feat(api): allow client to signin/signout (#51679)
parent
d226f8634f
commit
a23a92fb8a
|
@ -30,7 +30,11 @@ import mailer from './plugins/mailer';
|
|||
import redirectWithMessage from './plugins/redirect-with-message';
|
||||
import security from './plugins/security';
|
||||
import sessionAuth from './plugins/session-auth';
|
||||
import { auth0Routes, devLoginCallback } from './routes/auth';
|
||||
import {
|
||||
auth0Routes,
|
||||
devLoginCallback,
|
||||
devLegacyAuthRoutes
|
||||
} from './routes/auth';
|
||||
import { challengeRoutes } from './routes/challenge';
|
||||
import { deprecatedEndpoints } from './routes/deprecated-endpoints';
|
||||
import { unsubscribeDeprecated } from './routes/deprecated-unsubscribe';
|
||||
|
@ -208,6 +212,7 @@ export const build = async (
|
|||
void fastify.register(auth0Routes, { prefix: '/auth' });
|
||||
if (FCC_ENABLE_DEV_LOGIN_MODE) {
|
||||
void fastify.register(devLoginCallback, { prefix: '/auth' });
|
||||
void fastify.register(devLegacyAuthRoutes);
|
||||
}
|
||||
void fastify.register(challengeRoutes);
|
||||
void fastify.register(settingRoutes);
|
||||
|
|
|
@ -5,7 +5,7 @@ import {
|
|||
} from 'fastify';
|
||||
|
||||
import { defaultUser } from '../utils/default-user';
|
||||
import { AUTH0_DOMAIN } from '../utils/env';
|
||||
import { AUTH0_DOMAIN, HOME_LOCATION } from '../utils/env';
|
||||
|
||||
declare module 'fastify' {
|
||||
interface Session {
|
||||
|
@ -53,7 +53,7 @@ const findOrCreateUser = async (fastify: FastifyInstance, email: string) => {
|
|||
* user.
|
||||
*
|
||||
* @param fastify The Fastify instance.
|
||||
* @param _options Fastify options I guess?
|
||||
* @param _options Options passed to the plugin via `fastify.register(plugin, options)`.
|
||||
* @param done Callback to signal that the logic has completed.
|
||||
*/
|
||||
// TODO: 1) use POST 2) make sure we prevent login CSRF
|
||||
|
@ -78,7 +78,7 @@ export const devLoginCallback: FastifyPluginCallback = (
|
|||
* Route handler for Auth0 authentication.
|
||||
*
|
||||
* @param fastify The Fastify instance.
|
||||
* @param _options Fastify options I guess?
|
||||
* @param _options Options passed to the plugin via `fastify.register(plugin, options)`.
|
||||
* @param done Callback to signal that the logic has completed.
|
||||
*/
|
||||
// TODO: 1) use POST 2) make sure we prevent login CSRF
|
||||
|
@ -95,3 +95,36 @@ export const auth0Routes: FastifyPluginCallback = (fastify, _options, done) => {
|
|||
|
||||
done();
|
||||
};
|
||||
|
||||
/**
|
||||
* Legacy route handler for development login. This mimics the behaviour of old
|
||||
* api-server which the client depends on for authentication. The key difference
|
||||
* is that this uses a different cookie (not jwt_access_token), and, if we want
|
||||
* to use this for real, we will need to account for that.
|
||||
*
|
||||
* @deprecated
|
||||
* @param fastify The Fastify instance.
|
||||
* @param _options Options passed to the plugin via `fastify.register(plugin,
|
||||
* options)`.
|
||||
* @param done Callback to signal that the logic has completed.
|
||||
*/
|
||||
export const devLegacyAuthRoutes: FastifyPluginCallback = (
|
||||
fastify,
|
||||
_options,
|
||||
done
|
||||
) => {
|
||||
fastify.get('/signin', async (req, reply) => {
|
||||
const email = 'foo@bar.com';
|
||||
|
||||
const { id } = await findOrCreateUser(fastify, email);
|
||||
req.session.user = { id };
|
||||
await req.session.save();
|
||||
await reply.redirect(HOME_LOCATION + '/learn');
|
||||
});
|
||||
|
||||
fastify.get('/signout', async (req, reply) => {
|
||||
await req.session.destroy();
|
||||
await reply.redirect(HOME_LOCATION + '/learn');
|
||||
});
|
||||
done();
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue