Created
December 11, 2018 03:50
-
-
Save lukebyrne/326abb845f6ff7eeb2006a0eb8575840 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require('dotenv').config() | |
| const express = require('express') | |
| const jwt = require('jsonwebtoken') | |
| const passport = require('passport') | |
| const GoogleStrategy = require('passport-google-oauth20').Strategy | |
| const fs = require('fs') | |
| const publicKey = fs.readFileSync('jwtRS256.key.pub', 'utf8') | |
| const privateKey = fs.readFileSync('jwtRS256.key', 'utf8') | |
| var knex = require('knex')({ | |
| client: 'pg', | |
| connection: process.env.TWIGGY_DB | |
| }) | |
| passport.serializeUser((user, done) => { | |
| done(null, user) | |
| }) | |
| // Setup Passport | |
| passport.use( | |
| new GoogleStrategy({ | |
| clientID: process.env.GOOGLE_CLIENT_ID, | |
| clientSecret: process.env.GOOGLE_CLIENT_SECRET, | |
| callbackURL: process.env.CALLBACK_URL | |
| }, (accessToken, refreshToken, profile, done) => { | |
| const email = profile.emails[0].value | |
| knex('users').where({email: email}).first().then((user) => { | |
| // !currentUser, pass it on | |
| if(user){ | |
| console.log('currentUser is: ', user); | |
| done(null, user); | |
| } else { | |
| // !currentUser, create user in our db | |
| knex('users') | |
| .insert({ | |
| email: email, | |
| }) | |
| .returning(['id', 'email']) | |
| .then((user) => { | |
| console.log('newUser: ', user[0]) | |
| done(null, user[0]) | |
| }) | |
| } | |
| }) | |
| }) | |
| ) | |
| const app = express() | |
| app.use(passport.initialize()) | |
| app.get('/', (req, res) => { | |
| res.send('Oauth2') | |
| }) | |
| app.get('/oauth2', passport.authenticate('google', { | |
| scope: ['profile', 'email'], | |
| hostedDomain: process.env.HOSTED_DOMAIN | |
| })) | |
| // Set a function for our JWT token | |
| const token = (userId, email, rolesArray) => { | |
| // Set our JWT claims | |
| let claims = { | |
| sub: userId, | |
| email: email, | |
| 'https://hasura.io/jwt/claims': { | |
| 'x-hasura-default-role': rolesArray.includes('admin') ? 'admin': 'user', | |
| 'x-hasura-user-id': userId, | |
| 'x-hasura-allowed-roles': rolesArray | |
| } | |
| } | |
| // Sign the JWT and pass onto the REDIRECT_URL | |
| const token = jwt.sign(claims, privateKey, { algorithm: 'RS256' }) | |
| // Check that we can decode things! | |
| const decoded = jwt.verify(token, publicKey) | |
| console.log(decoded) | |
| return token | |
| } | |
| app.get('/redirect', passport.authenticate('google'), (req, res) => { | |
| // Get our roles from the DB then once resolved set our claims and redirect | |
| knex | |
| .select('name') | |
| .from('roles') | |
| .leftJoin('users_roles', 'roles.id', 'users_roles.role_id') | |
| .where({ 'users_roles.user_id': req.user.id }) | |
| .then((roles) => { | |
| // Map the roles return to an array of names | |
| const rolesArray = roles.map(role => role.name) | |
| // Now redirect | |
| res.redirect(`${process.env.REDIRECT_URL}?token=${token(req.user.id, req.user.email, rolesArray)}`) | |
| }) | |
| }) | |
| const port = process.env.PORT || 3000 | |
| app.listen(port, () => { | |
| console.log(`app now listening for requests on port ${port}`) | |
| }) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment