darkyen · July 22, 2016 08:02
diff --git a/webtask.js b/webtask.js
 const Express = require('express');
 const request = require('request-promise');
 const Twitter = require('[email protected]');
 const Webtask = require('webtask-tools');
 const jwt = require('jsonwebtoken');

 const app = Express();

 // A Much better approach which demonstrates API Auth is at
 // https://github.com/vikasjayaram/twitter-status-webtask
 // This one uses Global Credentials, which should be avoided


 // TODO: Remove nested promises.
 app.use(function(req, res, next){
  // The secrets
  const secrets = req.webtaskContext.data;

  // Your tenant name on auth0
  const tenant  = secrets.tenant;

  // Replace this with your webtask's deployed url.
  const redirectUri =                 "https://webtask.it.auth0.com/api/run/wt-abhishek_hingnikar-auth0_com-1/tweet";
  const AUTH0_CLIENT_ID =             secrets.AUTH0_CLIENT_ID; // AUTH0_CLIENT_ID
  const AUTH0_CLIENT_SECRET =         secrets.AUTH0_CLIENT_SECRET; // AUTH0_CLIENT_SECRET
  const AUTH0_CLIENT_SECRET_BUFFER =  new Buffer(secrets.AUTH_CLIENT_SECRET, 'base64');
    
  function handleFailure(error){
    console.log(error);
    return res.status(401).json({
      message: 'Unauthorized'
    });
  }
    
  // poor man's passport.js 
  // No code? Redirect to get code
  if(!req.query.code){
    const authorizeUrl = `https://${tenant}.auth0.com/authorize?client_id=${AUTH0_CLIENT_ID}&response_type=code&connection=twitter&redirect_uri=${redirectUri}&scope=openid name`
    return res.redirect(authorizeUrl);
  }else{
    // Got code? Lets exchange for OAuth
    request.post({
        uri: `https://${tenant}.auth0.com/oauth/token`,
        body: {
            client_id: AUTH0_CLIENT_ID,
            client_secret: AUTH0_CLIENT_SECRET,
            grant_type: 'authorization_code',
            code: req.query.code,
            redirect_uri: redirectUri,
        },
        json: true,
    }).then(function(tokens){
      // This is all we need at this point.
      jwt.verify(tokens.id_token, AUTH0_CLIENT_SECRET_BUFFER ,function(err, decoded){
        if(err){
          return handleFailure();
        }
        req.user = decoded;
        next();
      });
    }, handleFailure);
  }
 });

 app.get('/', function(req, res){
  const secrets =                 req.webtaskContext.data;
  const MGMT_API_TOKEN =          secrets.MGMT_API_TOKEN;           // Key from MGMT api console with read:idp_access_tokens
  const tenant =                  secrets.tenant;                   // if your domain is some-game.auth0.com it should be some-game
  const TWITTER_CONSUMER_KEY =    secrets.TWITTER_CONSUMER_KEY;     // Twitter consumer key
  const TWITTER_CONSUMER_SECRET = secrets.TWITTER_CONSUMER_SECRET;  // Twitter consumer secret
    
  function handleFailure(error){
    return res.status(500).json({
      message: error.message
    });
  }
    
  request.get(`https://${tenant}.auth0.com/api/v2/users/${req.user.sub}`,{
    headers: {
        'Authorization': `Bearer ${MGMT_API_TOKEN}`
    },
    json: true
  }).then(function(user){
      const twitterUser = user.identities.filter(function(identity){
         return identity.provider === 'twitter'; 
      })[0];
      
      if(!twitterUser){
          return res.json({
             message: 'You should login using twitter for this to work' 
          });
      }
      
      const client = new Twitter({
          consumer_key:         TWITTER_CONSUMER_KEY,
          consumer_secret:      TWITTER_CONSUMER_SECRET,
          access_token:         twitterUser.access_token,
          access_token_secret:  twitterUser.access_token_secret,
      });
      
      client.post('statuses/update', {
        status: 'This was tweeted from a WebApp that took 15m to write & deploy. 10 were spent writing this msg @webtaskio + @auth0 = https://goo.gl/bCOLgm'
      }).then(function(){
        return res.status(200).json({
          message: `Hi ${req.user.name}, I just tweeted the message on your behalf, now that you are here might I suggest exploring the techstack behind it?`,
          stack: {
            webtask: {
              home: 'https://webtask.io/',
              desc: 'FAAS to Deploy serverless apps in minutes!'
            },
            auth0: {
              home: 'https://auth0.com/',
              desc: 'Identity Platform that is built for developers!'
            },
          },
          source: 'https://gist.github.com/darkyen/08f88e5d66e8fd42eb38d8cd4227dde5',
        });
      }, handleFailure);
  }, handleFailure);
 });

 module.exports = Webtask.fromExpress(app);
	const Express = require('express');
	const request = require('request-promise');
	const Twitter = require('[email protected]');
	const Webtask = require('webtask-tools');
	const jwt = require('jsonwebtoken');

	const app = Express();

	// A Much better approach which demonstrates API Auth is at
	// https://github.com/vikasjayaram/twitter-status-webtask
	// This one uses Global Credentials, which should be avoided


	// TODO: Remove nested promises.
	app.use(function(req, res, next){
	// The secrets
	const secrets = req.webtaskContext.data;

	// Your tenant name on auth0
	const tenant = secrets.tenant;

	// Replace this with your webtask's deployed url.
	const redirectUri = "https://webtask.it.auth0.com/api/run/wt-abhishek_hingnikar-auth0_com-1/tweet";
	const AUTH0_CLIENT_ID = secrets.AUTH0_CLIENT_ID; // AUTH0_CLIENT_ID
	const AUTH0_CLIENT_SECRET = secrets.AUTH0_CLIENT_SECRET; // AUTH0_CLIENT_SECRET
	const AUTH0_CLIENT_SECRET_BUFFER = new Buffer(secrets.AUTH_CLIENT_SECRET, 'base64');

	function handleFailure(error){
	console.log(error);
	return res.status(401).json({
	message: 'Unauthorized'
	});
	}

	// poor man's passport.js
	// No code? Redirect to get code
	if(!req.query.code){
	const authorizeUrl = `https://${tenant}.auth0.com/authorize?client_id=${AUTH0_CLIENT_ID}&response_type=code&connection=twitter&redirect_uri=${redirectUri}&scope=openid name`
	return res.redirect(authorizeUrl);
	}else{
	// Got code? Lets exchange for OAuth
	request.post({
	uri: `https://${tenant}.auth0.com/oauth/token`,
	body: {
	client_id: AUTH0_CLIENT_ID,
	client_secret: AUTH0_CLIENT_SECRET,
	grant_type: 'authorization_code',
	code: req.query.code,
	redirect_uri: redirectUri,
	},
	json: true,
	}).then(function(tokens){
	// This is all we need at this point.
	jwt.verify(tokens.id_token, AUTH0_CLIENT_SECRET_BUFFER ,function(err, decoded){
	if(err){
	return handleFailure();
	}
	req.user = decoded;
	next();
	});
	}, handleFailure);
	}
	});

	app.get('/', function(req, res){
	const secrets = req.webtaskContext.data;
	const MGMT_API_TOKEN = secrets.MGMT_API_TOKEN; // Key from MGMT api console with read:idp_access_tokens
	const tenant = secrets.tenant; // if your domain is some-game.auth0.com it should be some-game
	const TWITTER_CONSUMER_KEY = secrets.TWITTER_CONSUMER_KEY; // Twitter consumer key
	const TWITTER_CONSUMER_SECRET = secrets.TWITTER_CONSUMER_SECRET; // Twitter consumer secret

	function handleFailure(error){
	return res.status(500).json({
	message: error.message
	});
	}

	request.get(`https://${tenant}.auth0.com/api/v2/users/${req.user.sub}`,{
	headers: {
	'Authorization': `Bearer ${MGMT_API_TOKEN}`
	},
	json: true
	}).then(function(user){
	const twitterUser = user.identities.filter(function(identity){
	return identity.provider === 'twitter';
	})[0];

	if(!twitterUser){
	return res.json({
	message: 'You should login using twitter for this to work'
	});
	}

	const client = new Twitter({
	consumer_key: TWITTER_CONSUMER_KEY,
	consumer_secret: TWITTER_CONSUMER_SECRET,
	access_token: twitterUser.access_token,
	access_token_secret: twitterUser.access_token_secret,
	});

	client.post('statuses/update', {
	status: 'This was tweeted from a WebApp that took 15m to write & deploy. 10 were spent writing this msg @webtaskio + @auth0 = https://goo.gl/bCOLgm'
	}).then(function(){
	return res.status(200).json({
	message: `Hi ${req.user.name}, I just tweeted the message on your behalf, now that you are here might I suggest exploring the techstack behind it?`,
	stack: {
	webtask: {
	home: 'https://webtask.io/',
	desc: 'FAAS to Deploy serverless apps in minutes!'
	},
	auth0: {
	home: 'https://auth0.com/',
	desc: 'Identity Platform that is built for developers!'
	},
	},
	source: 'https://gist.github.com/darkyen/08f88e5d66e8fd42eb38d8cd4227dde5',
	});
	}, handleFailure);
	}, handleFailure);
	});

	module.exports = Webtask.fromExpress(app);