feat(passport): connect oauth proxy

apps/passport/app/auth.server.ts

@@ -34,6 +34,18 @@ export const createAuthenticatorSessionStorage = (
 }
 
 export const AUTHN_PARAMS_SESSION_KEY = 'authnParams'
+
+export const getAuthnParams = async (
+  request: Request,
+  env: Env
+): Promise<URLSearchParams> => {
+  const authenticatorStorage = createAuthenticatorSessionStorage(request, env)
+  const session = await authenticatorStorage.getSession(
+    request.headers.get('Cookie')
+  )
+  return new URLSearchParams(session.get(AUTHN_PARAMS_SESSION_KEY))
+}
+
 /**
  * Returns a custom Request and authenticator SessionStorage. Needed to hook into response
  * lifecycle that authenticator fully controls, to set custom data needed after external

apps/passport/app/routes/connect/apple/callback.ts

@@ -21,6 +21,8 @@ import {
   authenticateAddress,
   checkOAuthError,
 } from '~/utils/authenticate.server'
+import { redirectToCustomDomainHost } from '~/utils/connect-proxy'
+
 import { getAuthzCookieParams, getUserSession } from '~/session.server'
 import { Authenticator } from 'remix-auth'
 import { InternalServerError } from '@proofzero/errors'
@@ -51,6 +53,7 @@ export const action: ActionFunction = getRollupReqFunctionErrorWrapper(
 export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
   async ({ request, context }) => {
     await checkOAuthError(request, context.env)
+    await redirectToCustomDomainHost(request, context)
 
     const appData = await getAuthzCookieParams(request, context.env)
 

apps/passport/app/routes/connect/apple/index.tsx

@@ -5,21 +5,40 @@ import { getRollupReqFunctionErrorWrapper } from '@proofzero/utils/errors'
 
 import { getAppleStrategy, injectAuthnParamsIntoSession } from '~/auth.server'
 import { AppleStrategyDefaultName } from '~/utils/applestrategy.server'
+import {
+  redirectToDefaultHost,
+  setCustomDomainOrigin,
+} from '~/utils/connect-proxy'
 
 export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
   async ({ request, context }) => {
     const authnParams = new URL(request.url).searchParams
+    setCustomDomainOrigin(request, context, authnParams)
+
     const authenticatorInputs = await injectAuthnParamsIntoSession(
       authnParams.toString(),
       request,
       context.env
     )
     const authenticator = new Authenticator(authenticatorInputs.sessionStorage)
 
-    authenticator.use(getAppleStrategy(context.env))
-    return authenticator.authenticate(
-      AppleStrategyDefaultName,
-      authenticatorInputs.newRequest
-    )
+    const strategy = getAppleStrategy(context.env)
+    if (authnParams.get('state'))
+      // @ts-ignore
+      strategy.generateState = () => authnParams.get('state')
+
+    authenticator.use(strategy)
+
+    try {
+      const response = await authenticator.authenticate(
+        AppleStrategyDefaultName,
+        authenticatorInputs.newRequest
+      )
+      return response
+    } catch (error) {
+      if (!(error instanceof Response)) throw error
+      const response = error
+      redirectToDefaultHost(request, response, context)
+    }
   }
 )

apps/passport/app/routes/connect/discord/callback.ts

@@ -17,13 +17,16 @@ import {
   authenticateAddress,
   checkOAuthError,
 } from '~/utils/authenticate.server'
+import { redirectToCustomDomainHost } from '~/utils/connect-proxy'
+
 import { Authenticator } from 'remix-auth'
 import { InternalServerError } from '@proofzero/errors'
 import { getRollupReqFunctionErrorWrapper } from '@proofzero/utils/errors'
 
 export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
   async ({ request, context }) => {
     await checkOAuthError(request, context.env)
+    await redirectToCustomDomainHost(request, context)
 
     const appData = await getAuthzCookieParams(request, context.env)
 

apps/passport/app/routes/connect/discord/index.tsx

@@ -5,10 +5,16 @@ import { DiscordStrategyDefaultName } from 'remix-auth-discord'
 import { getRollupReqFunctionErrorWrapper } from '@proofzero/utils/errors'
 
 import { getDiscordStrategy, injectAuthnParamsIntoSession } from '~/auth.server'
+import {
+  redirectToDefaultHost,
+  setCustomDomainOrigin,
+} from '~/utils/connect-proxy'
 
 export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
   async ({ request, context }) => {
     const authnParams = new URL(request.url).searchParams
+    setCustomDomainOrigin(request, context, authnParams)
+
     const authenticatorInputs = await injectAuthnParamsIntoSession(
       authnParams.toString(),
       request,
@@ -18,11 +24,24 @@ export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
     const prompt =
       rollup_action && rollup_action === 'reconnect' ? 'consent' : undefined
 
+    const strategy = getDiscordStrategy(context.env, prompt)
+    if (authnParams.get('state'))
+      // @ts-ignore
+      strategy.generateState = () => authnParams.get('state')
+
     const authenticator = new Authenticator(authenticatorInputs.sessionStorage)
-    authenticator.use(getDiscordStrategy(context.env, prompt))
-    return authenticator.authenticate(
-      DiscordStrategyDefaultName,
-      authenticatorInputs.newRequest
-    )
+    authenticator.use(strategy)
+
+    try {
+      const response = await authenticator.authenticate(
+        DiscordStrategyDefaultName,
+        authenticatorInputs.newRequest
+      )
+      return response
+    } catch (error) {
+      if (!(error instanceof Response)) throw error
+      const response = error
+      redirectToDefaultHost(request, response, context)
+    }
   }
 )

apps/passport/app/routes/connect/github/callback.ts

@@ -1,3 +1,4 @@
+import { redirect } from '@remix-run/cloudflare'
 import type { LoaderArgs, LoaderFunction } from '@remix-run/cloudflare'
 
 import { generateHashedIDRef } from '@proofzero/urns/idref'
@@ -11,6 +12,7 @@ import {
   authenticateAddress,
   checkOAuthError,
 } from '~/utils/authenticate.server'
+import { redirectToCustomDomainHost } from '~/utils/connect-proxy'
 
 import { getAddressClient } from '~/platform.server'
 import { GitHubStrategyDefaultName } from 'remix-auth-github'
@@ -24,6 +26,7 @@ import { getRollupReqFunctionErrorWrapper } from '@proofzero/utils/errors'
 export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
   async ({ request, context }: LoaderArgs) => {
     await checkOAuthError(request, context.env)
+    await redirectToCustomDomainHost(request, context)
 
     const appData = await getAuthzCookieParams(request, context.env)
 

apps/passport/app/routes/connect/github/index.tsx

@@ -9,20 +9,40 @@ import {
   injectAuthnParamsIntoSession,
 } from '~/auth.server'
 
+import {
+  redirectToDefaultHost,
+  setCustomDomainOrigin,
+} from '~/utils/connect-proxy'
+
 export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
   async ({ request, context }) => {
     const authnParams = new URL(request.url).searchParams
+    setCustomDomainOrigin(request, context, authnParams)
+
     const authenticatorInputs = await injectAuthnParamsIntoSession(
       authnParams.toString(),
       request,
       context.env
     )
+
+    const strategy = getGithubAuthenticator(context.env)
+    if (authnParams.get('state'))
+      // @ts-ignore
+      strategy.generateState = () => authnParams.get('state')
+
     const authenticator = new Authenticator(authenticatorInputs.sessionStorage)
-    authenticator.use(getGithubAuthenticator(context.env))
+    authenticator.use(strategy)
 
-    return authenticator.authenticate(
-      GitHubStrategyDefaultName,
-      authenticatorInputs.newRequest
-    )
+    try {
+      const response = await authenticator.authenticate(
+        GitHubStrategyDefaultName,
+        authenticatorInputs.newRequest
+      )
+      return response
+    } catch (error) {
+      if (!(error instanceof Response)) throw error
+      const response = error
+      redirectToDefaultHost(request, response, context)
+    }
   }
 )

apps/passport/app/routes/connect/google/callback.ts

@@ -11,6 +11,8 @@ import {
   authenticateAddress,
   checkOAuthError,
 } from '~/utils/authenticate.server'
+import { redirectToCustomDomainHost } from '~/utils/connect-proxy'
+
 import type { OAuthData } from '@proofzero/platform.address/src/types'
 import { NodeType, OAuthAddressType } from '@proofzero/types/address'
 import { getAuthzCookieParams, getUserSession } from '~/session.server'
@@ -21,6 +23,7 @@ import { getRollupReqFunctionErrorWrapper } from '@proofzero/utils/errors'
 export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
   async ({ request, context }: LoaderArgs) => {
     await checkOAuthError(request, context.env)
+    await redirectToCustomDomainHost(request, context)
 
     const appData = await getAuthzCookieParams(request, context.env)
 

apps/passport/app/routes/connect/google/index.tsx

@@ -8,10 +8,16 @@ import {
   getGoogleAuthenticator,
   injectAuthnParamsIntoSession,
 } from '~/auth.server'
+import {
+  redirectToDefaultHost,
+  setCustomDomainOrigin,
+} from '~/utils/connect-proxy'
 
 export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
   async ({ request, context }) => {
     const authnParams = new URL(request.url).searchParams
+    setCustomDomainOrigin(request, context, authnParams)
+
     const authenticatorInputs = await injectAuthnParamsIntoSession(
       authnParams.toString(),
       request,
@@ -21,11 +27,24 @@ export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
     const prompt =
       rollup_action && rollup_action === 'reconnect' ? 'consent' : undefined
 
+    const strategy = getGoogleAuthenticator(context.env, prompt)
+    if (authnParams.get('state'))
+      // @ts-ignore
+      strategy.generateState = () => authnParams.get('state')
+
     const authenticator = new Authenticator(authenticatorInputs.sessionStorage)
-    authenticator.use(getGoogleAuthenticator(context.env, prompt))
-    return authenticator.authenticate(
-      GoogleStrategyDefaultName,
-      authenticatorInputs.newRequest
-    )
+    authenticator.use(strategy)
+
+    try {
+      const response = await authenticator.authenticate(
+        GoogleStrategyDefaultName,
+        authenticatorInputs.newRequest
+      )
+      return response
+    } catch (error) {
+      if (!(error instanceof Response)) throw error
+      const response = error
+      redirectToDefaultHost(request, response, context)
+    }
   }
 )

apps/passport/app/routes/connect/microsoft/callback.ts

@@ -15,13 +15,16 @@ import {
   checkOAuthError,
 } from '~/utils/authenticate.server'
 import { getAuthzCookieParams, getUserSession } from '~/session.server'
+import { redirectToCustomDomainHost } from '~/utils/connect-proxy'
+
 import { Authenticator } from 'remix-auth'
 import { InternalServerError } from '@proofzero/errors'
 import { getRollupReqFunctionErrorWrapper } from '@proofzero/utils/errors'
 
 export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
   async ({ request, context }: LoaderArgs) => {
     await checkOAuthError(request, context.env)
+    await redirectToCustomDomainHost(request, context)
 
     const appData = await getAuthzCookieParams(request, context.env)
 

apps/passport/app/routes/connect/microsoft/index.tsx

@@ -8,10 +8,16 @@ import {
   getMicrosoftStrategy,
   injectAuthnParamsIntoSession,
 } from '~/auth.server'
+import {
+  redirectToDefaultHost,
+  setCustomDomainOrigin,
+} from '~/utils/connect-proxy'
 
 export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
   async ({ request, context }) => {
     const authnParams = new URL(request.url).searchParams
+    setCustomDomainOrigin(request, context, authnParams)
+
     const authenticatorInputs = await injectAuthnParamsIntoSession(
       authnParams.toString(),
       request,
@@ -24,11 +30,24 @@ export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
     const prompt =
       rollup_action && rollup_action === 'reconnect' ? 'consent' : ' '
 
+    const strategy = getMicrosoftStrategy(context.env, prompt)
+    if (authnParams.get('state'))
+      // @ts-ignore
+      strategy.generateState = () => authnParams.get('state')
+
     const authenticator = new Authenticator(authenticatorInputs.sessionStorage)
-    authenticator.use(getMicrosoftStrategy(context.env, prompt))
-    return authenticator.authenticate(
-      MicrosoftStrategyDefaultName,
-      authenticatorInputs.newRequest
-    )
+    authenticator.use(strategy)
+
+    try {
+      const response = await authenticator.authenticate(
+        MicrosoftStrategyDefaultName,
+        authenticatorInputs.newRequest
+      )
+      return response
+    } catch (error) {
+      if (!(error instanceof Response)) throw error
+      const response = error
+      redirectToDefaultHost(request, response, context)
+    }
   }
 )

apps/passport/app/routes/connect/twitter/callback.ts

@@ -18,12 +18,15 @@ import {
   checkOAuthError,
 } from '~/utils/authenticate.server'
 import { getAuthzCookieParams, getUserSession } from '~/session.server'
+import { redirectToCustomDomainHost } from '~/utils/connect-proxy'
+
 import { Authenticator } from 'remix-auth'
 import { getRollupReqFunctionErrorWrapper } from '@proofzero/utils/errors'
 
 export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
   async ({ request, context }: LoaderArgs) => {
     await checkOAuthError(request, context.env)
+    await redirectToCustomDomainHost(request, context)
 
     const appData = await getAuthzCookieParams(request, context.env)
 
@@ -32,7 +35,7 @@ export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
       context.env
     )
     const authenticator = new Authenticator(authenticatorStorage)
-    authenticator.use(getTwitterStrategy(context.env))
+    authenticator.use(getTwitterStrategy(null, context.env))
 
     const { accessToken, accessTokenSecret, profile } =
       (await authenticator.authenticate(