From 817d3f31759a2440d55dc11918474bfcdd504536 Mon Sep 17 00:00:00 2001 From: split Date: Wed, 10 Jul 2024 04:29:44 -0700 Subject: [PATCH] separate subject from identifier --- .env.example | 4 +++ bun.lockb | Bin 56311 -> 56724 bytes package.json | 1 + src/lib/configuration.ts | 6 ++-- src/lib/index.ts | 57 +++++++++++++++++++----------------- src/lib/types.ts | 1 + src/routes/+layout.svelte | 6 ++++ src/routes/set/+page.svelte | 38 ++++++++++++++++++++++-- 8 files changed, 82 insertions(+), 31 deletions(-) diff --git a/.env.example b/.env.example index de29bcc..3117396 100644 --- a/.env.example +++ b/.env.example @@ -9,9 +9,13 @@ OAUTH2__GET_TOKEN= OAUTH2__CLIENT_ID= # Client secret OAUTH2__CLIENT_SECRET= +# OAuth2 scopes +OAUTH2__SCOPES=openid profile # Userinfo route USERINFO__ROUTE= +# Identifier you'd like to use to link avatars with +USERINFO__IDENTIFIER=preferred_username # Prisma database URL DATABASE_URL="file:./data.db" \ No newline at end of file diff --git a/bun.lockb b/bun.lockb index b5f7e630bd834ff241fb9d3a8d945b00198600f7..2398c2b02ab3bb260388c1452f95fc476c5cc97c 100755 GIT binary patch delta 8704 zcmeHMdsvj!y8qV4j5_FW5tSJjZX$>X2*^c5W-!!*0TmTTP}D&XN4Y2i<|Sn+E3s7I zEyD}sB^B?LnQ6MW)~+qIt!URNJ9VtRpI!N6cH7%@*S7O}zi%eo=V|xHc~0k#^PKg} zZ@urk-gjNzcdc)I>zno6DX+&~^lDBR@j%DeS4S6k^}T%kS;M8a(*@H%ausBxKk-_4 z<6Rm{)&U>Qhmw+7T5MrcFKtl;NwTl7D{LonA4zg8t8+N3QIsYm$rtkHpn;(KKnH=Y z2i1eNxa9{?FS6xaWaI07Bq;=nr$Iy605lA=-d#Q$)C75~TOR}(4*7;wl7@l43(EGV zLAm}`&`8jF(4nAnK#ic;puwQSK)F3FDC#x3Zfew#Evt3bFLXMk91N33nt{w4w8maj z>nN9`3TIh^qpDo;_LHQ6DE|&_27vwqLYe&3Uz75K<6M{eJ8O%F(cZqaf!y6+ps|c;Dwq{`kMkd`;XJ58# zl_UkBT!(UFgu1fUf^u)Qpgamk&EkqWN4?Wgv#82ZxwzgJ_We;_y|mm>w@i|%9W{<> zhqHbcW}C|&che$J?)@l60cT~`UV6rB`1GPEwL4!>rFmz3WmRpNG%#B2R=CS|LS`p! zU=eb&Wp(z26;4TV3|H-rgK~WlL$R8K##ctD#Y?Ly8tUNPS;*{Fc|}=6CFE*U<+K&$ zXxW7cR;D05PPOAP)K#pMRzqg*osPN{Y+qknZ?A%P)pga5YQ!xiUe!m#j)xZjibWFa zs&H1vSJbSK$}3jbs~Re#g|)Ry9jMSJj=s@M>31b0CO7!0&3`|Ut=*sz&r_Gqq7_1t zQt6T|Q#%oyg}In`S(4VET`l^?Z2gpEl#fJt{LN4NN`JWfGkRKQ&~~CQS83pDaG44h z=jAT*Zva=~Zi?F(L}KwsZdZDPn)+Mhp&IJ$ZcQW>GC$4NkQ?4^FMC!Go=8^TFjSb=!U_`v}|= zr7Qt!K-I1W=WYd@TDKpz6}7#5aBA6O;M5u)fm3Tl5LZfCFL3|a*~lY8qKoPNZm%Wc$IWP z7M)L!B#pruk*TMDx;!a}HU^nRBXtE?#Cg&MTXf&TU;+#@#N)8(bX z)E#UV2S{hK$a)jynanyH_Mk~>gTd+IIqHHcAcVX_%yMxE<%O8FoA4INCVfz*{B9`a z`J3g?F!ByH%l0tJ3pIt2S$LsyJ-eTV+!X;8Xs8A{#}X5Bp~G^-{->EgH4 z6k!qHQdfjU9vMmAL(RG+c-66i7sp4}2`SrSuKNtqU6A@vk0D)-9Y)@fW_iId%8N8> zn}dy7jPPr_nwP&p=Y= z4u-lLkP_8uSaxP?y1Yug6h~G-QWqf{5r?R0q(%2B%G}|JOxGnP;JJi7286a6A#p!g z2Wac0Thc1h=a5t%dr&WI6n0TqN(4zR8AW;VV;g-WD8ekB>i7D&x ztSX5qc3%lEZYAAGvAOX9N=Zzyhe)Za_;a*TQT>9!|G1t9j%X`sjHLE|M}czIkfyo~ zes${Z|5xo0Z#Q1|e4dcX0ggZ=z*CyK*v&ZH6suWDcTyQ8Rqk@8S~@o>kSj=a05{_V z*s1~G#FXWG0Pb!zz=q$fc;!on04_hw<@813a3PUCDJ+T0p5ZbiraY1pZh8`w z6H^`V8$eKXQlK)==UD8J1S?|xET%${jZKUe2mgMZ5`G({AMb z=@#+txXUJnQ48`Yx{5rS#^>0?aN34EhQ3BVf^sL=L@ez_K9X)BkE6ngHW5z; zktdLtWD}#P7XW;*5uQX%Q4+vo*I)zhtF2Azhqc!r)rW>`fLIcC_%FjG&L zAlb+`(?%B|t(|EV#nc69WfA-ox$v(P{y|z!x>EQDsk+oEoOBw};(73Io>erEV;=mQ z5C0(DL&o{=57OHCRg{}x!q8d|jg{@LLlq_s4{4*wu+vRm<$c^T4%GWb_! z757n78T?xa{~$d;84KYbr1phY@gQA=)K(7v%B|vI+Exz#D&QZaCd#dVe~^w=Sj8iB z3sUDI__xR^HqpUF@UIg7Ra(UsDz3DNW_qUb0qwVV(tYT@>Mi72qLBkNR8tczo;&gJ z;=RK7x?XwZyLdO?#2cR~BI=HtXjfX2w_mf;mo%)I-rt-Rbo)m& zaUpA_xz)|B)X_4OW^YLuj8Q7b9X=Yp3j7|pNV~TL8{Y)S$E)XoQ@|PEMZlNd*)pos z4sIbZ4JZU=0Q`A^KNh7R0Ap7Uf_$`k58xx$JHUCs5AX;0lO+IX0Gt3Ha``yClYgb zeE>Ti3Jd@!sWpJITQ!V6KlVpS2u*Cw@n6 zbH{w-VVQaUu2}?dM?Cku2HdMnAshmBzwyT`aO}o(fNNI(Wxz~;zmj+r*?}Tp7O()A z56lBffZ2czC?lg5w3aiAVS-@Ce{(XajhjU|yXM z0S^FoR(=rjdY}nl+lK+Je?PEbD>9^xBb5Aj?1|Zrj}w8B7=!1JVOdu7lGI5pTSo_b zE_zlRi)bi$KJj%~q$VV#B_yKm^1P*NA;N5>?8|K_A#&DcJ44Wsg0iTVDiCn@fS*M8_VsP9AJ+YPCnJG8>> z*RN;q>bc!(;JIb{WPDV=zvWE$U9aYKs@`58XXxqdc7w@t2R8DZy>&fHpPegD8a2;0nM>ea;ilFv>=;6G+fDA7qSp2x*%?U3 z+9&AN2TBs&U9M~NJ!;_0y=?aoO{%2SG2mG!+?CKbgXhp>pmiMvIod#N9r-5DW#3DU zQ$DV}^5Q(q_2`7e1hh2X(E6moRA5kEtgiW$rnR5m({bFbM?0kk`j3M{G%1q9K)ZIS zT?`3>;$Jig4L3PB6pZKA)jUr=`}UXpuE-+Ry}$54hiGA^7<)92}OMB6+SOKfZnGSWJq(&ArHz+&#OaJvbDm zdqdO{5tW!4XWYzv3#ND)64E5;D4j#2N+b;Q)$Sm1hWhU@2EU35cs015yA}F=v#aBU zL1JEdLK5a&>LJUXk>W#Ix+fxFAYNtxu$p@7<&$SMW!ndd>-6NFN;xW&Iywzz3)DQJ z{1U@^!S!U6D{kb26=i;+4w_(;TmofH)qocpj!%BGTX7+g=h!{{DN<1wt=yX*?78)v z^~`gr{a#x>N|{AG(~`7{uI#OpeZy(;Q~7dGIBk6@S&j^+ZV+Px-G0gt?73;R6~0|i z`c2ozy}hiZq=Ri3qmSZk2kEItn7pdhk?nduAxJV9&qeBOi)vEb&bR5MUN|w{(Xu+Wgieac0 zv$Q&nE*?rA!O9QDs-qvHRIQ9K6^-?@JXKe6xl^tk^7^KJs^ delta 8361 zcmeHMYgANMmcHjgsaGi!B~X_tKtu#Y2_R4)P=(Q`SfHX}NhvBXv3#I{nivx)6YWS0 zt+JyNP*h?P#aCjh@e$K`Xwor>iRLjaW{hz%)6tAcM>8>+*4W>^w@R|sboca{)jj=V z=B)Ldy}xtzIp^;4xc5};r(X8^;gH|j#CTi&>ZvXNtp3OJqHbXiW-YBhajNKgCi zgCR>HjgZyM*S#5CSJ+9C!ci~?G6FIfG7|C!gI@kAqy_vHNUm>z>jQytB9bDyAs}_U9pkr3%UO z78IVM7rhlNklb;-W*~VUfaC$oy}SUDI~WYfb}^9mKn8j1{{U~e{!2)HuuqIMO77SH z3dUf6PC&vn&ml|H#!`@9Y~Ayi@*ZIGs>>^R-#k!LI)DBWNoqm4g7QsR zTFjG2iqc2B2F_36uAW(0<6cjP{nB zyz(rz43D0Kr+~Avrym{hiye2iuRdHOq}F}yz^Xa(%B1x%`mig!<&ph#CzgQoaAh^6 z<(0LPbOq%+87Z-P`xUX2;-45aGF~s9J*RR}4ZO3{0{_rHDoSDR!GvfNel$TJoJXvw zd{DZbKs)^-dL9~}H*P~UPuzwCI_DoD*C)`A{-gJgHLUU%MD2>*@EQ6^qw`9Zp$`s` zowc~GvLr1>gjS+y{W?q1G)-FxO|ShNTCrA^*~MqK z0a~e6_5(DxrcK9+>uq0!ruS#Tv{q@gk3p-{v`f&&Yg!f-!KrDD(0Gh&e<)ffVidLa zu*)k0C@jb(e-uEjAe*>{nu6?N8np-6<;_M4>uED=!TuUX;XShqUqBnKY4Mn|k(#yu znqGVGZrN>Uy4_GLj9&XVG`+ zEepk&)mxN9(_6Gb8>RL49W=dd7EYON_c%1~vq01O6Op8v>|!z%o9uE+2sN8*VlcIX zTo0u%)h1G?Shb59YEtd;0TZ25ZSr*!g@xG+c{tr8>3n#WvJP4XHjhkE0ap2>O6S6C zLMGL07elGoY*!YCVK^B0)5UPBauh68GjCO`@;6}=X0eI>RBW-!Yt7Vbu_@>9&KRzD zXt4?_so{2cgN0n-Hu+yH)EsUTJ*XXJt_W(z8n#A|E5auK8(4%*BvN~XU6hd;X*axt z<2{mEg0keFBB?pjrX=>(#}-toS`B4jgQ>-mCGYA@uHH7KD_$qr7+9j#AgeMQj2~Mw zR-OR!dTF-GZ$yzR%BK8?LYrm+&%}My9%UDcN$q2o_x2%IADi+uzAbFv$8)13;ER*% zGgoGV-3Qi*T4ORqG`XT}@)yz69Bni7!iyx4N`kV)5K{Zv#a7Ohizpq82HHd$%y*@r4}_yxekr} z?@XmJRwWm2E$#tUn2iQ79=tOzqWqg!a>e4@$5J!I>Nq+VYg3NLNzz1^_-W1Ec%Sh) zV=`l{@}YQYjo0+Z3>tMWeewrgU!SwydYc`PD6YR>Yfp@2; zuT?n!HX8PLAoL|C>f;D)_hxvRL1Wcmx{pz4_Y7E;_C#Rv`9x|SIJgd<6Mmgb0toa< zyig>60EbyiEV({dr<%lzmOqqQVu|+`UsSZj60Zp!T1$UH*8O(|f3tdiV5`>K&!s-T zR>5A3_8R=JN$>c7mx1y9l8OLc)^dPnU=^9DK#J&y5!~ziKPt8W`e|$KgaW# zAh8tGkQ(Y{tA$*I#FF`9fQP|dNJ}j7*^%l29`*@<6HDG3VkyX& z7Fx``w{Q{CpORd^MXS{%_qNr`|DvQ*Ns%f(=29ELt#$&OG)a5XLg~FU6ICRehH&YN z0FU)6uRH+BiKPO(0&p+C_R3cwIcbviB!||q-zNY*Wgh|D+b000pG%&{vs&rjM)EjF zb=qd*ra;6&p|HS_vI`Kd4 z|04ZEnT&%SLZRZpPSKV2A@4>?mQw^!DRLtnK^{m!*-p`&+}Tc=nQf#~*$xpzYK~L% zqy@-((MjaN6lHVb7s(RjA#?_LD8<{I!bHoFtJID>jFNMm!c6tZEp!oiIAsoTQpOM? zwG46KT7Mbr5?H}~4iQC7_c=u$x{5rS@`gG^Uus1jLpPE4qrzcM5ld~z<4D}^6!BDy zyg%(jovu)|>C;~ZiPxyNB`#$j#13P~OBB-3~!Ju==Q#?wi# zx4{NZaEKyWGQmj?PB7AWFek+qIVrBlNDV~}QB3V%XTfqNI`HGFej@yv2>-xJDANi5 zoPo62ISRixFN0lj!oNulQA$md;NK+p2Ubpb#qh5f{uMh!CEWzO0aoI2h$?Dx!9N%L zo9qy7DxM7gCc{6l*`!Q?e^cP!6o;5gN5Bq)g_k(QJaU)7zY_Qdwt&>B@NX*oo9Ym? zbQ0`suz}MYVi7Hw2LGnPKd=WVemeY{4*#Y*#1d);I}4Um>JUq*z7+nI!auM_D6{Lg+r{Qn_xGAlX?%V-#LkLyRJ!cq5iV5aP=gw z%~R_raqYx=_zJ?;l{bO6fZqToscEfQv~L zYZIUXQNUJ!uRFg5_!{&vz?Y=%0ACsLe}wiUVj*M=umIr8=`5g?ir1NgmOy(5co=vD zu+qwPlMQ@Ph^BvEXV2lw=ssW%unXV|-D==TpaI}Z>0W>@q3rWoU>)!R&`70?=CIAs znt_eLCg3%$Mv7aHsp%8Ljg|xaAP)i$0DQ~B4?X^&#lJ_TOuF1?4Pb}Efo=dLQz+$< z0q@}g8X6RUqOL%1fEOf!T4{1!A84Zh_LxigzCH%X1i1TrUG2U`d@+0ydd;;)w^f+{0U*3-^fk%O#H(mk$7_bUp+g||O zemO8{Ju;++cTxI={`)I7WC(icpOVbJz{TRdQHxwJCA}|;w8Z4}#1#JfQar7SYBD2# zlvbYjy>rdFy$)}6bFZpSk+q3RoS3|#pIhn!Y z6O{DA%+0ApGy7`82!Et7X6tbedk9Lnws&V`hAm{?hRykGQM3pCa}ljXZ%HK zVsb`ek|g;;9S84Rxz;u8otTcAOQ(e&R?K<-JGrCYMXxri>AvVp<8n*!vc=!Wb=3RfH`dra87Y4_J-nml z6$1rsG^P0hKHdNIO!9zR@80S#@P&j{)ohGCzbenzQ4>s)H>ze|2u|Pf+K%Z?irTYRr37>4MIWzlLQ)DqUIWdJN>=UCNY5DB4S6gN~i`I^stAVtv#bovcsLDcaDcvK3uXh-j zX?vl^NamGC(-f$p@Z>ArB-+t)pj4?kN(9reC|S(hMN!eQ~$ zdmS|m-D&h@lYBmeW^PXLE)yNt94226q0^g(DV;+lX%J4tJPO~U$}2+2^K3|Xnshf5 zb@kxcPwmH+VIh+e2VwI|OX=#?5UOuAb-xGTgzRk{*N^S7FC0IzOU zEq|szjC&%Ke!bOX_C*+NQ{`hH|Gvuw`R+m1I`BF~eOfK@TLF~YYVwx&rQLNT{LhVo zr`8{a&b6lE0@wW+?*y4FzKGn$dk%dSw({6)@AP0dW1^=%W3nu_=%KocKb_hemuh?( z27D0Uu0F;7NnT5HKYWDn=J$}xQaAoa-iNTnfk{lqpRsfSBl5hMsOPpYT=NHRQ_Xp> z#~0gk;AX_RwVus~gT+*9Vlp<0G=WODC5Y+Nuq~?BdRX;>)tH;d4<7R`YYxW6_4RF4 z@{VwNt<7Y61J%6h{9WR~x5Rh`B&@6~>mj~JjTt3l@!{o~IRP&(dST@0cQgl*c*Qjb zO!8TT4xY_7`=Wsp_Z>*<^6r9rVTWzP@APOA&sE8dku>YMe7Pl(4nLP7KOad~AU5@; z-p`xN*Lv$AK4;;_1tr%`UhEh{qVdlkwD>}Un}6~0&>gn}pO?ild@#806@97i_7u6X zFHPE>Z}Ej3i>6<>^W)mm>)I4*lf6EMUfXWMPrLT*gXAmyC~$`<-4|H&pOiA;RHvP9 z!a5BT&Px-kM-ThoJMz|z$-&o9V?_;o#z0ecz~{cSc*ihhd>n3Dm>ZRj?-+#NTR-d= zq;Frp#%|qe+NYGVXZL=w_m;fhxi4qH9|3}_ B#4`W@ diff --git a/package.json b/package.json index 3026369..042b28e 100644 --- a/package.json +++ b/package.json @@ -27,6 +27,7 @@ "type": "module", "dependencies": { "@fontsource-variable/inter": "^5.0.18", + "@fontsource-variable/noto-sans-mono": "^5.0.20", "@prisma/client": "5.16.2" } } diff --git a/src/lib/configuration.ts b/src/lib/configuration.ts index 47823f6..b9522c2 100644 --- a/src/lib/configuration.ts +++ b/src/lib/configuration.ts @@ -7,11 +7,13 @@ const configuration = { }, client: { id: process.env.OAUTH2__CLIENT_ID, - secret: process.env.OAUTH2__CLIENT_SECRET + secret: process.env.OAUTH2__CLIENT_SECRET, + scopes: process.env.OAUTH2__SCOPES } }, userinfo: { - route: process.env.USERINFO__ROUTE + route: process.env.USERINFO__ROUTE, + identifier: process.env.USERINFO__IDENTIFIER } } export default configuration \ No newline at end of file diff --git a/src/lib/index.ts b/src/lib/index.ts index bb41ccf..3baee3d 100644 --- a/src/lib/index.ts +++ b/src/lib/index.ts @@ -92,41 +92,44 @@ export async function getUserInfo(id: string) { }) if (!tokenInfo) return + let userInfo + // check for cached userinfo if (userInfoCache.has(tokenInfo.owner)) - return userInfoCache.get(tokenInfo.owner) - + userInfo = userInfoCache.get(tokenInfo.owner) + else { let userInfoRequest = await fetchUserInfo(tokenInfo.token) - if (!userInfoRequest.ok) { - // assume that token has expired. - // try fetching a new one + if (!userInfoRequest.ok) { + // assume that token has expired. + // try fetching a new one - if (!tokenInfo.refreshToken) return // no refresh token. back out - let token = await getNewToken({ - grant_type: "refresh_token", - refresh_token: tokenInfo.refreshToken - }) + if (!tokenInfo.refreshToken) return // no refresh token. back out + let token = await getNewToken({ + grant_type: "refresh_token", + refresh_token: tokenInfo.refreshToken + }) - if (!token) return // refresh failed. back out - prisma.token.update({ - where: { id }, - data: { - token: token.access_token, - refreshToken: token.refresh_token - } - }) + if (!token) return // refresh failed. back out + prisma.token.update({ + where: { id }, + data: { + token: token.access_token, + refreshToken: token.refresh_token + } + }) - userInfoRequest = await fetchUserInfo(token.access_token) - if (!userInfoRequest.ok) return // Give up + userInfoRequest = await fetchUserInfo(token.access_token) + if (!userInfoRequest.ok) return // Give up + } + + userInfo = await userInfoRequest.json() + + // cache userinfo + userInfoCache.set(tokenInfo.owner, userInfo) + setTimeout(() => userInfoCache.delete(tokenInfo.owner), 60*60*1000) } - const userInfo = await userInfoRequest.json() - - // cache userinfo - userInfoCache.set(tokenInfo.owner, userInfo) - setTimeout(() => userInfoCache.delete(tokenInfo.owner), 60*60*1000) - - return userInfo as User + return { ...userInfo, identifier: userInfo[configuration.userinfo.identifier] } as User } export function deleteToken(id: string) { diff --git a/src/lib/types.ts b/src/lib/types.ts index 9b37fe3..c578975 100644 --- a/src/lib/types.ts +++ b/src/lib/types.ts @@ -1,4 +1,5 @@ export interface User { name: string sub: string + identifier: string } \ No newline at end of file diff --git a/src/routes/+layout.svelte b/src/routes/+layout.svelte index 36e1dc8..0ade011 100644 --- a/src/routes/+layout.svelte +++ b/src/routes/+layout.svelte @@ -1,5 +1,6 @@ + +

Hi, {data.user.name}

- Your identifier is {data.user.sub}. -

\ No newline at end of file + The sub claim is set to {data.user.sub}. + Your identifier is {data.user.identifier}. +

+
+ + + +
\ No newline at end of file