icynet-admin/pages/api/callback.ts

import { NextApiRequest, NextApiResponse } from 'next';
import { getAccessToken } from '../../lib/api/remote';

import Cookies from 'cookies';
import { COOKIE_KEYS, REDIRECT_URL } from '../../lib/constants';
import { decrypt } from '../../lib/utils/crypto';

const inProd = process.env.NODE_ENV === 'production';

export default async function handler(
  req: NextApiRequest,
  res: NextApiResponse
) {
  if (!req.query.code || !req.query.state) {
    return res.redirect('/');
  }

  const getAuth = await getAccessToken(req.query.code as string);
  const cookies = new Cookies(req, res, { keys: COOKIE_KEYS, secure: inProd });

  if (getAuth) {
    const decrypted = decrypt(req.query.state as string);
    const stateToken = cookies.get('validation', { signed: true });
    const parsedState = JSON.parse(decrypted);

    if (
      parsedState.state !== stateToken ||
      parsedState.redirect_uri !== REDIRECT_URL
    ) {
      return res.redirect('/');
    }

    cookies.set('authorization', getAuth.access_token, {
      expires: new Date(Date.now() + getAuth.expires_in * 1000),
      secure: inProd,
      sameSite: 'strict',
      signed: true,
    });

    cookies.set('validation', undefined, {
      expires: new Date(0),
      secure: inProd,
      sameSite: 'strict',
      signed: true,
    });
  }

  res.redirect('/');
}
initial stash 2022-08-29 18:09:28 +00:00			`import { NextApiRequest, NextApiResponse } from 'next';`
			`import { getAccessToken } from '../../lib/api/remote';`

			`import Cookies from 'cookies';`
audit logs view start 2022-09-09 18:50:28 +00:00			`import { COOKIE_KEYS, REDIRECT_URL } from '../../lib/constants';`
strict state for oauth2 2022-08-29 18:34:46 +00:00			`import { decrypt } from '../../lib/utils/crypto';`

secure cookies 2022-09-11 09:31:09 +00:00			`const inProd = process.env.NODE_ENV === 'production';`

initial stash 2022-08-29 18:09:28 +00:00			`export default async function handler(`
			`req: NextApiRequest,`
			`res: NextApiResponse`
			`) {`
delete oauth2 clients 2022-09-09 14:37:42 +00:00			`if (!req.query.code \|\| !req.query.state) {`
			`return res.redirect('/');`
			`}`

			`const getAuth = await getAccessToken(req.query.code as string);`
secure cookies 2022-09-11 09:31:09 +00:00			`const cookies = new Cookies(req, res, { keys: COOKIE_KEYS, secure: inProd });`
strict state for oauth2 2022-08-29 18:34:46 +00:00
delete oauth2 clients 2022-09-09 14:37:42 +00:00			`if (getAuth) {`
			`const decrypted = decrypt(req.query.state as string);`
			`const stateToken = cookies.get('validation', { signed: true });`
			`const parsedState = JSON.parse(decrypted);`

			`if (`
			`parsedState.state !== stateToken \|\|`
audit logs view start 2022-09-09 18:50:28 +00:00			`parsedState.redirect_uri !== REDIRECT_URL`
delete oauth2 clients 2022-09-09 14:37:42 +00:00			`) {`
			`return res.redirect('/');`
initial stash 2022-08-29 18:09:28 +00:00			`}`
strict state for oauth2 2022-08-29 18:34:46 +00:00
delete oauth2 clients 2022-09-09 14:37:42 +00:00			`cookies.set('authorization', getAuth.access_token, {`
			`expires: new Date(Date.now() + getAuth.expires_in * 1000),`
secure cookies 2022-09-11 09:31:09 +00:00			`secure: inProd,`
audit logs view start 2022-09-09 18:50:28 +00:00			`sameSite: 'strict',`
delete oauth2 clients 2022-09-09 14:37:42 +00:00			`signed: true,`
			`});`

			`cookies.set('validation', undefined, {`
			`expires: new Date(0),`
secure cookies 2022-09-11 09:31:09 +00:00			`secure: inProd,`
audit logs view start 2022-09-09 18:50:28 +00:00			`sameSite: 'strict',`
delete oauth2 clients 2022-09-09 14:37:42 +00:00			`signed: true,`
			`});`
initial stash 2022-08-29 18:09:28 +00:00			`}`
delete oauth2 clients 2022-09-09 14:37:42 +00:00
			`res.redirect('/');`
initial stash 2022-08-29 18:09:28 +00:00			`}`