lukebyrne/jwt-oauth.js

## jwt-oauth.js
require('dotenv').config()
const express = require('express')
const jwt = require('jsonwebtoken')
const passport = require('passport')
const GoogleStrategy = require('passport-google-oauth20').Strategy
const fs = require('fs')
const publicKey = fs.readFileSync('jwtRS256.key.pub', 'utf8')
const privateKey = fs.readFileSync('jwtRS256.key', 'utf8')
var knex = require('knex')({
  client: 'pg',
  connection: process.env.TWIGGY_DB
})

passport.serializeUser((user, done) => {
  done(null, user)
})

// Setup Passport
passport.use(
  new GoogleStrategy({
    clientID: process.env.GOOGLE_CLIENT_ID,
    clientSecret: process.env.GOOGLE_CLIENT_SECRET,
    callbackURL: process.env.CALLBACK_URL
  }, (accessToken, refreshToken, profile, done) => {
    const email = profile.emails[0].value
    knex('users').where({email: email}).first().then((user) => {
      // !currentUser, pass it on
      if(user){
        console.log('currentUser is: ', user);
        done(null, user);
      } else {
        // !currentUser, create user in our db
        knex('users')
        .insert({
          email: email,
        })
        .returning(['id', 'email'])
        .then((user) => {
          console.log('newUser: ', user[0])
          done(null, user[0])
        })
      }
    })
  })
)

const app = express()
app.use(passport.initialize())

app.get('/', (req, res) => {
  res.send('Oauth2')
})

app.get('/oauth2', passport.authenticate('google', {
  scope: ['profile', 'email'],
  hostedDomain: process.env.HOSTED_DOMAIN
}))

// Set a function for our JWT token
const token = (userId, email, rolesArray) => {
  // Set our JWT claims
  let claims = {
    sub: userId,
    email: email,
    'https://hasura.io/jwt/claims': {
      'x-hasura-default-role': rolesArray.includes('admin') ? 'admin': 'user',
      'x-hasura-user-id': userId,
      'x-hasura-allowed-roles': rolesArray
    }
  }

  // Sign the JWT and pass onto the REDIRECT_URL
  const token = jwt.sign(claims, privateKey, { algorithm: 'RS256' })
  // Check that we can decode things!
  const decoded = jwt.verify(token, publicKey)
  console.log(decoded)
  return token
}

app.get('/redirect', passport.authenticate('google'), (req, res) => {
  // Get our roles from the DB then once resolved set our claims and redirect
  knex
  .select('name')
  .from('roles')
  .leftJoin('users_roles', 'roles.id', 'users_roles.role_id')
  .where({ 'users_roles.user_id': req.user.id })
  .then((roles) => {
    // Map the roles return to an array of names
    const rolesArray = roles.map(role => role.name)
    // Now redirect
    res.redirect(`${process.env.REDIRECT_URL}?token=${token(req.user.id, req.user.email, rolesArray)}`)
  })
})

const port = process.env.PORT || 3000
app.listen(port, () => {
  console.log(`app now listening for requests on port ${port}`)
})
	require('dotenv').config()
	const express = require('express')
	const jwt = require('jsonwebtoken')
	const passport = require('passport')
	const GoogleStrategy = require('passport-google-oauth20').Strategy
	const fs = require('fs')
	const publicKey = fs.readFileSync('jwtRS256.key.pub', 'utf8')
	const privateKey = fs.readFileSync('jwtRS256.key', 'utf8')
	var knex = require('knex')({
	client: 'pg',
	connection: process.env.TWIGGY_DB
	})

	passport.serializeUser((user, done) => {
	done(null, user)
	})

	// Setup Passport
	passport.use(
	new GoogleStrategy({
	clientID: process.env.GOOGLE_CLIENT_ID,
	clientSecret: process.env.GOOGLE_CLIENT_SECRET,
	callbackURL: process.env.CALLBACK_URL
	}, (accessToken, refreshToken, profile, done) => {
	const email = profile.emails[0].value
	knex('users').where({email: email}).first().then((user) => {
	// !currentUser, pass it on
	if(user){
	console.log('currentUser is: ', user);
	done(null, user);
	} else {
	// !currentUser, create user in our db
	knex('users')
	.insert({
	email: email,
	})
	.returning(['id', 'email'])
	.then((user) => {
	console.log('newUser: ', user[0])
	done(null, user[0])
	})
	}
	})
	})
	)

	const app = express()
	app.use(passport.initialize())

	app.get('/', (req, res) => {
	res.send('Oauth2')
	})

	app.get('/oauth2', passport.authenticate('google', {
	scope: ['profile', 'email'],
	hostedDomain: process.env.HOSTED_DOMAIN
	}))

	// Set a function for our JWT token
	const token = (userId, email, rolesArray) => {
	// Set our JWT claims
	let claims = {
	sub: userId,
	email: email,
	'https://hasura.io/jwt/claims': {
	'x-hasura-default-role': rolesArray.includes('admin') ? 'admin': 'user',
	'x-hasura-user-id': userId,
	'x-hasura-allowed-roles': rolesArray
	}
	}

	// Sign the JWT and pass onto the REDIRECT_URL
	const token = jwt.sign(claims, privateKey, { algorithm: 'RS256' })
	// Check that we can decode things!
	const decoded = jwt.verify(token, publicKey)
	console.log(decoded)
	return token
	}

	app.get('/redirect', passport.authenticate('google'), (req, res) => {
	// Get our roles from the DB then once resolved set our claims and redirect
	knex
	.select('name')
	.from('roles')
	.leftJoin('users_roles', 'roles.id', 'users_roles.role_id')
	.where({ 'users_roles.user_id': req.user.id })
	.then((roles) => {
	// Map the roles return to an array of names
	const rolesArray = roles.map(role => role.name)
	// Now redirect
	res.redirect(`${process.env.REDIRECT_URL}?token=${token(req.user.id, req.user.email, rolesArray)}`)
	})
	})

	const port = process.env.PORT \|\| 3000
	app.listen(port, () => {
	console.log(`app now listening for requests on port ${port}`)
	})