mirror of
https://github.com/danny-avila/LibreChat.git
synced 2025-09-22 08:12:00 +02:00
e1a6268904
* implemented Apple Auth login. Closes: #3438 TODO: - write config Doc * removed some comments * removed comment * Add unit tests for Apple login strategy Introduce comprehensive tests for the Apple login strategy, covering new user creation, existing user updates, and error handling scenarios during the authentication flow. Mocks implemented for external dependencies to ensure isolated testing. * Remove unnecessary blank line in socialLogins.js
167 lines
3.3 KiB
JavaScript
167 lines
3.3 KiB
JavaScript
// file deepcode ignore NoRateLimitingForLogin: Rate limiting is handled by the `loginLimiter` middleware
|
|
const express = require('express');
|
|
const passport = require('passport');
|
|
const { loginLimiter, checkBan, checkDomainAllowed } = require('~/server/middleware');
|
|
const { setAuthTokens } = require('~/server/services/AuthService');
|
|
const { logger } = require('~/config');
|
|
|
|
const router = express.Router();
|
|
|
|
const domains = {
|
|
client: process.env.DOMAIN_CLIENT,
|
|
server: process.env.DOMAIN_SERVER,
|
|
};
|
|
|
|
router.use(loginLimiter);
|
|
|
|
const oauthHandler = async (req, res) => {
|
|
try {
|
|
await checkDomainAllowed(req, res);
|
|
await checkBan(req, res);
|
|
if (req.banned) {
|
|
return;
|
|
}
|
|
await setAuthTokens(req.user._id, res);
|
|
res.redirect(domains.client);
|
|
} catch (err) {
|
|
logger.error('Error in setting authentication tokens:', err);
|
|
}
|
|
};
|
|
|
|
router.get('/error', (req, res) => {
|
|
// A single error message is pushed by passport when authentication fails.
|
|
logger.error('Error in OAuth authentication:', { message: req.session.messages.pop() });
|
|
res.redirect(`${domains.client}/login`);
|
|
});
|
|
|
|
/**
|
|
* Google Routes
|
|
*/
|
|
router.get(
|
|
'/google',
|
|
passport.authenticate('google', {
|
|
scope: ['openid', 'profile', 'email'],
|
|
session: false,
|
|
}),
|
|
);
|
|
|
|
router.get(
|
|
'/google/callback',
|
|
passport.authenticate('google', {
|
|
failureRedirect: `${domains.client}/oauth/error`,
|
|
failureMessage: true,
|
|
session: false,
|
|
scope: ['openid', 'profile', 'email'],
|
|
}),
|
|
oauthHandler,
|
|
);
|
|
|
|
/**
|
|
* Facebook Routes
|
|
*/
|
|
router.get(
|
|
'/facebook',
|
|
passport.authenticate('facebook', {
|
|
scope: ['public_profile'],
|
|
profileFields: ['id', 'email', 'name'],
|
|
session: false,
|
|
}),
|
|
);
|
|
|
|
router.get(
|
|
'/facebook/callback',
|
|
passport.authenticate('facebook', {
|
|
failureRedirect: `${domains.client}/oauth/error`,
|
|
failureMessage: true,
|
|
session: false,
|
|
scope: ['public_profile'],
|
|
profileFields: ['id', 'email', 'name'],
|
|
}),
|
|
oauthHandler,
|
|
);
|
|
|
|
/**
|
|
* OpenID Routes
|
|
*/
|
|
router.get(
|
|
'/openid',
|
|
passport.authenticate('openid', {
|
|
session: false,
|
|
}),
|
|
);
|
|
|
|
router.get(
|
|
'/openid/callback',
|
|
passport.authenticate('openid', {
|
|
failureRedirect: `${domains.client}/oauth/error`,
|
|
failureMessage: true,
|
|
session: false,
|
|
}),
|
|
oauthHandler,
|
|
);
|
|
|
|
/**
|
|
* GitHub Routes
|
|
*/
|
|
router.get(
|
|
'/github',
|
|
passport.authenticate('github', {
|
|
scope: ['user:email', 'read:user'],
|
|
session: false,
|
|
}),
|
|
);
|
|
|
|
router.get(
|
|
'/github/callback',
|
|
passport.authenticate('github', {
|
|
failureRedirect: `${domains.client}/oauth/error`,
|
|
failureMessage: true,
|
|
session: false,
|
|
scope: ['user:email', 'read:user'],
|
|
}),
|
|
oauthHandler,
|
|
);
|
|
|
|
/**
|
|
* Discord Routes
|
|
*/
|
|
router.get(
|
|
'/discord',
|
|
passport.authenticate('discord', {
|
|
scope: ['identify', 'email'],
|
|
session: false,
|
|
}),
|
|
);
|
|
|
|
router.get(
|
|
'/discord/callback',
|
|
passport.authenticate('discord', {
|
|
failureRedirect: `${domains.client}/oauth/error`,
|
|
failureMessage: true,
|
|
session: false,
|
|
scope: ['identify', 'email'],
|
|
}),
|
|
oauthHandler,
|
|
);
|
|
|
|
/**
|
|
* Apple Routes
|
|
*/
|
|
router.get(
|
|
'/apple',
|
|
passport.authenticate('apple', {
|
|
session: false,
|
|
}),
|
|
);
|
|
|
|
router.post(
|
|
'/apple/callback',
|
|
passport.authenticate('apple', {
|
|
failureRedirect: `${domains.client}/oauth/error`,
|
|
failureMessage: true,
|
|
session: false,
|
|
}),
|
|
oauthHandler,
|
|
);
|
|
|
|
module.exports = router;
|