feat(oauth): Add option to logout from OpenID Connect provider

* Fixes #598 Signed-off-by: Marvin A. Ruder <signed@mruder.dev>
2024-10-14 18:16:47 +02:00
parent 104cc06145
commit 2b3ce3ffd2
15 changed files with 88 additions and 15 deletions
--- a/backend/src/oauth/oauth.service.ts
+++ b/backend/src/oauth/oauth.service.ts
@@ -1,4 +1,4 @@
-import { Inject, Injectable, Logger } from "@nestjs/common";
+import { forwardRef, Inject, Injectable, Logger } from "@nestjs/common";
 import { User } from "@prisma/client";
 import { nanoid } from "nanoid";
 import { AuthService } from "../auth/auth.service";
@@ -6,14 +6,16 @@ import { ConfigService } from "../config/config.service";
 import { PrismaService } from "../prisma/prisma.service";
 import { OAuthSignInDto } from "./dto/oauthSignIn.dto";
 import { ErrorPageException } from "./exceptions/errorPage.exception";
+import { OAuthProvider } from "./provider/oauthProvider.interface";

@Injectable()
 export class OAuthService {
  constructor(
    private prisma: PrismaService,
    private config: ConfigService,
-    private auth: AuthService,
+    @Inject(forwardRef(() => AuthService)) private auth: AuthService,
    @Inject("OAUTH_PLATFORMS") private platforms: string[],
+    @Inject("OAUTH_PROVIDERS") private oAuthProviders: Record<string, OAuthProvider<unknown>>,
  ) {}
  private readonly logger = new Logger(OAuthService.name);

@@ -27,6 +29,16 @@ export class OAuthService {
      .map(([platform, _]) => platform);
  }

+  availableProviders(): Record<string, OAuthProvider<unknown>> {
+    return Object.fromEntries(Object.entries(this.oAuthProviders)
+      .map(([providerName, provider]) => [
+        [providerName, provider],
+        this.config.get(`oauth.${providerName}-enabled`),
+      ])
+      .filter(([_, enabled]) => enabled)
+      .map(([provider, _]) => provider));
+  }
+
  async status(user: User) {
    const oauthUsers = await this.prisma.oAuthUser.findMany({
      select: {
@@ -55,7 +67,7 @@ export class OAuthService {
        },
      });
      this.logger.log(`Successful login for user ${user.email} from IP ${ip}`);
-      return this.auth.generateToken(updatedUser, true);
+      return this.auth.generateToken(updatedUser, { idToken: user.idToken });
    }

    return this.signUp(user, ip);
@@ -156,7 +168,7 @@ export class OAuthService {
        },
      });
      await this.updateIsAdmin(user);
-      return this.auth.generateToken(existingUser, true);
+      return this.auth.generateToken(existingUser, { idToken: user.idToken });
    }

    const result = await this.auth.signUp(