Feature/oauth GitHub

CHANGELOG.md

@@ -20,6 +20,7 @@
 - Added same site property to the clear cookies function ([#218](https://github.com/chingu-x/chingu-dashboard-be/pull/218))
 - Added routes for teams to create own tech stack categories([#208](https://github.com/chingu-x/chingu-dashboard-be/pull/208))
 - Added unit tests for Features controller and services ([#220](https://github.com/chingu-x/chingu-dashboard-be/pull/220))
+- Add github oauth and e2e test ([#194](https://github.com/chingu-x/chingu-dashboard-be/pull/222))
 - Added GET endpoint for solo project ([#223](https://github.com/chingu-x/chingu-dashboard-be/pull/223))
 
 ### Changed

README.md

@@ -41,6 +41,10 @@ DISCORD_CLIENT_ID=
 DISCORD_CLIENT_SECRET=
 DISCORD_CALLBACK_URL=http://localhost:8000/api/v1/auth/discord/redirect
 
+GITHUB_CLIENT_ID=
+GITHUB_CLIENT_SECRET=
+GITHUB_CALLBACK_URL=http://localhost:8000/api/v1/auth/github/redirect 
+
 # .env.test
 DATABASE_URL={your test database connection string}
 NODE_ENV=test

package.json

@@ -54,6 +54,7 @@
         "@nestjs/schedule": "^4.0.0",
         "@nestjs/swagger": "^7.1.11",
         "@prisma/client": "^5.16.1",
+        "@types/passport-github2": "^1.2.9",
         "bcrypt": "^5.1.1",
         "class-transformer": "^0.5.1",
         "class-validator": "^0.14.0",
@@ -64,6 +65,7 @@
         "node-mailjet": "^6.0.4",
         "passport": "^0.6.0",
         "passport-discord": "^0.1.4",
+        "passport-github2": "^0.1.12",
         "passport-jwt": "^4.0.1",
         "passport-local": "^1.0.0",
         "reflect-metadata": "^0.1.13",

prisma/seed/data/oauth-providers.ts

@@ -2,4 +2,7 @@ export default [
     {
         name: "discord",
     },
+    {
+        name: "github",
+    },
 ];

src/auth/auth.controller.ts

@@ -44,6 +44,7 @@ import { CustomRequest } from "@/global/types/CustomRequest";
 import { Response } from "express";
 import { DiscordAuthGuard } from "./guards/discord-auth.guard";
 import { AppConfigService } from "@/config/app/appConfig.service";
+import { GithubAuthGuard } from "./guards/github-auth.guard";
 @ApiTags("Auth")
 @Controller("auth")
 export class AuthController {
@@ -336,6 +337,11 @@ export class AuthController {
         return;
     }
 
+    @ApiResponse({
+        status: HttpStatus.BAD_REQUEST,
+        description: "Invalid code",
+        type: BadRequestErrorResponse,
+    })
     @UseGuards(DiscordAuthGuard)
     @Public()
     @Get("/discord/redirect")
@@ -347,4 +353,33 @@ export class AuthController {
         const FRONTEND_URL = this.appConfigService.FrontendUrl;
         res.redirect(`${FRONTEND_URL}`);
     }
+
+    @ApiOperation({
+        summary: "Github oauth",
+        description:
+            "This does not work on swagger. Open `{BaseURL}/api/v1/auth/github/login` in a browser to see the GitHub popup.",
+    })
+    @UseGuards(GithubAuthGuard)
+    @Public()
+    @Get("/github/login")
+    handleGithubLogin() {
+        return;
+    }
+
+    @ApiResponse({
+        status: HttpStatus.BAD_REQUEST,
+        description: "Invalid code",
+        type: BadRequestErrorResponse,
+    })
+    @UseGuards(GithubAuthGuard)
+    @Public()
+    @Get("/github/redirect")
+    async handleGithubRedirect(
+        @Request() req: CustomRequest,
+        @Res({ passthrough: true }) res: Response,
+    ) {
+        await this.authService.returnTokensOnLoginSuccess(req, res);
+        const FRONTEND_URL = this.appConfigService.FrontendUrl;
+        res.redirect(`${FRONTEND_URL}`);
+    }
 }

src/auth/auth.module.ts

@@ -1,6 +1,6 @@
 import { Module } from "@nestjs/common";
 import { AuthService } from "./auth.service";
-import { UsersModule } from "@/users/users.module";
+import { UsersModule } from "../users/users.module";
 import { AuthController } from "./auth.controller";
 import { PassportModule } from "@nestjs/passport";
 import { LocalStrategy } from "./strategies/local.strategy";
@@ -9,11 +9,13 @@ import { AtStrategy } from "./strategies/at.strategy";
 import { RtStrategy } from "./strategies/rt.strategy";
 import { DiscordStrategy } from "./strategies/discord.strategy";
 import { DiscordAuthService } from "./discord-auth.service";
+import { GithubStrategy } from "./strategies/github.strategy";
+import { GithubAuthService } from "./github-auth.service";
 import { EmailService } from "../utils/emails/email.service";
 import { MailConfigModule } from "@/config/mail/mailConfig.module";
 import { AppConfigModule } from "@/config/app/appConfig.module";
 import { AuthConfigModule } from "@/config/auth/authConfig.module";
-import { OAuthConfigModule } from "@/config/Oauth/oauthConfig.module";
+import { OAuthConfigModule } from "../config/Oauth/oauthConfig.module";
 import { AuthConfig } from "@/config/auth/auth.interface";
 
 @Module({
@@ -43,6 +45,11 @@ import { AuthConfig } from "@/config/auth/auth.interface";
             provide: "DISCORD_OAUTH",
             useClass: DiscordAuthService,
         },
+        GithubStrategy,
+        {
+            provide: "GITHUB_OAUTH",
+            useClass: GithubAuthService,
+        },
     ],
     controllers: [AuthController],
     exports: [AuthService],

src/auth/github-auth.service.ts

@@ -0,0 +1,99 @@
+import {
+    Injectable,
+    Inject,
+    InternalServerErrorException,
+    NotFoundException,
+} from "@nestjs/common";
+import {
+    AuthUserResult,
+    IAuthProvider,
+} from "../global/interfaces/oauth.interface";
+import { PrismaService } from "../prisma/prisma.service";
+import { GithubUser } from "../global/types/auth.types";
+import { generatePasswordHash } from "../global/auth/utils";
+import { OAuthConfig } from "@/config/Oauth/oauthConfig.interface";
+
+@Injectable()
+export class GithubAuthService implements IAuthProvider {
+    constructor(
+        private prisma: PrismaService,
+        @Inject("OAuth-Config") private oAuthConfig: OAuthConfig,
+    ) {}
+    async validateUser(user: GithubUser) {
+        const userInDb = await this.prisma.findUserByOAuthId(
+            "github",
+            user.githubId,
+        );
+
+        if (userInDb)
+            return {
+                id: userInDb.userId,
+                email: user.email,
+            };
+        return this.createUser(user);
+    }
+
+    async createUser(user: GithubUser): Promise<AuthUserResult> {
+        // generate a random password and not tell them so they can't login, but they will be able to reset password,
+        // and will be able to login with this in future,
+        // or maybe the app will prompt user the input the password, exact oauth flow is to be determined
+
+        // this should not happen when "user:email" is in the scope
+        if (!user.email)
+            throw new InternalServerErrorException(
+                "[github-auth.service]: Cannot get email from github to create a new Chingu account",
+            );
+
+        // check if email is in the database, add oauth profile to existing account, otherwise, create a new user account
+        let upsertResult;
+        try {
+            upsertResult = await this.prisma.user.upsert({
+                where: {
+                    email: user.email,
+                },
+                update: {
+                    emailVerified: true,
+                    oAuthProfiles: {
+                        create: {
+                            provider: {
+                                connect: {
+                                    name: "github",
+                                },
+                            },
+                            providerUserId: user.githubId,
+                            providerUsername: user.username,
+                        },
+                    },
+                },
+                create: {
+                    email: user.email,
+                    password: await generatePasswordHash(),
+                    emailVerified: true,
+                    avatar: user.avatar,
+                    oAuthProfiles: {
+                        create: {
+                            provider: {
+                                connect: {
+                                    name: "github",
+                                },
+                            },
+                            providerUserId: user.githubId,
+                            providerUsername: user.username,
+                        },
+                    },
+                },
+            });
+        } catch (e) {
+            if (e.code === "P2025") {
+                if (e.message.includes("OAuthProvider")) {
+                    throw new NotFoundException(
+                        "OAuth provider not found in the database",
+                    );
+                }
+            }
+            console.error("Unexpected error during upsert:", e);
+            throw e;
+        }
+        return upsertResult;
+    }
+}

src/auth/guards/discord-auth.guard.ts

@@ -1,4 +1,8 @@
-import { ExecutionContext, Injectable } from "@nestjs/common";
+import {
+    BadRequestException,
+    ExecutionContext,
+    Injectable,
+} from "@nestjs/common";
 import { AuthGuard } from "@nestjs/passport";
 
 @Injectable()
@@ -9,9 +13,20 @@ export class DiscordAuthGuard extends AuthGuard("discord") {
         });
     }
     async canActivate(context: ExecutionContext): Promise<boolean> {
-        const activate = (await super.canActivate(context)) as boolean;
+        let activate;
+        try {
+            activate = (await super.canActivate(context)) as boolean;
+        } catch (e) {
+            if (e.code == "invalid_grant") {
+                throw new BadRequestException(
+                    `Invalid code in redirect query param.`,
+                );
+            }
+            throw e;
+        }
         const request = context.switchToHttp().getRequest();
         await super.logIn(request);
+
         return activate;
     }
 }

src/auth/guards/github-auth.guard.ts

@@ -0,0 +1,32 @@
+import {
+    BadRequestException,
+    ExecutionContext,
+    Injectable,
+} from "@nestjs/common";
+import { AuthGuard } from "@nestjs/passport";
+
+@Injectable()
+export class GithubAuthGuard extends AuthGuard("github") {
+    constructor() {
+        super({
+            session: false,
+        });
+    }
+    async canActivate(context: ExecutionContext): Promise<boolean> {
+        let activate;
+        try {
+            activate = (await super.canActivate(context)) as boolean;
+        } catch (e) {
+            if (e.message.includes("Failed to obtain access token")) {
+                throw new BadRequestException(
+                    `Failed to obtain access token. Possibly because of invalid redirect code.`,
+                );
+            }
+            throw e;
+        }
+        const request = context.switchToHttp().getRequest();
+        await super.logIn(request);
+
+        return activate;
+    }
+}

src/auth/strategies/github.strategy.ts

@@ -0,0 +1,47 @@
+import { Inject, Injectable } from "@nestjs/common";
+import { PassportStrategy } from "@nestjs/passport";
+import { Strategy, Profile } from "passport-github2";
+import { IAuthProvider } from "../../global/interfaces/oauth.interface";
+import { OAuthConfig } from "../../config/Oauth/oauthConfig.interface";
+import { InternalServerErrorException } from "@nestjs/common";
+
+@Injectable()
+export class GithubStrategy extends PassportStrategy(Strategy, "github") {
+    constructor(
+        @Inject("GITHUB_OAUTH")
+        private readonly githubAuthService: IAuthProvider,
+        @Inject("OAuth-Config") private oAuthConfig: OAuthConfig,
+    ) {
+        const { clientId, clientSecret, callbackUrl } = oAuthConfig.github;
+        super({
+            clientID: clientId,
+            clientSecret: clientSecret,
+            callbackURL: callbackUrl,
+            scope: ["identify", "user:email"],
+        });
+    }
+
+    async validate(
+        accessToken: string,
+        refreshToken: string,
+        profile: Profile,
+    ): Promise<any> {
+        const { username, id, photos, emails } = profile;
+
+        const avatar = photos && photos.length > 0 ? photos[0].value : null;
+        const email = emails && emails.length > 0 ? emails[0].value : null;
+
+        if (!email) {
+            throw new InternalServerErrorException(
+                "[github-auth.service]: Cannot get email from GitHub.",
+            );
+        }
+
+        return this.githubAuthService.validateUser({
+            githubId: id,
+            username: username ? username : "",
+            avatar,
+            email: email ? email : "",
+        });
+    }
+}

src/config/Oauth/oauthConfig.interface.ts

@@ -4,5 +4,10 @@ export interface OAuthConfig {
         clientSecret: string;
         callbackUrl: string;
     };
+    github: {
+        clientId: string;
+        clientSecret: string;
+        callbackUrl: string;
+    };
     // Add other OAuth providers as needed
 }

src/config/Oauth/oauthConfig.module.ts

@@ -29,6 +29,17 @@ import { OAuthConfig } from "./oauthConfig.interface";
                         "DISCORD_CALLBACK_URL",
                     ) as string,
                 },
+                github: {
+                    clientId: configService.get<string>(
+                        "GITHUB_CLIENT_ID",
+                    ) as string,
+                    clientSecret: configService.get<string>(
+                        "GITHUB_CLIENT_SECRET",
+                    ) as string,
+                    callbackUrl: configService.get<string>(
+                        "GITHUB_CALLBACK_URL",
+                    ) as string,
+                },
                 // Add other OAuth providers as needed
             }),
             inject: [ConfigService],