Feature/oauth GitHub

CHANGELOG.md

@@ -20,6 +20,7 @@
 - Added same site property to the clear cookies function ([#218](https://github.com/chingu-x/chingu-dashboard-be/pull/218))
 - Added routes for teams to create own tech stack categories([#208](https://github.com/chingu-x/chingu-dashboard-be/pull/208))
 - Added unit tests for Features controller and services ([#220](https://github.com/chingu-x/chingu-dashboard-be/pull/220))
+- Add github oauth and e2e test ([#194](https://github.com/chingu-x/chingu-dashboard-be/pull/222))
 
 ### Changed
 - Updated cors origin list ([#218](https://github.com/chingu-x/chingu-dashboard-be/pull/218))

README.md

@@ -41,6 +41,10 @@ DISCORD_CLIENT_ID=
 DISCORD_CLIENT_SECRET=
 DISCORD_CALLBACK_URL=http://localhost:8000/api/v1/auth/discord/redirect
 
+GITHUB_CLIENT_ID=
+GITHUB_CLIENT_SECRET=
+GITHUB_CALLBACK_URL=http://localhost:8000/api/v1/auth/github/redirect 
+
 # .env.test
 DATABASE_URL={your test database connection string}
 NODE_ENV=test

package.json

@@ -54,6 +54,7 @@
         "@nestjs/schedule": "^4.0.0",
         "@nestjs/swagger": "^7.1.11",
         "@prisma/client": "^5.16.1",
+        "@types/passport-github2": "^1.2.9",
         "bcrypt": "^5.1.1",
         "class-transformer": "^0.5.1",
         "class-validator": "^0.14.0",
@@ -64,6 +65,7 @@
         "node-mailjet": "^6.0.4",
         "passport": "^0.6.0",
         "passport-discord": "^0.1.4",
+        "passport-github2": "^0.1.12",
         "passport-jwt": "^4.0.1",
         "passport-local": "^1.0.0",
         "reflect-metadata": "^0.1.13",

src/auth/auth.controller.ts

@@ -44,6 +44,7 @@ import { CustomRequest } from "@/global/types/CustomRequest";
 import { Response } from "express";
 import { DiscordAuthGuard } from "./guards/discord-auth.guard";
 import { AppConfigService } from "@/config/app/appConfig.service";
+import { GithubAuthGuard } from "./guards/github-auth.guard";
 @ApiTags("Auth")
 @Controller("auth")
 export class AuthController {
@@ -347,4 +348,28 @@ export class AuthController {
         const FRONTEND_URL = this.appConfigService.FrontendUrl;
         res.redirect(`${FRONTEND_URL}`);
     }
+
+    @ApiOperation({
+        summary: "Github oauth",
+        description:
+            "This does not work on swagger. Open `{BaseURL}/api/v1/auth/github/login` in a browser to see the GitHub popup.",
+    })
+    @UseGuards(GithubAuthGuard)
+    @Public()
+    @Get("/github/login")
+    handleGithubLogin() {
+        return;
+    }
+
+    @UseGuards(GithubAuthGuard)
+    @Public()
+    @Get("/github/redirect")
+    async handleGithubRedirect(
+        @Request() req: CustomRequest,
+        @Res({ passthrough: true }) res: Response,
+    ) {
+        await this.authService.returnTokensOnLoginSuccess(req, res);
+        const FRONTEND_URL = this.appConfigService.FrontendUrl;
+        res.redirect(`${FRONTEND_URL}`);
+    }
 }

src/auth/auth.module.ts

@@ -1,6 +1,6 @@
 import { Module } from "@nestjs/common";
 import { AuthService } from "./auth.service";
-import { UsersModule } from "@/users/users.module";
+import { UsersModule } from "../users/users.module";
 import { AuthController } from "./auth.controller";
 import { PassportModule } from "@nestjs/passport";
 import { LocalStrategy } from "./strategies/local.strategy";
@@ -9,11 +9,13 @@ import { AtStrategy } from "./strategies/at.strategy";
 import { RtStrategy } from "./strategies/rt.strategy";
 import { DiscordStrategy } from "./strategies/discord.strategy";
 import { DiscordAuthService } from "./discord-auth.service";
+import { GithubStrategy } from "./strategies/github.strategy";
+import { GithubAuthService } from "./github-auth.service";
 import { EmailService } from "../utils/emails/email.service";
 import { MailConfigModule } from "@/config/mail/mailConfig.module";
 import { AppConfigModule } from "@/config/app/appConfig.module";
 import { AuthConfigModule } from "@/config/auth/authConfig.module";
-import { OAuthConfigModule } from "@/config/Oauth/oauthConfig.module";
+import { OAuthConfigModule } from "../config/Oauth/oauthConfig.module";
 import { AuthConfig } from "@/config/auth/auth.interface";
 
 @Module({
@@ -43,6 +45,11 @@ import { AuthConfig } from "@/config/auth/auth.interface";
             provide: "DISCORD_OAUTH",
             useClass: DiscordAuthService,
         },
+        GithubStrategy,
+        {
+            provide: "GITHUB_OAUTH",
+            useClass: GithubAuthService,
+        },
     ],
     controllers: [AuthController],
     exports: [AuthService],

src/auth/github-auth.service.ts

@@ -0,0 +1,81 @@
+import {
+    Injectable,
+    Inject,
+    InternalServerErrorException,
+} from "@nestjs/common";
+import { IAuthProvider } from "../global/interfaces/oauth.interface";
+import { PrismaService } from "../prisma/prisma.service";
+import { GithubUser } from "../global/types/auth.types";
+import { generatePasswordHash } from "../global/auth/utils";
+import { OAuthConfig } from "@/config/Oauth/oauthConfig.interface";
+
+@Injectable()
+export class GithubAuthService implements IAuthProvider {
+    constructor(
+        private prisma: PrismaService,
+        @Inject("OAuth-Config") private oAuthConfig: OAuthConfig,
+    ) {}
+    async validateUser(user: GithubUser) {
+        const userInDb = await this.prisma.findUserByOAuthId(
+            "github",
+            user.githubId,
+        );
+
+        if (userInDb)
+            return {
+                id: userInDb.userId,
+                email: user.email,
+            };
+        return this.createUser(user);
+    }
+
+    async createUser(user: GithubUser) {
+        // generate a random password and not tell them so they can't login, but they will be able to reset password,
+        // and will be able to login with this in future,
+        // or maybe the app will prompt user the input the password, exact oauth flow is to be determined
+
+        // this should not happen when "user:email" is in the scope
+        if (!user.email)
+            throw new InternalServerErrorException(
+                "[github-auth.service]: Cannot get email from github to create a new Chingu account",
+            );
+
+        // check if email is in the database, add oauth profile to existing account, otherwise, create a new user account
+        return this.prisma.user.upsert({
+            where: {
+                email: user.email,
+            },
+            update: {
+                emailVerified: true,
+                oAuthProfiles: {
+                    create: {
+                        provider: {
+                            connect: {
+                                name: "github",
+                            },
+                        },
+                        providerUserId: user.githubId,
+                        providerUsername: user.username,
+                    },
+                },
+            },
+            create: {
+                email: user.email,
+                password: await generatePasswordHash(),
+                emailVerified: true,
+                avatar: user.avatar,
+                oAuthProfiles: {
+                    create: {
+                        provider: {
+                            connect: {
+                                name: "github",
+                            },
+                        },
+                        providerUserId: user.githubId,
+                        providerUsername: user.username,
+                    },
+                },
+            },
+        });
+    }
+}

src/auth/guards/github-auth.guard.ts

@@ -0,0 +1,17 @@
+import { ExecutionContext, Injectable } from "@nestjs/common";
+import { AuthGuard } from "@nestjs/passport";
+
+@Injectable()
+export class GithubAuthGuard extends AuthGuard("github") {
+    constructor() {
+        super({
+            session: false,
+        });
+    }
+    async canActivate(context: ExecutionContext): Promise<boolean> {
+        const activate = (await super.canActivate(context)) as boolean;
+        const request = context.switchToHttp().getRequest();
+        await super.logIn(request);
+        return activate;
+    }
+}

src/auth/strategies/github.strategy.ts

@@ -0,0 +1,47 @@
+import { Inject, Injectable } from "@nestjs/common";
+import { PassportStrategy } from "@nestjs/passport";
+import { Strategy, Profile } from "passport-github2";
+import { IAuthProvider } from "../../global/interfaces/oauth.interface";
+import { OAuthConfig } from "../../config/Oauth/oauthConfig.interface";
+import { InternalServerErrorException } from "@nestjs/common";
+
+@Injectable()
+export class GithubStrategy extends PassportStrategy(Strategy, "github") {
+    constructor(
+        @Inject("GITHUB_OAUTH")
+        private readonly githubAuthService: IAuthProvider,
+        @Inject("OAuth-Config") private oAuthConfig: OAuthConfig,
+    ) {
+        const { clientId, clientSecret, callbackUrl } = oAuthConfig.github;
+        super({
+            clientID: clientId,
+            clientSecret: clientSecret,
+            callbackURL: callbackUrl,
+            scope: ["identify", "user:email"],
+        });
+    }
+
+    async validate(
+        accessToken: string,
+        refreshToken: string,
+        profile: Profile,
+    ): Promise<any> {
+        const { username, id, photos, emails } = profile;
+
+        const avatar = photos && photos.length > 0 ? photos[0].value : null;
+        const email = emails && emails.length > 0 ? emails[0].value : null;
+
+        if (!email) {
+            throw new InternalServerErrorException(
+                "[github-auth.service]: Cannot get email from GitHub.",
+            );
+        }
+
+        return this.githubAuthService.validateUser({
+            githubId: id,
+            username: username ? username : "",
+            avatar,
+            email,
+        });
+    }
+}

src/config/Oauth/oauthConfig.interface.ts

@@ -4,5 +4,10 @@ export interface OAuthConfig {
         clientSecret: string;
         callbackUrl: string;
     };
+    github: {
+        clientId: string;
+        clientSecret: string;
+        callbackUrl: string;
+    };
     // Add other OAuth providers as needed
 }

src/config/Oauth/oauthConfig.module.ts

@@ -29,6 +29,17 @@ import { OAuthConfig } from "./oauthConfig.interface";
                         "DISCORD_CALLBACK_URL",
                     ) as string,
                 },
+                github: {
+                    clientId: configService.get<string>(
+                        "GITHUB_CLIENT_ID",
+                    ) as string,
+                    clientSecret: configService.get<string>(
+                        "GITHUB_CLIENT_SECRET",
+                    ) as string,
+                    callbackUrl: configService.get<string>(
+                        "GITHUB_CALLBACK_URL",
+                    ) as string,
+                },
                 // Add other OAuth providers as needed
             }),
             inject: [ConfigService],

src/config/Oauth/oauthConfig.schema.ts

@@ -4,5 +4,9 @@ export const oauthValidationSchema = Joi.object({
     DISCORD_CLIENT_ID: Joi.string().required(),
     DISCORD_CLIENT_SECRET: Joi.string().required(),
     DISCORD_CALLBACK_URL: Joi.string().required(),
+
+    GITHUB_CLIENT_ID: Joi.string().required(),
+    GITHUB_CLIENT_SECRET: Joi.string().required(),
+    GITHUB_CALLBACK_URL: Joi.string().required(),
     // Add other OAuth providers as needed
 });

src/global/interfaces/oauth.interface.ts

@@ -1,8 +1,12 @@
 import { DiscordUser } from "../types/auth.types";
+import { GithubUser } from "../types/auth.types";
+
+interface AuthUserResult {
+    id: string;
+    email: string | undefined;
+}
 
 export interface IAuthProvider {
-    // TODO: Maybe change it to OAuthUser: DiscordUser | GithubUser etc
-    //   Or change it to a more general type name
-    validateUser(user: DiscordUser): void;
-    createUser(user: DiscordUser): void;
+    validateUser(user: DiscordUser | GithubUser): Promise<AuthUserResult>;
+    createUser(user: DiscordUser | GithubUser): Promise<AuthUserResult>;
 }

src/global/types/auth.types.ts

@@ -4,3 +4,10 @@ export type DiscordUser = {
     avatar?: string | null;
     email: string | undefined;
 };
+
+export type GithubUser = {
+    githubId: string;
+    username: string;
+    avatar?: string | null;
+    email: string | undefined;
+};

test/auth.e2e-spec.ts

@@ -683,4 +683,24 @@ describe("AuthController e2e Tests", () => {
             expect(res.headers.location).toMatch(re);
         });
     });
+
+    describe("Initiate Github OAuth GET /auth/github/login", () => {
+        it("should redirect ", async () => {
+            const res = await request(app.getHttpServer())
+                .get("/auth/github/login")
+                .expect(302);
+
+            const clientId = Oauth.github.clientId;
+            const responseType = "code";
+            const redirectUrl =
+                "http%3A%2F%2F127\\.0\\.0\\.1%3A[0-9]+%2Fapi%2Fv1%2Fauth%2Fgithub%2Fredirect";
+            const scope = "identify%2Cuser%3Aemail";
+
+            const re = new RegExp(
+                String.raw`https:\/\/github\.com\/login\/oauth\/authorize\?response_type=${responseType}&redirect_uri=${redirectUrl}&scope=${scope}&client_id=${clientId}`,
+            );
+
+            expect(res.headers.location).toMatch(re);
+        });
+    });
 });