📦 EqualifyEverything / equalify-hub

equalify-hub / routes / public / auth.ts
📄 auth.ts · 154 lines 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154import type { Context } from 'hono';
import { deleteCookie as honoDeleteCookie } from 'hono/cookie';
import { 
    getGitHubAuthUrl,
    getGitHubProAuthUrl,
    exchangeCodeForToken, 
    fetchCurrentUser,
    getGitHubToken,
    hasProStatus
} from '#src/utils/auth';
import { getProUser } from '#src/utils/db';
import { renderPage } from '#src/utils/legacyLayout';

// Create cookie string for Lambda Function URLs
const makeCookie = (name: string, value: string, maxAge: number) => 
    `${name}=${value}; Path=/; Max-Age=${maxAge}; SameSite=Lax`;

// For Lambda Function URLs, we need to return cookies in a specific format
// Hono's setCookie doesn't work properly with Lambda Function URLs
const redirectWithCookies = (location: string, cookies: string[]) => {
    const headers = new Headers({ 'Location': location });
    for (const cookie of cookies) {
        headers.append('Set-Cookie', cookie);
    }
    return new Response(null, { status: 302, headers });
};

// Redirect to GitHub OAuth
export const github = async (c: Context) => {
    // Check gc_pro cookie first (survives logout)
    if (hasProStatus()) {
        return c.redirect(getGitHubProAuthUrl(), 302);
    }
    
    // Check if user is already logged in and is pro - use pro scopes
    const token = getGitHubToken();
    let isPro = false;
    
    if (token) {
        try {
            const ghUser = await fetch('https://api.github.com/user', {
                headers: { 
                    'Authorization': `Bearer ${token}`,
                    'User-Agent': 'EqualifyOpenSource'
                }
            }).then(r => r.json());
            
            if (ghUser.id) {
                const proUser = await getProUser(String(ghUser.id));
                isPro = proUser?.status === 'active';
            }
        } catch (e) {
            // Ignore
        }
    }
    
    const authUrl = isPro ? getGitHubProAuthUrl() : getGitHubAuthUrl();
    return c.redirect(authUrl, 302);
};

// Pro auth - always request private repo scope
export const githubPro = (c: Context) => {
    return c.redirect(getGitHubProAuthUrl(), 302);
};

// Handle GitHub OAuth callback
export const callback = async (c: Context) => {
    const code = c.req.query('code');
    
    if (!code) {
        return c.html(renderError('Missing authorization code'), 400);
    }
    
    try {
        // Exchange code for token
        const tokenResponse = await exchangeCodeForToken(code);
        
        if (tokenResponse.error || !tokenResponse.access_token) {
            return c.html(renderError(tokenResponse.error || 'Failed to get access token'), 400);
        }
        
        const token = tokenResponse.access_token;
        
        // Fetch user info
        const user = await fetchCurrentUser(token);
        
        if (!user.login) {
            return c.html(renderError('Failed to get user info'), 400);
        }
        
        // Check if user is pro
        const proUser = await getProUser(String(user.id));
        const isPro = proUser?.status === 'active';
        
        // Create user cookie value (login, avatar, and pro status for display)
        const userInfo = JSON.stringify({ 
            login: user.login, 
            avatar_url: user.avatar_url,
            isPro
        });
        
        // Build cookies and redirect - use raw Response for Lambda Function URLs
        const cookies = [
            makeCookie('gh_token', token, 60 * 60 * 24 * 30),
            makeCookie('gh_user', encodeURIComponent(userInfo), 60 * 60 * 24 * 30),
        ];
        if (isPro) {
            cookies.push(makeCookie('gc_pro', '1', 60 * 60 * 24 * 365));
        }
        
        return redirectWithCookies('/', cookies);
    } catch (error) {
        return c.html(renderError('Authentication failed'), 500);
    }
};

// Logout - clear cookies (but keep gc_pro for re-auth)
export const logout = (c: Context) => {
    return redirectWithCookies('/', [
        makeCookie('gh_token', '', 0),
        makeCookie('gh_user', '', 0),
    ]);
};

const errorPageCss = `
.error-container {
    display: flex;
    align-items: center;
    justify-content: center;
    min-height: 60vh;
}
.error-box {
    background: var(--color-bg-secondary);
    border: 1px solid var(--color-danger);
    border-radius: 6px;
    padding: 24px 32px;
    text-align: center;
}
.error-box h1 { color: var(--color-danger); margin: 0 0 12px; font-size: 20px; }
.error-box p { margin: 0 0 16px; color: var(--color-text-secondary); }
`;

function renderError(message: string): string {
    return renderPage('Error', `
        <div class="error-container">
            <div class="error-box">
                <h1>Authentication Error</h1>
                <p>${message}</p>
                <a href="/">← Back to Equalify Open Source</a>
            </div>
        </div>
    `, errorPageCss);
}