diff options
Diffstat (limited to 'cloud/function')
| -rw-r--r-- | cloud/function/src/auth.ts | 58 | ||||
| -rw-r--r-- | cloud/function/sst-env.d.ts | 4 |
2 files changed, 61 insertions, 1 deletions
diff --git a/cloud/function/src/auth.ts b/cloud/function/src/auth.ts index 5eacb7a72..fe31651e5 100644 --- a/cloud/function/src/auth.ts +++ b/cloud/function/src/auth.ts @@ -2,7 +2,9 @@ import { Resource } from "sst" import { z } from "zod" import { issuer } from "@openauthjs/openauth" import { createSubjects } from "@openauthjs/openauth/subject" +import { CodeProvider } from "@openauthjs/openauth/provider/code" import { GithubProvider } from "@openauthjs/openauth/provider/github" +import { GoogleOidcProvider } from "@openauthjs/openauth/provider/google" import { CloudflareStorage } from "@openauthjs/openauth/storage/cloudflare" import { Account } from "@opencode/cloud-core/account.js" @@ -30,6 +32,53 @@ export default { clientSecret: Resource.GITHUB_CLIENT_SECRET_CONSOLE.value, scopes: ["read:user", "user:email"], }), + google: GoogleOidcProvider({ + clientID: Resource.GOOGLE_CLIENT_ID.value, + scopes: ["openid", "email"], + }), + // email: CodeProvider({ + // async request(req, state, form, error) { + // console.log(state) + // const params = new URLSearchParams() + // if (error) { + // params.set("error", error.type) + // } + // if (state.type === "start") { + // return Response.redirect(process.env.AUTH_FRONTEND_URL + "/auth/email?" + params.toString(), 302) + // } + // + // if (state.type === "code") { + // return Response.redirect(process.env.AUTH_FRONTEND_URL + "/auth/code?" + params.toString(), 302) + // } + // + // return new Response("ok") + // }, + // async sendCode(claims, code) { + // const email = z.string().email().parse(claims.email) + // const cmd = new SendEmailCommand({ + // Destination: { + // ToAddresses: [email], + // }, + // FromEmailAddress: `SST <auth@${Resource.Email.sender}>`, + // Content: { + // Simple: { + // Body: { + // Html: { + // Data: `Your pin code is <strong>${code}</strong>`, + // }, + // Text: { + // Data: `Your pin code is ${code}`, + // }, + // }, + // Subject: { + // Data: "SST Console Pin Code: " + code, + // }, + // }, + // }, + // }) + // await ses.send(cmd) + // }, + // }), }, storage: CloudflareStorage({ namespace: env.AuthStorage, @@ -50,7 +99,14 @@ export default { }) const user = (await userResponse.json()) as { email: string } email = user.email - } else throw new Error("Unsupported provider") + } else if (response.provider === "google") { + if (!response.id.email_verified) throw new Error("Google email not verified") + email = response.id.email as string + } + //if (response.provider === "email") { + // email = response.claims.email + //} + else throw new Error("Unsupported provider") if (!email) throw new Error("No email found") diff --git a/cloud/function/sst-env.d.ts b/cloud/function/sst-env.d.ts index 4e2b15921..520a033ff 100644 --- a/cloud/function/sst-env.d.ts +++ b/cloud/function/sst-env.d.ts @@ -50,6 +50,10 @@ declare module "sst" { "type": "sst.sst.Secret" "value": string } + "GOOGLE_CLIENT_ID": { + "type": "sst.sst.Secret" + "value": string + } "OPENAI_API_KEY": { "type": "sst.sst.Secret" "value": string |