From a69f3d9853e3a52f467bdd9add73cb1454bc87c0 Mon Sep 17 00:00:00 2001
From: Steel <mael.acier@ensiie.fr>
Date: Tue, 13 Feb 2024 13:44:44 +0100
Subject: [PATCH] Refactor authentication code and add claims to user creation
---
src/auth.ts | 2 +-
src/lib/default.ts | 11 +++++++----
src/lib/index.ts | 22 ++++++++++------------
src/lib/lucia.ts | 7 ++++++-
src/lib/types.ts | 2 +-
5 files changed, 25 insertions(+), 19 deletions(-)
diff --git a/src/auth.ts b/src/auth.ts
index 9f5dfcb..39f9c12 100644
--- a/src/auth.ts
+++ b/src/auth.ts
@@ -6,5 +6,5 @@ export const aidc = await AriseIdConnect.init({
client_id: env.AIDC_CLIENT_ID,
client_secret: env.AIDC_CLIENT_SECRET,
scope: "openid offline profile",
- luciaWrapper: defaultLucia,
+ wrapper: defaultLucia,
});
diff --git a/src/lib/default.ts b/src/lib/default.ts
index 3be7992..f589442 100644
--- a/src/lib/default.ts
+++ b/src/lib/default.ts
@@ -2,6 +2,7 @@ import { BetterSqlite3Adapter } from "@lucia-auth/adapter-sqlite";
import sqlite from "better-sqlite3";
import type { Database as SqLiteConnection } from "better-sqlite3";
import { LuciaWrapper } from "./lucia.js";
+import type { IdTokenClaims, UserinfoResponse } from "openid-client";
class DefaultLucia extends LuciaWrapper<DatabaseUser> {
db: SqLiteConnection;
@@ -20,7 +21,8 @@ class DefaultLucia extends LuciaWrapper<DatabaseUser> {
initDatabase() {
this.db.exec(`CREATE TABLE IF NOT EXISTS user (
id TEXT NOT NULL PRIMARY KEY,
- subject TEXT NOT NULL UNIQUE
+ subject TEXT NOT NULL UNIQUE,
+ claims JSON NOT NULL
)`);
this.db.exec(`CREATE TABLE IF NOT EXISTS session (
@@ -38,10 +40,10 @@ class DefaultLucia extends LuciaWrapper<DatabaseUser> {
.get(subject) as DatabaseUser | undefined;
}
- createUser(subject: string, userId: string) {
+ createUser(subject: string, userId: string, claims: IdTokenClaims) {
this.db
- .prepare("INSERT INTO user (id, subject) VALUES (?, ?)")
- .run(userId, subject);
+ .prepare("INSERT INTO user (id, subject, claims) VALUES (?, ?, ?)")
+ .run(userId, subject, claims);
}
}
@@ -58,6 +60,7 @@ declare module "lucia" {
export interface DatabaseUser {
id: string;
subject: string;
+ claims: UserinfoResponse;
}
export interface DatabaseSession {
id: string;
diff --git a/src/lib/index.ts b/src/lib/index.ts
index 4c30722..83b3088 100644
--- a/src/lib/index.ts
+++ b/src/lib/index.ts
@@ -53,7 +53,7 @@ export class AriseIdConnect<DbUser extends DatabaseUser> {
);
const aidc = new AriseIdConnect(config, issuer);
- await aidc.config.luciaWrapper.initDatabase();
+ await aidc.config.wrapper.initDatabase();
return aidc;
}
@@ -121,7 +121,7 @@ export class AriseIdConnect<DbUser extends DatabaseUser> {
redirect(SEE_OTHER, this.paths.home);
}
- const { lucia } = this.config.luciaWrapper;
+ const { lucia } = this.config.wrapper;
const { session } = await lucia.validateSession(event.locals.session.id);
@@ -149,23 +149,21 @@ export class AriseIdConnect<DbUser extends DatabaseUser> {
throw new Error("No id_token in tokenSet");
}
- const subject = tokenSet.claims().sub;
-
- const { luciaWrapper } = this.config;
- const { lucia } = luciaWrapper;
-
- const existingUser = await luciaWrapper.getUser(subject);
+ const claims = tokenSet.claims();
+ const { sub } = claims;
+ const { wrapper } = this.config;
+ const existingUser = await wrapper.getUser(sub);
const userId = existingUser ? existingUser.id : generateId(15);
if (!existingUser) {
- await luciaWrapper.createUser(subject, userId);
+ await wrapper.createUser(sub, userId, claims);
}
- const session = await lucia.createSession(userId, {
+ const session = await wrapper.lucia.createSession(userId, {
id_token: tokenSet.id_token,
});
- setLuciaCookie(event, lucia.createSessionCookie(session.id));
+ setLuciaCookie(event, wrapper.lucia.createSessionCookie(session.id));
if (this.config.on?.login) {
return this.config.on.login(event, tokenSet.claims());
@@ -175,7 +173,7 @@ export class AriseIdConnect<DbUser extends DatabaseUser> {
};
protected sessionHandler: Handle = async ({ event, resolve }) => {
- const { lucia } = this.config.luciaWrapper;
+ const { lucia } = this.config.wrapper;
const sessionId = event.cookies.get(lucia.sessionCookieName);
if (!sessionId) {
diff --git a/src/lib/lucia.ts b/src/lib/lucia.ts
index a52426c..44b85ca 100644
--- a/src/lib/lucia.ts
+++ b/src/lib/lucia.ts
@@ -8,6 +8,7 @@ import type {
TimeSpan,
} from "lucia";
import { Lucia } from "lucia";
+import type { UserinfoResponse } from "openid-client";
export interface DatabaseUser {
id: string;
@@ -61,5 +62,9 @@ export abstract class LuciaWrapper<
abstract initDatabase(): MaybePromise<void>;
abstract getUser(subject: string): MaybePromise<DbUser | undefined>;
- abstract createUser(subject: string, userId: string): MaybePromise<void>;
+ abstract createUser(
+ subject: string,
+ userId: string,
+ claims: UserinfoResponse,
+ ): MaybePromise<void>;
}
diff --git a/src/lib/types.ts b/src/lib/types.ts
index 73ffbb8..2195894 100644
--- a/src/lib/types.ts
+++ b/src/lib/types.ts
@@ -11,7 +11,7 @@ export interface Config<DbUser extends DatabaseUser> extends ClientMetadata {
login?: (event: RequestEvent, userInfo: UserinfoResponse) => never;
logout?: (event: RequestEvent) => MaybePromise<void>;
};
- luciaWrapper: LuciaWrapper<DbUser>;
+ wrapper: LuciaWrapper<DbUser>;
cookieNames?: Partial<CookieNames>;
paths?: Partial<Paths>;
}
--
GitLab