Add support for OAuth 2.0 State

thgh · Aug 1, 2024 · 291ba05 · 291ba05
1 parent 7f4f70c
commit 291ba05
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 17 deletions.
diff --git a/package.json b/package.json
@@ -8,7 +8,7 @@
     "clean": "rm -rf dist",
     "build": "tsc",
     "fix": "npx prettier src --write",
-    "prepare": "yarn fix && yarn clean && yarn build",
+    "prepare": "npm run fix && npm run clean && npm run build",
     "test": "vitest"
   },
   "exports": {

diff --git a/src/index.ts b/src/index.ts
@@ -1,24 +1,24 @@
 import { str62 } from '@bothrs/util/random'
 import MongoStore from 'connect-mongo'
+import debug from 'debug'
 import session from 'express-session'
 import jwt from 'jsonwebtoken'
 import passport from 'passport'
 import OAuth2Strategy, { VerifyCallback } from 'passport-oauth2'
-import debug from 'debug'
 import payload from 'payload'
 import { Config } from 'payload/config'
+import { PaginatedDocs } from 'payload/dist/database/types'
 import {
   Field,
   fieldAffectsData,
   fieldHasSubFields,
 } from 'payload/dist/fields/config/types'
-import { PaginatedDocs } from 'payload/dist/database/types'
 import getCookieExpiration from 'payload/dist/utilities/getCookieExpiration'
 import { TextField } from 'payload/types'
 
+import { createElement } from 'react'
 import OAuthButton from './OAuthButton'
 import type { oAuthPluginOptions } from './types'
-import { createElement } from 'react'
 
 export { OAuthButton, oAuthPluginOptions }
 
@@ -132,6 +132,19 @@ function oAuthPluginServer(
   const sub = options.subField?.name || 'sub'
   const oAuthStrategyCount = (incoming.custom?.oAuthStrategyCount || 0) + 1
   const strategyName = `oauth2-${oAuthStrategyCount}`
+  const sessionMiddleware = session(
+    options.sessionOptions ?? {
+      resave: false,
+      saveUninitialized: false,
+      secret:
+        process.env.PAYLOAD_SECRET ||
+        log('Missing process.env.PAYLOAD_SECRET') ||
+        'unsafe',
+      store: options.databaseUri
+        ? MongoStore.create({ mongoUrl: options.databaseUri })
+        : undefined,
+    }
+  )
 
   if (options.clientID) {
     // Validate paths, they must be unique
@@ -252,6 +265,12 @@ function oAuthPluginServer(
       },
     },
     endpoints: (incoming.endpoints || []).concat([
+      {
+        path: authorizePath,
+        method: 'get',
+        root: true,
+        handler: sessionMiddleware,
+      },
       {
         path: authorizePath,
         method: 'get',
@@ -262,19 +281,7 @@ function oAuthPluginServer(
         path: callbackPath,
         method: 'get',
         root: true,
-        handler: session(
-          options.sessionOptions ?? {
-            resave: false,
-            saveUninitialized: false,
-            secret:
-              process.env.PAYLOAD_SECRET ||
-              log('Missing process.env.PAYLOAD_SECRET') ||
-              'unsafe',
-            store: options.databaseUri
-              ? MongoStore.create({ mongoUrl: options.databaseUri })
-              : undefined,
-          }
-        ),
+        handler: sessionMiddleware,
       },
       {
         path: callbackPath,