🐛 implement Apple Login process

Author: DGuang21

src/domain/user.ts

@@ -90,6 +90,7 @@ export interface userLoginReq {
   aff_code?: string
   siteverify_code?: string
   id_token?: string
+  client_id?: string
 }
 
 export interface userLoginResp {
@@ -119,6 +120,13 @@ export class UserService {
     const req = await RequestUtils.json<userLoginReq>(request)
     const authRes = await new SlaxAuth(ctx.env).login(req)
 
+    if (req.type === 'apple' && authRes.sub && authRes.email.endsWith('@appleid.apple.com')) {
+      const platformBind = await this.userRepo.getUserByPlatform('apple', authRes.sub)
+      if (platformBind && platformBind.user_name) {
+        authRes.email = platformBind.user_name
+      }
+    }
+
     // get user info by email
     const findRes = await this.userRepo.getInfoByEmail(authRes.email)
     if (findRes instanceof Error) {
@@ -152,6 +160,10 @@ export class UserService {
     const signUserId = new Hashid(ctx.env).encodeId(regInfo.id)
     const token = await new Auth(ctx.env).sign({ id: String(signUserId), lang: regInfo.lang, email: regInfo.email })
 
+    if (req.type === 'apple' && authRes.sub && authRes.email && !authRes.email.endsWith('@appleid.apple.com')) {
+      await this.userRepo.userBindPlatform(regInfo.id, platformBindType.APPLE, authRes.sub, authRes.email)
+    }
+
     // 发放邀请奖励
     //   if (isFirstRegister && req.aff_code) {
     //     const turnstileToken = req.siteverify_code

src/infra/repository/dbUser.ts

@@ -35,7 +35,8 @@ export enum platformBindType {
   TELEGRAM = 'telegram',
   WECHAT = 'wechat',
   QQ = 'qq',
-  EMAIL = 'email'
+  EMAIL = 'email',
+  APPLE = 'apple'
 }
 
 export enum noticeType {

src/utils/auth.ts

@@ -49,13 +49,13 @@ export class SlaxAuth {
   }
 
   public async loginWithApple(req: userLoginReq): Promise<SlaxAuthResult> {
-    const res = await new AppleAuth(this.env).loginWithApple(req.code, req.id_token || '', req.redirect_uri)
+    const res = await new AppleAuth(this.env).loginWithApple(req.code, req.id_token || '', req.client_id || '', req.redirect_uri)
     console.log('loginWithApple result:', res)
 
-    const userName = !!req.family_name ? `${req.given_name} ${req.family_name}` : undefined
-    const givenName = req.given_name || undefined
-    const familyName = req.family_name || undefined
-    const email = `${res.sub}@appleid.apple.com`
+    const givenName = req.given_name || ''
+    const familyName = req.family_name || ''
+    const userName = familyName ? `${givenName} ${familyName}`.trim() : givenName || ''
+    const email = res.email || `${res.sub}@appleid.apple.com`
 
     return {
       iss: res.iss,

src/utils/authLogin/authApple.ts

@@ -40,7 +40,6 @@ export interface AppleKey {
 export class AppleAuth {
   private kv: KVNamespace
   private keyId: string
-  private clientId: string
   private teamId: string
   private privateKey: string
 
@@ -53,7 +52,6 @@ export class AppleAuth {
     this.kv = env.KV
     this.keyId = env.APPLE_SIGN_KEY_ID
     this.privateKey = env.APPLE_SIGN_AUTH_KEY
-    this.clientId = env.APPLE_SIGN_CLIENT_ID
     this.teamId = env.APPLE_SIGN_TEAM_ID
     this.privateKey = this.privateKey
       .replace(/\\n/g, '')
@@ -63,7 +61,7 @@ export class AppleAuth {
   }
 
   //  get client secret
-  private async getClientSecret(): Promise<string> {
+  private async getClientSecret(clientId: string): Promise<string> {
     const header = { alg: AppleAuth.algorithm, kid: this.keyId }
     const privateKey = await importPKCS8(this.privateKey, 'ES256')
 
@@ -72,17 +70,17 @@ export class AppleAuth {
       .setIssuer(this.teamId)
       .setExpirationTime('170days')
       .setIssuedAt()
-      .setSubject(this.clientId)
+      .setSubject(clientId)
       .setAudience(AppleAuth.ENDPOINT_URL)
       .sign(privateKey)
   }
 
-  private async getAuthorizationToken(code: string, clientSecret: string, redirectUri?: string): Promise<AppleAuthorizationTokenResponseType> {
+  private async getAuthorizationToken(code: string, clientId: string, clientSecret: string, redirectUri?: string): Promise<AppleAuthorizationTokenResponseType> {
     const url = new URL(AppleAuth.ENDPOINT_URL)
     url.pathname = '/auth/token'
 
     const params = new URLSearchParams()
-    params.append('client_id', this.clientId)
+    params.append('client_id', clientId)
     params.append('client_secret', clientSecret)
     params.append('code', code)
     params.append('grant_type', 'authorization_code')
@@ -114,11 +112,11 @@ export class AppleAuth {
   }
 
   //  Sign in with Apple
-  async loginWithApple(code: string, idToken: string, redirectUri?: string): Promise<AppleIdTokenType> {
+  async loginWithApple(code: string, idToken: string, clientId: string, redirectUri?: string): Promise<AppleIdTokenType> {
     try {
-      const clientRes = await this.getClientSecret()
+      const clientRes = await this.getClientSecret(clientId)
 
-      const tokenResp = await this.getAuthorizationToken(code, clientRes, redirectUri)
+      const tokenResp = await this.getAuthorizationToken(code, clientId, clientRes, redirectUri)
 
       const authResp = await this.verifyIdToken(tokenResp.id_token)