wieerwill/platform
1
0
Fork 0
mirror of https://github.com/hcengineering/platform.git synced 2025-04-13 03:40:48 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Extra logs for auth providers (#5840)

Browse Source 
Signed-off-by: Denis Bykhov <bykhov.denis@gmail.com>
This commit is contained in:
Denis Bykhov 2024-06-18 10:15:08 +05:00 committed by GitHub
parent d1f6a9de7f
commit 279b04f5b2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 92 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pods/authProviders/src/github.ts
View File

@ -35,6 +35,7 @@ export function registerGithub (
router.get('/auth/github', async (ctx, next) => {
const state = ctx.query?.inviteId
measureCtx.info('try auth via', { provider: 'github' })
passport.authenticate('github', { scope: ['user:email'], session: true, state })(ctx, next)
})
@ -45,6 +46,7 @@ export function registerGithub (
try {
const email = ctx.state.user.emails?.[0]?.value ?? `github:${ctx.state.user.username}`
const [first, last] = ctx.state.user.displayName?.split(' ') ?? [ctx.state.user.username, '']
measureCtx.info('Provider auth handler', { email, type: 'github' })
if (email !== undefined) {
if (ctx.query?.state != null) {
const loginInfo = await joinWithProvider(
@ -71,11 +73,12 @@ export function registerGithub (
ctx.session.loginInfo = loginInfo
}
}
measureCtx.info('Success auth, redirect', { email, type: 'github' })
// Successful authentication, redirect to your application
ctx.redirect(concatLink(frontUrl, '/login/auth'))
}
} catch (err: any) {
measureCtx.error('failed to auth', err)
measureCtx.error('failed to auth', { err, type: 'github', user: ctx.state?.user })
}
await next()
}

5
pods/authProviders/src/google.ts
View File

@ -35,6 +35,7 @@ export function registerGoogle (
router.get('/auth/google', async (ctx, next) => {
const state = ctx.query?.inviteId
measureCtx.info('try auth via', { provider: 'google' })
passport.authenticate('google', { scope: ['profile', 'email'], session: true, state })(ctx, next)
})
@ -45,6 +46,7 @@ export function registerGoogle (
const email = ctx.state.user.emails?.[0]?.value
const first = ctx.state.user.name.givenName
const last = ctx.state.user.name.familyName
measureCtx.info('Provider auth handler', { email, type: 'google' })
if (email !== undefined) {
try {
if (ctx.query?.state != null) {
@ -69,9 +71,10 @@ export function registerGoogle (
}
// Successful authentication, redirect to your application
measureCtx.info('Success auth, redirect', { email, type: 'google' })
ctx.redirect(concatLink(frontUrl, '/login/auth'))
} catch (err: any) {
measureCtx.error('failed to auth', err)
measureCtx.error('failed to auth', { err, type: 'google', user: ctx.state?.user })
}
}
await next()

157
server/account/src/operations.ts
View File

@ -2064,35 +2064,61 @@ export async function joinWithProvider (
inviteId: ObjectId,
extra?: Record<string, string>
): Promise<WorkspaceLoginInfo | LoginInfo> {
const email = cleanEmail(_email)
const invite = await getInvite(db, inviteId)
const workspace = await checkInvite(ctx, invite, email)
if (last == null) {
last = ''
}
let account = await getAccount(db, email)
if (account == null && extra !== undefined) {
account = await getAccountByQuery(db, extra)
}
if (account !== null) {
// we should clean password if account is not confirmed
if (account.confirmed === false) {
await updatePassword(db, account, null)
try {
const email = cleanEmail(_email)
const invite = await getInvite(db, inviteId)
const workspace = await checkInvite(ctx, invite, email)
if (last == null) {
last = ''
}
const token = generateToken(email, getWorkspaceId('', productId), getExtra(account))
const ws = await getWorkspaceById(db, productId, workspace.name)
if (ws?.accounts.includes(account._id) ?? false) {
const result = {
endpoint: getEndpoint(),
email,
token
let account = await getAccount(db, email)
if (account == null && extra !== undefined) {
account = await getAccountByQuery(db, extra)
}
if (account !== null) {
// we should clean password if account is not confirmed
if (account.confirmed === false) {
await updatePassword(db, account, null)
}
const token = generateToken(email, getWorkspaceId('', productId), getExtra(account))
const ws = await getWorkspaceById(db, productId, workspace.name)
if (ws?.accounts.includes(account._id) ?? false) {
const result = {
endpoint: getEndpoint(),
email,
token
}
return result
}
const wsRes = await assignWorkspace(
ctx,
db,
productId,
branding,
email,
workspace.name,
invite?.role ?? AccountRole.User,
invite?.personId
)
const result = await selectWorkspace(
ctx,
db,
productId,
branding,
token,
wsRes.workspaceUrl ?? wsRes.workspace,
false
)
await useInvite(db, inviteId)
return result
}
const wsRes = await assignWorkspace(
const newAccount = await createAcc(ctx, db, productId, branding, email, null, first, last, true, extra)
const token = generateToken(email, getWorkspaceId('', productId), getExtra(newAccount))
const ws = await assignWorkspace(
ctx,
db,
productId,
@ -2102,37 +2128,16 @@ export async function joinWithProvider (
invite?.role ?? AccountRole.User,
invite?.personId
)
const result = await selectWorkspace(
ctx,
db,
productId,
branding,
token,
wsRes.workspaceUrl ?? wsRes.workspace,
false
)
const result = await selectWorkspace(ctx, db, productId, branding, token, ws.workspaceUrl ?? ws.workspace, false)
await useInvite(db, inviteId)
return result
} catch (err: any) {
Analytics.handleError(err)
ctx.error('joinWithProvider error', { email: _email, ...extra, err })
throw err
}
const newAccount = await createAcc(ctx, db, productId, branding, email, null, first, last, true, extra)
const token = generateToken(email, getWorkspaceId('', productId), getExtra(newAccount))
const ws = await assignWorkspace(
ctx,
db,
productId,
branding,
email,
workspace.name,
invite?.role ?? AccountRole.User,
invite?.personId
)
const result = await selectWorkspace(ctx, db, productId, branding, token, ws.workspaceUrl ?? ws.workspace, false)
await useInvite(db, inviteId)
return result
}
export async function loginWithProvider (
@ -2145,34 +2150,40 @@ export async function loginWithProvider (
last: string,
extra?: Record<string, string>
): Promise<LoginInfo> {
const email = cleanEmail(_email)
if (last == null) {
last = ''
}
let account = await getAccount(db, email)
if (account == null && extra !== undefined) {
account = await getAccountByQuery(db, extra)
}
if (account !== null) {
// we should clean password if account is not confirmed
if (account.confirmed === false) {
await updatePassword(db, account, null)
try {
const email = cleanEmail(_email)
if (last == null) {
last = ''
}
let account = await getAccount(db, email)
if (account == null && extra !== undefined) {
account = await getAccountByQuery(db, extra)
}
if (account !== null) {
// we should clean password if account is not confirmed
if (account.confirmed === false) {
await updatePassword(db, account, null)
}
const result = {
endpoint: getEndpoint(),
email,
token: generateToken(email, getWorkspaceId('', productId), getExtra(account))
}
return result
}
const newAccount = await createAcc(ctx, db, productId, branding, email, null, first, last, true, extra)
const result = {
endpoint: getEndpoint(),
email,
token: generateToken(email, getWorkspaceId('', productId), getExtra(account))
token: generateToken(email, getWorkspaceId('', productId), getExtra(newAccount))
}
return result
} catch (err: any) {
Analytics.handleError(err)
ctx.error('loginWithProvider error', { email: _email, ...extra, err })
throw err
}
const newAccount = await createAcc(ctx, db, productId, branding, email, null, first, last, true, extra)
const result = {
endpoint: getEndpoint(),
email,
token: generateToken(email, getWorkspaceId('', productId), getExtra(newAccount))
}
return result
}
/**