-
Notifications
You must be signed in to change notification settings - Fork 190
/
facebookAuth.ts
63 lines (56 loc) · 1.8 KB
/
facebookAuth.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
import type { MiddlewareHandler } from 'hono'
import { getCookie, setCookie } from 'hono/cookie'
import { env } from 'hono/adapter'
import { HTTPException } from 'hono/http-exception'
import { getRandomState } from '../../utils/getRandomState'
import { AuthFlow } from './authFlow'
import type { Fields, Permissions } from './types'
export function facebookAuth(options: {
scope: Permissions[]
fields: Fields[]
client_id?: string
client_secret?: string
redirect_uri?: string
}): MiddlewareHandler {
return async (c, next) => {
const newState = getRandomState()
// Create new Auth instance
const auth = new AuthFlow({
client_id: options.client_id || (env(c).FACEBOOK_ID as string),
client_secret: options.client_secret || (env(c).FACEBOOK_SECRET as string),
redirect_uri: options.redirect_uri || c.req.url.split('?')[0],
scope: options.scope,
fields: options.fields,
state: newState,
code: c.req.query('code'),
token: {
token: c.req.query('access_token') as string,
expires_in: Number(c.req.query('expires_in')),
},
})
// Redirect to login dialog
if (!auth.code) {
setCookie(c, 'state', newState, {
maxAge: 60 * 10,
httpOnly: true,
path: '/',
// secure: true,
})
return c.redirect(auth.redirect())
}
// Avoid CSRF attack by checking state
if (c.req.url.includes('?')) {
const storedState = getCookie(c, 'state')
if (c.req.query('state') !== storedState) {
throw new HTTPException(401)
}
}
// Retrieve user data from facebook
await auth.getUserData()
// Set return info
c.set('token', auth.token)
c.set('user-facebook', auth.user)
c.set('granted-scopes', c.req.query('granted_scopes')?.split(','))
await next()
}
}