAuth(JSON.stringify({
client_id: APPLE_AUTH_CLIENT_ID, // eslint-disable-line camelcase
team_id: APPLE_TEAM_ID, // eslint-disable-line camelcase
key_id: APPLE_AUTH_KEY_ID, // eslint-disable-line camelcase
redirect_uri: `${BASE_URL}/api/v4/user/auth/apple`, // eslint-disable-line camelcase
scope: 'name email',
}), APPLE_PRIVATE_KEY, 'text');
const APPLE_PUBLIC_KEYS_URL = 'https://appleid.apple.com/auth/keys';
const appleJwksClient = jwksClient({
jwksUri: APPLE_PUBLIC_KEYS_URL,
});
const getAppleSigningKey = util.promisify(appleJwksClient.getSigningKey);
export async function appleProfile (req) {
const code = req.body.code ? req.body.code : req.query.code;
const passedToken = req.body.id_token ? req.body.id_token : req.query.id_token;
let idToken;
if (code) {
const response = await appleAuth.accessToken(code);
idToken = response.id_token;
} else if (passedToken) {
idToken = passedToken;
}
const decodedToken = jwt.decode(idToken, { complete: true });
const signingKey = await getAppleSigningKey(decodedToken.header.kid);
const applePublicKey = signingKey.getPublicKey();
const verifiedPayload = await jwt.verify(idToken, applePublicKey, { algorithms: 'RS256' });
return {
id: verifiedPayload.sub,
emails: [{ value: verifiedPayload.email }],
name: verifiedPayload.name || req.body.name || req.query.name,
};
}
Reference in a new issue Copy permalink