Last active
July 18, 2022 19:16
-
-
Save powdertester/ba6876a5643b565066d469845cefbc44 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apis: (originalImplementation) => { | |
| return { | |
| ...originalImplementation, | |
| signInUpPOST: async function (input) { | |
| if (originalImplementation.signInUpPOST === undefined) { | |
| throw Error("Should never come here"); | |
| } | |
| let response = await originalImplementation.signInUpPOST( | |
| input | |
| ); | |
| if (response.status === "OK") { | |
| const user = new UserAccount(response.user.id); | |
| const token = response.authCodeResponse.access_token; | |
| await user.saveAccessToken(Providers.GitHub, token); | |
| } | |
| return response; | |
| }, | |
| }; | |
| }, | |
| }, | |
| }), | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Session.init({ | |
| jwt: { | |
| enable: true, | |
| }, | |
| cookieDomain: this.cookieDomain, | |
| override: { | |
| functions: (originalImplementation) => { | |
| return { | |
| ...originalImplementation, | |
| createNewSession: async function (input) { | |
| let userId = input.userId; | |
| let account = new UserAccount(userId); | |
| let profile; | |
| try { | |
| profile = await hub.getProfile(account); | |
| } catch (e: any) { | |
| if (e?.extensions?.code === "AUTH_ERROR") { | |
| // no token found | |
| logger.info("No token found", { userId }); | |
| return originalImplementation.createNewSession(input); | |
| } | |
| logger.info("Error getting profile", { error: e }); | |
| throw e; | |
| } | |
| const login = profile.login; | |
| const email = profile.email; | |
| logger.info("Attempting to log in user", { userId, login, email }); | |
| const roles = []; | |
| if (ADMINS.includes(login)) { | |
| roles.push("admin"); | |
| } | |
| const hasDomain = some(ALLOWED_EMAIL_DOMAINS, (domain) => { | |
| return email?.endsWith(domain); | |
| }); | |
| if (ALLOWED_USERS.includes(login) || hasDomain) { | |
| roles.push("user"); | |
| } | |
| if (RV_USERS.includes(login) || email?.endsWith(RV_DOMAIN)) { | |
| roles.push("rv"); | |
| roles.push("projects") | |
| } | |
| if (!roles.includes("user")) { | |
| logger.error("User is not allowed", { userId, login, email }); | |
| throw new AuthenticationError("Sorry, you cannot log in yet."); | |
| } | |
| logger.info("Creating session", { userId, login, email, roles }); | |
| input.accessTokenPayload = { | |
| ...input.accessTokenPayload, | |
| roles | |
| }; | |
| return originalImplementation.createNewSession(input); | |
| }, | |
| }; | |
| }, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment