You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

99 lines
3.1 KiB

import {LoginProvider, LoginProviderConfig} from '../LoginProvider'
import {ResponseObject, Route} from '../../../http/routing/Route'
import {Inject, Injectable} from '../../../di'
import {Routing} from '../../../service/Routing'
import {GuestRequiredMiddleware} from '../../middleware/GuestRequiredMiddleware'
import {redirect} from '../../../http/response/RedirectResponseFactory'
import {view} from '../../../http/response/ViewResponseFactory'
import {Request} from '../../../http/lifecycle/Request'
import {Awaitable} from '../../../util'
import {Authenticatable} from '../../types'
export interface OAuth2LoginProviderConfig extends LoginProviderConfig {
displayName: string,
clientId: string|number
clientSecret: string
loginUrl: string
loginMessage?: string
logoutUrl?: string
tokenUrl: string,
userUrl: string,
* LoginProvider implementation for OAuth2-based logins.
export abstract class OAuth2LoginProvider<TConfig extends OAuth2LoginProviderConfig> extends LoginProvider<TConfig> {
protected readonly routing!: Routing
public routes(): void {
.handledBy(() => redirect(this.getLoginUrl()))
protected async handleCallback(request: Request): Promise<ResponseObject> {
const user = await this.callback(request)
if ( user ) {
return this.redirectToIntendedRoute()
return redirect(this.routing.getNamedPath(`@auth:${}:login`).toRemote)
* After redirecting back from the OAuth2 server, look up the user information.
* @param request
* @protected
protected abstract callback(request: Request): Awaitable<Authenticatable>
public login(): ResponseObject {
const buttonUrl = this.routing
return view('@extollo:auth:message', {
message: this.config.loginMessage ?? `Sign-in with ${this.config.displayName} to continue`,
buttonText: 'Sign-in',
public async logout(): Promise<ResponseObject> {
if ( this.config.logoutUrl ) {
return redirect(this.config.logoutUrl)
return view('@extollo:auth:message', {
message: 'You have been signed-out',
* Get the URL where the user should be redirected to sign-in.
* @protected
protected getLoginUrl(): string {
const callbackRoute = this.routing.getNamedPath(`@auth:${}:callback`)
return this.config.loginUrl
.replace(/%c/g, String(this.config.clientId))
.replace(/%r/g, callbackRoute.toRemote)