feat(passport): connect oauth proxy

apps/passport/app/auth.server.ts

@@ -34,6 +34,18 @@ export const createAuthenticatorSessionStorage = (
 }
 
 export const AUTHN_PARAMS_SESSION_KEY = 'authnParams'
+
+export const getAuthnParams = async (
+  request: Request,
+  env: Env
+): Promise<URLSearchParams> => {
+  const authenticatorStorage = createAuthenticatorSessionStorage(request, env)
+  const session = await authenticatorStorage.getSession(
+    request.headers.get('Cookie')
+  )
+  return new URLSearchParams(session.get(AUTHN_PARAMS_SESSION_KEY))
+}
+
 /**
  * Returns a custom Request and authenticator SessionStorage. Needed to hook into response
  * lifecycle that authenticator fully controls, to set custom data needed after external

apps/passport/app/routes/authenticate/$clientId/index.tsx

@@ -201,17 +201,7 @@ const InnerComponent = ({
         clientId,
         signData,
         navigate,
-        FormWrapperEl: ({ children, provider }) => (
-          <Form
-            className="w-full"
-            action={`/connect/${provider}?${authnQueryParams}`}
-            method="post"
-            key={provider}
-          >
-            {children}
-          </Form>
-        ),
-        enableOAuthSubmit: true,
+        authnQueryParams,
         loading,
         walletConnectCallback: async (address) => {
           if (loading) return

apps/passport/app/routes/connect/apple/callback.ts

@@ -21,6 +21,8 @@ import {
   authenticateAddress,
   checkOAuthError,
 } from '~/utils/authenticate.server'
+import { redirectToCustomDomainHost } from '~/utils/connect-proxy'
+
 import { getAuthzCookieParams, getUserSession } from '~/session.server'
 import { Authenticator } from 'remix-auth'
 import { InternalServerError } from '@proofzero/errors'
@@ -51,6 +53,7 @@ export const action: ActionFunction = getRollupReqFunctionErrorWrapper(
 export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
   async ({ request, context }) => {
     await checkOAuthError(request, context.env)
+    await redirectToCustomDomainHost(request, context)
 
     const appData = await getAuthzCookieParams(request, context.env)
 

apps/passport/app/routes/connect/apple/index.tsx

@@ -1,28 +1,44 @@
-import type { ActionArgs, ActionFunction } from '@remix-run/cloudflare'
+import type { LoaderFunction } from '@remix-run/cloudflare'
 import { Authenticator } from 'remix-auth'
 
-import {
-  createAuthenticatorSessionStorage,
-  getAppleStrategy,
-  injectAuthnParamsIntoSession,
-} from '~/auth.server'
-import { AppleStrategyDefaultName } from '~/utils/applestrategy.server'
 import { getRollupReqFunctionErrorWrapper } from '@proofzero/utils/errors'
 
-export const action: ActionFunction = getRollupReqFunctionErrorWrapper(
-  async ({ request, context }: ActionArgs) => {
+import { getAppleStrategy, injectAuthnParamsIntoSession } from '~/auth.server'
+import { AppleStrategyDefaultName } from '~/utils/applestrategy.server'
+import {
+  redirectToDefaultHost,
+  setCustomDomainOrigin,
+} from '~/utils/connect-proxy'
+
+export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
+  async ({ request, context }) => {
     const authnParams = new URL(request.url).searchParams
+    setCustomDomainOrigin(request, context, authnParams)
+
     const authenticatorInputs = await injectAuthnParamsIntoSession(
       authnParams.toString(),
       request,
       context.env
     )
     const authenticator = new Authenticator(authenticatorInputs.sessionStorage)
 
-    authenticator.use(getAppleStrategy(context.env))
-    return authenticator.authenticate(
-      AppleStrategyDefaultName,
-      authenticatorInputs.newRequest
-    )
+    const strategy = getAppleStrategy(context.env)
+    if (authnParams.get('state'))
+      // @ts-ignore
+      strategy.generateState = () => authnParams.get('state')
+
+    authenticator.use(strategy)
+
+    try {
+      const response = await authenticator.authenticate(
+        AppleStrategyDefaultName,
+        authenticatorInputs.newRequest
+      )
+      return response
+    } catch (error) {
+      if (!(error instanceof Response)) throw error
+      const response = error
+      redirectToDefaultHost(request, response, context)
+    }
   }
 )

apps/passport/app/routes/connect/discord/callback.ts

@@ -17,13 +17,16 @@ import {
   authenticateAddress,
   checkOAuthError,
 } from '~/utils/authenticate.server'
+import { redirectToCustomDomainHost } from '~/utils/connect-proxy'
+
 import { Authenticator } from 'remix-auth'
 import { InternalServerError } from '@proofzero/errors'
 import { getRollupReqFunctionErrorWrapper } from '@proofzero/utils/errors'
 
 export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
   async ({ request, context }) => {
     await checkOAuthError(request, context.env)
+    await redirectToCustomDomainHost(request, context)
 
     const appData = await getAuthzCookieParams(request, context.env)
 

apps/passport/app/routes/connect/discord/index.tsx

@@ -1,14 +1,20 @@
-import type { ActionArgs, ActionFunction } from '@remix-run/cloudflare'
-
+import type { LoaderFunction } from '@remix-run/cloudflare'
+import { Authenticator } from 'remix-auth'
 import { DiscordStrategyDefaultName } from 'remix-auth-discord'
 
-import { getDiscordStrategy, injectAuthnParamsIntoSession } from '~/auth.server'
-import { Authenticator } from 'remix-auth'
 import { getRollupReqFunctionErrorWrapper } from '@proofzero/utils/errors'
 
-export const action: ActionFunction = getRollupReqFunctionErrorWrapper(
-  async ({ request, context }: ActionArgs) => {
+import { getDiscordStrategy, injectAuthnParamsIntoSession } from '~/auth.server'
+import {
+  redirectToDefaultHost,
+  setCustomDomainOrigin,
+} from '~/utils/connect-proxy'
+
+export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
+  async ({ request, context }) => {
     const authnParams = new URL(request.url).searchParams
+    setCustomDomainOrigin(request, context, authnParams)
+
     const authenticatorInputs = await injectAuthnParamsIntoSession(
       authnParams.toString(),
       request,
@@ -18,11 +24,24 @@ export const action: ActionFunction = getRollupReqFunctionErrorWrapper(
     const prompt =
       rollup_action && rollup_action === 'reconnect' ? 'consent' : undefined
 
+    const strategy = getDiscordStrategy(context.env, prompt)
+    if (authnParams.get('state'))
+      // @ts-ignore
+      strategy.generateState = () => authnParams.get('state')
+
     const authenticator = new Authenticator(authenticatorInputs.sessionStorage)
-    authenticator.use(getDiscordStrategy(context.env, prompt))
-    return authenticator.authenticate(
-      DiscordStrategyDefaultName,
-      authenticatorInputs.newRequest
-    )
+    authenticator.use(strategy)
+
+    try {
+      const response = await authenticator.authenticate(
+        DiscordStrategyDefaultName,
+        authenticatorInputs.newRequest
+      )
+      return response
+    } catch (error) {
+      if (!(error instanceof Response)) throw error
+      const response = error
+      redirectToDefaultHost(request, response, context)
+    }
   }
 )

apps/passport/app/routes/connect/github/callback.ts

@@ -1,3 +1,4 @@
+import { redirect } from '@remix-run/cloudflare'
 import type { LoaderArgs, LoaderFunction } from '@remix-run/cloudflare'
 
 import { generateHashedIDRef } from '@proofzero/urns/idref'
@@ -11,6 +12,7 @@ import {
   authenticateAddress,
   checkOAuthError,
 } from '~/utils/authenticate.server'
+import { redirectToCustomDomainHost } from '~/utils/connect-proxy'
 
 import { getAddressClient } from '~/platform.server'
 import { GitHubStrategyDefaultName } from 'remix-auth-github'
@@ -24,6 +26,7 @@ import { getRollupReqFunctionErrorWrapper } from '@proofzero/utils/errors'
 export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
   async ({ request, context }: LoaderArgs) => {
     await checkOAuthError(request, context.env)
+    await redirectToCustomDomainHost(request, context)
 
     const appData = await getAuthzCookieParams(request, context.env)
 

apps/passport/app/routes/connect/github/index.tsx

@@ -1,27 +1,48 @@
-import type { ActionArgs, ActionFunction } from '@remix-run/cloudflare'
+import type { LoaderFunction } from '@remix-run/cloudflare'
 import { Authenticator } from 'remix-auth'
-
 import { GitHubStrategyDefaultName } from 'remix-auth-github'
+
+import { getRollupReqFunctionErrorWrapper } from '@proofzero/utils/errors'
+
 import {
   getGithubAuthenticator,
   injectAuthnParamsIntoSession,
 } from '~/auth.server'
-import { getRollupReqFunctionErrorWrapper } from '@proofzero/utils/errors'
 
-export const action: ActionFunction = getRollupReqFunctionErrorWrapper(
-  async ({ request, context }: ActionArgs) => {
-    const authnParams = new URL(request.url).searchParams.toString()
+import {
+  redirectToDefaultHost,
+  setCustomDomainOrigin,
+} from '~/utils/connect-proxy'
+
+export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
+  async ({ request, context }) => {
+    const authnParams = new URL(request.url).searchParams
+    setCustomDomainOrigin(request, context, authnParams)
+
     const authenticatorInputs = await injectAuthnParamsIntoSession(
-      authnParams,
+      authnParams.toString(),
       request,
       context.env
     )
+
+    const strategy = getGithubAuthenticator(context.env)
+    if (authnParams.get('state'))
+      // @ts-ignore
+      strategy.generateState = () => authnParams.get('state')
+
     const authenticator = new Authenticator(authenticatorInputs.sessionStorage)
-    authenticator.use(getGithubAuthenticator(context.env))
+    authenticator.use(strategy)
 
-    return authenticator.authenticate(
-      GitHubStrategyDefaultName,
-      authenticatorInputs.newRequest
-    )
+    try {
+      const response = await authenticator.authenticate(
+        GitHubStrategyDefaultName,
+        authenticatorInputs.newRequest
+      )
+      return response
+    } catch (error) {
+      if (!(error instanceof Response)) throw error
+      const response = error
+      redirectToDefaultHost(request, response, context)
+    }
   }
 )

apps/passport/app/routes/connect/google/callback.ts

@@ -11,6 +11,8 @@ import {
   authenticateAddress,
   checkOAuthError,
 } from '~/utils/authenticate.server'
+import { redirectToCustomDomainHost } from '~/utils/connect-proxy'
+
 import type { OAuthData } from '@proofzero/platform.address/src/types'
 import { NodeType, OAuthAddressType } from '@proofzero/types/address'
 import { getAuthzCookieParams, getUserSession } from '~/session.server'
@@ -21,6 +23,7 @@ import { getRollupReqFunctionErrorWrapper } from '@proofzero/utils/errors'
 export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
   async ({ request, context }: LoaderArgs) => {
     await checkOAuthError(request, context.env)
+    await redirectToCustomDomainHost(request, context)
 
     const appData = await getAuthzCookieParams(request, context.env)
 

apps/passport/app/routes/connect/google/index.tsx

@@ -1,17 +1,23 @@
-import type { ActionArgs, ActionFunction } from '@remix-run/cloudflare'
-
+import type { LoaderFunction } from '@remix-run/cloudflare'
+import { Authenticator } from 'remix-auth'
 import { GoogleStrategyDefaultName } from 'remix-auth-google'
 
+import { getRollupReqFunctionErrorWrapper } from '@proofzero/utils/errors'
+
 import {
   getGoogleAuthenticator,
   injectAuthnParamsIntoSession,
 } from '~/auth.server'
-import { Authenticator } from 'remix-auth'
-import { getRollupReqFunctionErrorWrapper } from '@proofzero/utils/errors'
+import {
+  redirectToDefaultHost,
+  setCustomDomainOrigin,
+} from '~/utils/connect-proxy'
 
-export const action: ActionFunction = getRollupReqFunctionErrorWrapper(
-  async ({ request, context }: ActionArgs) => {
+export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
+  async ({ request, context }) => {
     const authnParams = new URL(request.url).searchParams
+    setCustomDomainOrigin(request, context, authnParams)
+
     const authenticatorInputs = await injectAuthnParamsIntoSession(
       authnParams.toString(),
       request,
@@ -21,11 +27,24 @@ export const action: ActionFunction = getRollupReqFunctionErrorWrapper(
     const prompt =
       rollup_action && rollup_action === 'reconnect' ? 'consent' : undefined
 
+    const strategy = getGoogleAuthenticator(context.env, prompt)
+    if (authnParams.get('state'))
+      // @ts-ignore
+      strategy.generateState = () => authnParams.get('state')
+
     const authenticator = new Authenticator(authenticatorInputs.sessionStorage)
-    authenticator.use(getGoogleAuthenticator(context.env, prompt))
-    return authenticator.authenticate(
-      GoogleStrategyDefaultName,
-      authenticatorInputs.newRequest
-    )
+    authenticator.use(strategy)
+
+    try {
+      const response = await authenticator.authenticate(
+        GoogleStrategyDefaultName,
+        authenticatorInputs.newRequest
+      )
+      return response
+    } catch (error) {
+      if (!(error instanceof Response)) throw error
+      const response = error
+      redirectToDefaultHost(request, response, context)
+    }
   }
 )

apps/passport/app/routes/connect/microsoft/callback.ts

@@ -15,13 +15,16 @@ import {
   checkOAuthError,
 } from '~/utils/authenticate.server'
 import { getAuthzCookieParams, getUserSession } from '~/session.server'
+import { redirectToCustomDomainHost } from '~/utils/connect-proxy'
+
 import { Authenticator } from 'remix-auth'
 import { InternalServerError } from '@proofzero/errors'
 import { getRollupReqFunctionErrorWrapper } from '@proofzero/utils/errors'
 
 export const loader: LoaderFunction = getRollupReqFunctionErrorWrapper(
   async ({ request, context }: LoaderArgs) => {
     await checkOAuthError(request, context.env)
+    await redirectToCustomDomainHost(request, context)
 
     const appData = await getAuthzCookieParams(request, context.env)