🔒refactor: social login and remove direct user model access in strategies (#2946)

* refactor: checking `ALLOW_SOCIAL_REGISTRATION` with `isEnabled` * feat: Add findUserByEmail function to UserService This commit adds a new function, , to the module. This function retrieves a user document from the database based on the provided email. It returns the user document if found, otherwise it returns null. If there is a problem during user retrieval, an error is thrown. * refactor: add socialLogin to remove repetitive code
2025-09-22 08:12:00 +02:00 · 2024-06-06 19:23:11 +02:00 · 2024-06-06 19:23:11 +02:00 · b7fef6958b
commit b7fef6958b
parent 5452d4c20c
6 changed files with 104 additions and 143 deletions
--- a/api/strategies/discordStrategy.js
+++ b/api/strategies/discordStrategy.js
@ -1,50 +1,27 @@
 const { Strategy: DiscordStrategy } = require('passport-discord');
-const { createNewUser, handleExistingUser } = require('./process');
-const { logger } = require('~/config');
-const User = require('~/models/User');
+const socialLogin = require('./socialLogin');

-const discordLogin = async (accessToken, refreshToken, profile, cb) => {
-  try {
-    const email = profile.email;
-    const discordId = profile.id;
-
-    // TODO: remove direct access of User model
-    const oldUser = await User.findOne({ email });
-    const ALLOW_SOCIAL_REGISTRATION =
-      process.env.ALLOW_SOCIAL_REGISTRATION?.toLowerCase() === 'true';
-    let avatarUrl;
-
-    if (profile.avatar) {
-      const format = profile.avatar.startsWith('a_') ? 'gif' : 'png';
-      avatarUrl = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`;
-    } else {
-      const defaultAvatarNum = Number(profile.discriminator) % 5;
-      avatarUrl = `https://cdn.discordapp.com/embed/avatars/${defaultAvatarNum}.png`;
-    }
-
-    if (oldUser) {
-      await handleExistingUser(oldUser, avatarUrl);
-      return cb(null, oldUser);
-    }
-
-    if (ALLOW_SOCIAL_REGISTRATION) {
-      const newUser = await createNewUser({
-        email,
-        avatarUrl,
-        provider: 'discord',
-        providerKey: 'discordId',
-        providerId: discordId,
-        username: profile.username,
-        name: profile.global_name,
-      });
-      return cb(null, newUser);
-    }
-  } catch (err) {
-    logger.error('[discordLogin]', err);
-    return cb(err);
+const getProfileDetails = (profile) => {
+  let avatarUrl;
+  if (profile.avatar) {
+    const format = profile.avatar.startsWith('a_') ? 'gif' : 'png';
+    avatarUrl = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`;
+  } else {
+    const defaultAvatarNum = Number(profile.discriminator) % 5;
+    avatarUrl = `https://cdn.discordapp.com/embed/avatars/${defaultAvatarNum}.png`;
  }
+
+  return {
+    email: profile.email,
+    id: profile.id,
+    avatarUrl,
+    username: profile.username,
+    name: profile.global_name,
+  };
 };

+const discordLogin = socialLogin('discord', getProfileDetails);
+
 module.exports = () =>
  new DiscordStrategy(
    {