bot/apps/builder/src/pages/api/auth/[...nextauth].ts

import NextAuth, { Account, AuthOptions } from 'next-auth'
import EmailProvider from 'next-auth/providers/email'
import GitHubProvider from 'next-auth/providers/github'
import GitlabProvider from 'next-auth/providers/gitlab'
import GoogleProvider from 'next-auth/providers/google'
import FacebookProvider from 'next-auth/providers/facebook'
import AzureADProvider from 'next-auth/providers/azure-ad'
import prisma from '@typebot.io/lib/prisma'
import { Provider } from 'next-auth/providers'
import { NextApiRequest, NextApiResponse } from 'next'
import { customAdapter } from '../../../features/auth/api/customAdapter'
import { User } from '@typebot.io/prisma'
import { getAtPath, isDefined } from '@typebot.io/lib'
import { mockedUser } from '@typebot.io/lib/mockedUser'
import { getNewUserInvitations } from '@/features/auth/helpers/getNewUserInvitations'
import { sendVerificationRequest } from '@/features/auth/helpers/sendVerificationRequest'
import { Ratelimit } from '@upstash/ratelimit'
import { Redis } from '@upstash/redis/nodejs'
import got from 'got'
import { env } from '@typebot.io/env'
import * as Sentry from '@sentry/nextjs'

const providers: Provider[] = []

let rateLimit: Ratelimit | undefined

if (env.UPSTASH_REDIS_REST_URL && env.UPSTASH_REDIS_REST_TOKEN) {
  rateLimit = new Ratelimit({
    redis: Redis.fromEnv(),
    limiter: Ratelimit.slidingWindow(1, '60 s'),
  })
}

if (env.GITHUB_CLIENT_ID && env.GITHUB_CLIENT_SECRET)
  providers.push(
    GitHubProvider({
      clientId: env.GITHUB_CLIENT_ID,
      clientSecret: env.GITHUB_CLIENT_SECRET,
    })
  )

if (env.NEXT_PUBLIC_SMTP_FROM && !env.SMTP_AUTH_DISABLED)
  providers.push(
    EmailProvider({
      server: {
        host: env.SMTP_HOST,
        port: env.SMTP_PORT,
        secure: env.SMTP_SECURE,
        auth: {
          user: env.SMTP_USERNAME,
          pass: env.SMTP_PASSWORD,
        },
      },
      from: env.NEXT_PUBLIC_SMTP_FROM,
      sendVerificationRequest,
    })
  )

if (env.GOOGLE_CLIENT_ID && env.GOOGLE_CLIENT_SECRET)
  providers.push(
    GoogleProvider({
      clientId: env.GOOGLE_CLIENT_ID,
      clientSecret: env.GOOGLE_CLIENT_SECRET,
    })
  )

if (env.FACEBOOK_CLIENT_ID && env.FACEBOOK_CLIENT_SECRET)
  providers.push(
    FacebookProvider({
      clientId: env.FACEBOOK_CLIENT_ID,
      clientSecret: env.FACEBOOK_CLIENT_SECRET,
    })
  )

if (env.GITLAB_CLIENT_ID && env.GITLAB_CLIENT_SECRET) {
  const BASE_URL = env.GITLAB_BASE_URL
  providers.push(
    GitlabProvider({
      clientId: env.GITLAB_CLIENT_ID,
      clientSecret: env.GITLAB_CLIENT_SECRET,
      authorization: `${BASE_URL}/oauth/authorize?scope=read_api`,
      token: `${BASE_URL}/oauth/token`,
      userinfo: `${BASE_URL}/api/v4/user`,
      name: env.GITLAB_NAME,
    })
  )
}

if (
  env.AZURE_AD_CLIENT_ID &&
  env.AZURE_AD_CLIENT_SECRET &&
  env.AZURE_AD_TENANT_ID
) {
  providers.push(
    AzureADProvider({
      clientId: env.AZURE_AD_CLIENT_ID,
      clientSecret: env.AZURE_AD_CLIENT_SECRET,
      tenantId: env.AZURE_AD_TENANT_ID,
    })
  )
}

if (env.CUSTOM_OAUTH_WELL_KNOWN_URL) {
  providers.push({
    id: 'custom-oauth',
    name: env.CUSTOM_OAUTH_NAME,
    type: 'oauth',
    authorization: {
      params: {
        scope: env.CUSTOM_OAUTH_SCOPE,
      },
    },
    clientId: env.CUSTOM_OAUTH_CLIENT_ID,
    clientSecret: env.CUSTOM_OAUTH_CLIENT_SECRET,
    wellKnown: env.CUSTOM_OAUTH_WELL_KNOWN_URL,
    profile(profile) {
      return {
        id: getAtPath(profile, env.CUSTOM_OAUTH_USER_ID_PATH),
        name: getAtPath(profile, env.CUSTOM_OAUTH_USER_NAME_PATH),
        email: getAtPath(profile, env.CUSTOM_OAUTH_USER_EMAIL_PATH),
        image: getAtPath(profile, env.CUSTOM_OAUTH_USER_IMAGE_PATH),
      } as User
    },
  })
}

export const authOptions: AuthOptions = {
  adapter: customAdapter(prisma),
  secret: env.ENCRYPTION_SECRET,
  providers,
  session: {
    strategy: 'database',
  },
  pages: {
    signIn: '/signin',
    newUser: env.NEXT_PUBLIC_ONBOARDING_TYPEBOT_ID ? '/onboarding' : undefined,
  },
  events: {
    signIn({ user }) {
      Sentry.setUser({ id: user.id })
    },
    signOut() {
      Sentry.setUser(null)
    },
  },
  callbacks: {
    session: async ({ session, user }) => {
      const userFromDb = user as User
      await updateLastActivityDate(userFromDb)
      return {
        ...session,
        user: userFromDb,
      }
    },
    signIn: async ({ account, user }) => {
      if (!account) return false
      const isNewUser = !('createdAt' in user && isDefined(user.createdAt))
      if (isNewUser && user.email) {
        const { body } = await got.get(
          'https://raw.githubusercontent.com/disposable-email-domains/disposable-email-domains/master/disposable_email_blocklist.conf'
        )
        const disposableEmailDomains = body.split('\n')
        if (disposableEmailDomains.includes(user.email.split('@')[1]))
          return false
      }
      if (env.DISABLE_SIGNUP && isNewUser && user.email) {
        const { invitations, workspaceInvitations } =
          await getNewUserInvitations(prisma, user.email)
        if (invitations.length === 0 && workspaceInvitations.length === 0)
          return false
      }
      const requiredGroups = getRequiredGroups(account.provider)
      if (requiredGroups.length > 0) {
        const userGroups = await getUserGroups(account)
        return checkHasGroups(userGroups, requiredGroups)
      }
      return true
    },
  },
}

const handler = async (req: NextApiRequest, res: NextApiResponse) => {
  const isMockingSession =
    req.method === 'GET' &&
    req.url === '/api/auth/session' &&
    env.NEXT_PUBLIC_E2E_TEST
  if (isMockingSession) return res.send({ user: mockedUser })
  const requestIsFromCompanyFirewall = req.method === 'HEAD'
  if (requestIsFromCompanyFirewall) return res.status(200).end()

  if (
    rateLimit &&
    req.url === '/api/auth/signin/email' &&
    req.method === 'POST'
  ) {
    let ip = req.headers['x-real-ip'] as string | undefined
    if (!ip) {
      const forwardedFor = req.headers['x-forwarded-for']
      if (Array.isArray(forwardedFor)) {
        ip = forwardedFor.at(0)
      } else {
        ip = forwardedFor?.split(',').at(0) ?? 'Unknown'
      }
    }
    const { success } = await rateLimit.limit(ip as string)
    if (!success) return res.status(429).json({ error: 'Too many requests' })
  }
  return await NextAuth(req, res, authOptions)
}

const updateLastActivityDate = async (user: User) => {
  const datesAreOnSameDay = (first: Date, second: Date) =>
    first.getFullYear() === second.getFullYear() &&
    first.getMonth() === second.getMonth() &&
    first.getDate() === second.getDate()

  if (!datesAreOnSameDay(user.lastActivityAt, new Date()))
    await prisma.user.updateMany({
      where: { id: user.id },
      data: { lastActivityAt: new Date() },
    })
}

const getUserGroups = async (account: Account): Promise<string[]> => {
  switch (account.provider) {
    case 'gitlab': {
      const getGitlabGroups = async (
        accessToken: string,
        page = 1
      ): Promise<{ full_path: string }[]> => {
        const res = await fetch(
          `${
            env.GITLAB_BASE_URL || 'https://gitlab.com'
          }/api/v4/groups?per_page=100&page=${page}`,
          { headers: { Authorization: `Bearer ${accessToken}` } }
        )
        const groups: { full_path: string }[] = await res.json()
        const nextPage = parseInt(res.headers.get('X-Next-Page') || '')
        if (nextPage)
          groups.push(...(await getGitlabGroups(accessToken, nextPage)))
        return groups
      }
      const groups = await getGitlabGroups(account.access_token as string)
      return groups.map((group) => group.full_path)
    }
    default:
      return []
  }
}

const getRequiredGroups = (provider: string): string[] => {
  switch (provider) {
    case 'gitlab':
      return env.GITLAB_REQUIRED_GROUPS ?? []
    default:
      return []
  }
}

const checkHasGroups = (userGroups: string[], requiredGroups: string[]) =>
  userGroups?.some((userGroup) => requiredGroups?.includes(userGroup))

export default handler
:ambulance: (auth) Fix bad requests with getSession on server side 2023-04-03 16:42:10 +02:00			`import NextAuth, { Account, AuthOptions } from 'next-auth'`
Add authentication 2021-11-29 15:19:07 +01:00			`import EmailProvider from 'next-auth/providers/email'`
			`import GitHubProvider from 'next-auth/providers/github'`
feat(auth): 🔒 add gitlab provider 2022-04-26 09:50:02 +02:00			`import GitlabProvider from 'next-auth/providers/gitlab'`
Add authentication 2021-11-29 15:19:07 +01:00			`import GoogleProvider from 'next-auth/providers/google'`
			`import FacebookProvider from 'next-auth/providers/facebook'`
fix(auth): 🔧 Add ignoreTLS option for SMTP creds 2022-06-13 11:50:05 +02:00			`import AzureADProvider from 'next-auth/providers/azure-ad'`
:recycle: Export bot-engine code into its own package 2023-09-20 15:26:52 +02:00			`import prisma from '@typebot.io/lib/prisma'`
Add Dashboard 2021-12-06 15:48:50 +01:00			`import { Provider } from 'next-auth/providers'`
Add user account page 2021-12-27 15:59:32 +01:00			`import { NextApiRequest, NextApiResponse } from 'next'`
More translation in FR & PT (#436) Related to #210 2023-04-06 17:31:23 +02:00			`import { customAdapter } from '../../../features/auth/api/customAdapter'`
:recycle: Re-organize workspace folders 2023-03-15 08:35:16 +01:00			`import { User } from '@typebot.io/prisma'`
:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`import { getAtPath, isDefined } from '@typebot.io/lib'`
:technologist: (chat) Introduce startChat and continueChat endpoints Closes #1030 2023-11-13 15:27:36 +01:00			`import { mockedUser } from '@typebot.io/lib/mockedUser'`
:recycle: (builder) Remove barrel export and flatten folder arch 2023-03-15 11:51:30 +01:00			`import { getNewUserInvitations } from '@/features/auth/helpers/getNewUserInvitations'`
More translation in FR & PT (#436) Related to #210 2023-04-06 17:31:23 +02:00			`import { sendVerificationRequest } from '@/features/auth/helpers/sendVerificationRequest'`
:lock: Add rate limiter on email signin endpoint 2023-06-20 15:49:54 +02:00			`import { Ratelimit } from '@upstash/ratelimit'`
			`import { Redis } from '@upstash/redis/nodejs'`
:lock: (auth) Block disposable emails during sign up 2023-07-27 09:29:17 +02:00			`import got from 'got'`
:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`import { env } from '@typebot.io/env'`
:arrow_up: Upgrade sentry and improve its reliability 2023-10-07 12:03:42 +02:00			`import * as Sentry from '@sentry/nextjs'`
Add authentication 2021-11-29 15:19:07 +01:00
docs: 📝 Update env var and write Configuration doc 2022-03-13 08:56:10 +01:00			`const providers: Provider[] = []`

:lock: Add rate limiter on email signin endpoint 2023-06-20 15:49:54 +02:00			`let rateLimit: Ratelimit \| undefined`

:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`if (env.UPSTASH_REDIS_REST_URL && env.UPSTASH_REDIS_REST_TOKEN) {`
:lock: Add rate limiter on email signin endpoint 2023-06-20 15:49:54 +02:00			`rateLimit = new Ratelimit({`
			`redis: Redis.fromEnv(),`
			`limiter: Ratelimit.slidingWindow(1, '60 s'),`
			`})`
			`}`

:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`if (env.GITHUB_CLIENT_ID && env.GITHUB_CLIENT_SECRET)`
docs: 📝 Improve configuration doc 2022-04-12 14:58:55 -05:00			`providers.push(`
			`GitHubProvider({`
:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`clientId: env.GITHUB_CLIENT_ID,`
			`clientSecret: env.GITHUB_CLIENT_SECRET,`
docs: 📝 Improve configuration doc 2022-04-12 14:58:55 -05:00			`})`
			`)`
Add Dashboard 2021-12-06 15:48:50 +01:00
:ambulance: Set proper env defaults 2023-08-28 11:00:25 +02:00			`if (env.NEXT_PUBLIC_SMTP_FROM && !env.SMTP_AUTH_DISABLED)`
:lock: Revert ddos lockdown 2023-06-19 18:41:00 +02:00			`providers.push(`
			`EmailProvider({`
			`server: {`
:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`host: env.SMTP_HOST,`
:ambulance: Set proper env defaults 2023-08-28 11:00:25 +02:00			`port: env.SMTP_PORT,`
			`secure: env.SMTP_SECURE,`
:lock: Revert ddos lockdown 2023-06-19 18:41:00 +02:00			`auth: {`
:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`user: env.SMTP_USERNAME,`
			`pass: env.SMTP_PASSWORD,`
:lock: Revert ddos lockdown 2023-06-19 18:41:00 +02:00			`},`
			`},`
:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`from: env.NEXT_PUBLIC_SMTP_FROM,`
:lock: Revert ddos lockdown 2023-06-19 18:41:00 +02:00			`sendVerificationRequest,`
			`})`
			`)`
Add Dashboard 2021-12-06 15:48:50 +01:00
:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`if (env.GOOGLE_CLIENT_ID && env.GOOGLE_CLIENT_SECRET)`
Add Dashboard 2021-12-06 15:48:50 +01:00			`providers.push(`
Add authentication 2021-11-29 15:19:07 +01:00			`GoogleProvider({`
:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`clientId: env.GOOGLE_CLIENT_ID,`
			`clientSecret: env.GOOGLE_CLIENT_SECRET,`
Add Dashboard 2021-12-06 15:48:50 +01:00			`})`
			`)`

:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`if (env.FACEBOOK_CLIENT_ID && env.FACEBOOK_CLIENT_SECRET)`
Add Dashboard 2021-12-06 15:48:50 +01:00			`providers.push(`
Add authentication 2021-11-29 15:19:07 +01:00			`FacebookProvider({`
:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`clientId: env.FACEBOOK_CLIENT_ID,`
			`clientSecret: env.FACEBOOK_CLIENT_SECRET,`
Add Dashboard 2021-12-06 15:48:50 +01:00			`})`
			`)`

:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`if (env.GITLAB_CLIENT_ID && env.GITLAB_CLIENT_SECRET) {`
:ambulance: Set proper env defaults 2023-08-28 11:00:25 +02:00			`const BASE_URL = env.GITLAB_BASE_URL`
fix: 🎨 Formatting 2022-04-30 07:10:02 -07:00			`providers.push(`
			`GitlabProvider({`
:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`clientId: env.GITLAB_CLIENT_ID,`
			`clientSecret: env.GITLAB_CLIENT_SECRET,`
fix: 🎨 Formatting 2022-04-30 07:10:02 -07:00			authorization: `${BASE_URL}/oauth/authorize?scope=read_api`,
			token: `${BASE_URL}/oauth/token`,
			userinfo: `${BASE_URL}/api/v4/user`,
:ambulance: Set proper env defaults 2023-08-28 11:00:25 +02:00			`name: env.GITLAB_NAME,`
fix: 🎨 Formatting 2022-04-30 07:10:02 -07:00			`})`
			`)`
feat(auth): 🔒 add gitlab provider 2022-04-26 09:50:02 +02:00			`}`

add azure-ad login option 2022-06-06 15:34:47 +02:00			`if (`
:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`env.AZURE_AD_CLIENT_ID &&`
			`env.AZURE_AD_CLIENT_SECRET &&`
			`env.AZURE_AD_TENANT_ID`
add azure-ad login option 2022-06-06 15:34:47 +02:00			`) {`
			`providers.push(`
			`AzureADProvider({`
:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`clientId: env.AZURE_AD_CLIENT_ID,`
			`clientSecret: env.AZURE_AD_CLIENT_SECRET,`
			`tenantId: env.AZURE_AD_TENANT_ID,`
fix(auth): 🔧 Add ignoreTLS option for SMTP creds 2022-06-13 11:50:05 +02:00			`})`
add azure-ad login option 2022-06-06 15:34:47 +02:00			`)`
			`}`

:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`if (env.CUSTOM_OAUTH_WELL_KNOWN_URL) {`
:sparkles: (auth) Add custom OAuth provider support Closes #42 2023-01-02 08:29:46 +01:00			`providers.push({`
			`id: 'custom-oauth',`
:ambulance: Set proper env defaults 2023-08-28 11:00:25 +02:00			`name: env.CUSTOM_OAUTH_NAME,`
:sparkles: (auth) Add custom OAuth provider support Closes #42 2023-01-02 08:29:46 +01:00			`type: 'oauth',`
Support specifying custom OAuth scope (#619) For OpenID connect over OAuth, at least `openid profile` need to be set there, but since the email is also used, the `email` scope will instruct the OpenID provider to also deliver that. --------- Co-authored-by: Baptiste Arnaud <contact@baptiste-arnaud.fr> 2023-07-20 11:38:21 +02:00			`authorization: {`
			`params: {`
:ambulance: Set proper env defaults 2023-08-28 11:00:25 +02:00			`scope: env.CUSTOM_OAUTH_SCOPE,`
:children_crossing: New dedicated onboarding page 2023-07-25 16:12:40 +02:00			`},`
Support specifying custom OAuth scope (#619) For OpenID connect over OAuth, at least `openid profile` need to be set there, but since the email is also used, the `email` scope will instruct the OpenID provider to also deliver that. --------- Co-authored-by: Baptiste Arnaud <contact@baptiste-arnaud.fr> 2023-07-20 11:38:21 +02:00			`},`
:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`clientId: env.CUSTOM_OAUTH_CLIENT_ID,`
			`clientSecret: env.CUSTOM_OAUTH_CLIENT_SECRET,`
			`wellKnown: env.CUSTOM_OAUTH_WELL_KNOWN_URL,`
:sparkles: (auth) Add custom OAuth provider support Closes #42 2023-01-02 08:29:46 +01:00			`profile(profile) {`
			`return {`
:ambulance: Set proper env defaults 2023-08-28 11:00:25 +02:00			`id: getAtPath(profile, env.CUSTOM_OAUTH_USER_ID_PATH),`
			`name: getAtPath(profile, env.CUSTOM_OAUTH_USER_NAME_PATH),`
			`email: getAtPath(profile, env.CUSTOM_OAUTH_USER_EMAIL_PATH),`
			`image: getAtPath(profile, env.CUSTOM_OAUTH_USER_IMAGE_PATH),`
:sparkles: (auth) Add custom OAuth provider support Closes #42 2023-01-02 08:29:46 +01:00			`} as User`
			`},`
			`})`
			`}`

:ambulance: (auth) Fix bad requests with getSession on server side 2023-04-03 16:42:10 +02:00			`export const authOptions: AuthOptions = {`
More translation in FR & PT (#436) Related to #210 2023-04-06 17:31:23 +02:00			`adapter: customAdapter(prisma),`
:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`secret: env.ENCRYPTION_SECRET,`
:ambulance: (auth) Fix bad requests with getSession on server side 2023-04-03 16:42:10 +02:00			`providers,`
			`session: {`
			`strategy: 'database',`
			`},`
			`pages: {`
			`signIn: '/signin',`
:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`newUser: env.NEXT_PUBLIC_ONBOARDING_TYPEBOT_ID ? '/onboarding' : undefined,`
:ambulance: (auth) Fix bad requests with getSession on server side 2023-04-03 16:42:10 +02:00			`},`
:arrow_up: Upgrade sentry and improve its reliability 2023-10-07 12:03:42 +02:00			`events: {`
			`signIn({ user }) {`
			`Sentry.setUser({ id: user.id })`
			`},`
			`signOut() {`
			`Sentry.setUser(null)`
			`},`
			`},`
:ambulance: (auth) Fix bad requests with getSession on server side 2023-04-03 16:42:10 +02:00			`callbacks: {`
			`session: async ({ session, user }) => {`
			`const userFromDb = user as User`
			`await updateLastActivityDate(userFromDb)`
			`return {`
			`...session,`
			`user: userFromDb,`
			`}`
:recycle: (auth) Make sure new users have an email Also fix after-auth redirections Closes #323 2023-02-18 09:00:04 +01:00			`},`
:ambulance: (auth) Fix bad requests with getSession on server side 2023-04-03 16:42:10 +02:00			`signIn: async ({ account, user }) => {`
			`if (!account) return false`
			`const isNewUser = !('createdAt' in user && isDefined(user.createdAt))`
:lock: (auth) Block disposable emails during sign up 2023-07-27 09:29:17 +02:00			`if (isNewUser && user.email) {`
			`const { body } = await got.get(`
			`'https://raw.githubusercontent.com/disposable-email-domains/disposable-email-domains/master/disposable_email_blocklist.conf'`
			`)`
			`const disposableEmailDomains = body.split('\n')`
			`if (disposableEmailDomains.includes(user.email.split('@')[1]))`
			`return false`
			`}`
:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`if (env.DISABLE_SIGNUP && isNewUser && user.email) {`
:ambulance: (auth) Fix bad requests with getSession on server side 2023-04-03 16:42:10 +02:00			`const { invitations, workspaceInvitations } =`
			`await getNewUserInvitations(prisma, user.email)`
			`if (invitations.length === 0 && workspaceInvitations.length === 0)`
			`return false`
			`}`
			`const requiredGroups = getRequiredGroups(account.provider)`
			`if (requiredGroups.length > 0) {`
			`const userGroups = await getUserGroups(account)`
			`return checkHasGroups(userGroups, requiredGroups)`
			`}`
			`return true`
Add Dashboard 2021-12-06 15:48:50 +01:00			`},`
:ambulance: (auth) Fix bad requests with getSession on server side 2023-04-03 16:42:10 +02:00			`},`
			`}`

			`const handler = async (req: NextApiRequest, res: NextApiResponse) => {`
			`const isMockingSession =`
			`req.method === 'GET' &&`
			`req.url === '/api/auth/session' &&`
:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`env.NEXT_PUBLIC_E2E_TEST`
:ambulance: (auth) Fix bad requests with getSession on server side 2023-04-03 16:42:10 +02:00			`if (isMockingSession) return res.send({ user: mockedUser })`
			`const requestIsFromCompanyFirewall = req.method === 'HEAD'`
			`if (requestIsFromCompanyFirewall) return res.status(200).end()`
:lock: Add rate limiter on email signin endpoint 2023-06-20 15:49:54 +02:00
			`if (`
			`rateLimit &&`
			`req.url === '/api/auth/signin/email' &&`
			`req.method === 'POST'`
			`) {`
			`let ip = req.headers['x-real-ip'] as string \| undefined`
			`if (!ip) {`
			`const forwardedFor = req.headers['x-forwarded-for']`
			`if (Array.isArray(forwardedFor)) {`
			`ip = forwardedFor.at(0)`
			`} else {`
			`ip = forwardedFor?.split(',').at(0) ?? 'Unknown'`
			`}`
			`}`
			`const { success } = await rateLimit.limit(ip as string)`
			`if (!success) return res.status(429).json({ error: 'Too many requests' })`
			`}`
:ambulance: (auth) Fix bad requests with getSession on server side 2023-04-03 16:42:10 +02:00			`return await NextAuth(req, res, authOptions)`
Add user account page 2021-12-27 15:59:32 +01:00			`}`
chore(e2e): 👷 Fix e2e pipeline 2022-01-28 17:57:14 +01:00
feat(db): 🗃️ Add createdAt and updatedAt 2022-02-24 14:52:35 +01:00			`const updateLastActivityDate = async (user: User) => {`
			`const datesAreOnSameDay = (first: Date, second: Date) =>`
			`first.getFullYear() === second.getFullYear() &&`
			`first.getMonth() === second.getMonth() &&`
			`first.getDate() === second.getDate()`

			`if (!datesAreOnSameDay(user.lastActivityAt, new Date()))`
:zap: Replace updates with updateManys when possible Easy performance win to avoid triggering SELECT query after an UPDATE 2023-07-16 18:52:30 +02:00			`await prisma.user.updateMany({`
feat(db): 🗃️ Add createdAt and updatedAt 2022-02-24 14:52:35 +01:00			`where: { id: user.id },`
			`data: { lastActivityAt: new Date() },`
			`})`
			`}`

fix: 🎨 Formatting 2022-04-30 07:10:02 -07:00			`const getUserGroups = async (account: Account): Promise<string[]> => {`
feat(auth): 🔒 add checking for required group 2022-04-26 09:51:11 +02:00			`switch (account.provider) {`
			`case 'gitlab': {`
fix: 🎨 Code format 2022-05-16 08:02:02 -07:00			`const getGitlabGroups = async (`
			`accessToken: string,`
			`page = 1`
			`): Promise<{ full_path: string }[]> => {`
feat(auth): 🔒 add gitlab pagination 2022-05-16 15:49:24 +02:00			`const res = await fetch(`
fix: 🎨 Code format 2022-05-16 08:02:02 -07:00			`${
:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`env.GITLAB_BASE_URL \|\| 'https://gitlab.com'`
fix: 🎨 Code format 2022-05-16 08:02:02 -07:00			}/api/v4/groups?per_page=100&page=${page}`,
feat(auth): 🔒 add gitlab pagination 2022-05-16 15:49:24 +02:00			{ headers: { Authorization: `Bearer ${accessToken}` } }
			`)`
fix: 🎨 Code format 2022-05-16 08:02:02 -07:00			`const groups: { full_path: string }[] = await res.json()`
feat(auth): 🔒 add gitlab pagination 2022-05-16 15:49:24 +02:00			`const nextPage = parseInt(res.headers.get('X-Next-Page') \|\| '')`
fix: 🎨 Code format 2022-05-16 08:02:02 -07:00			`if (nextPage)`
			`groups.push(...(await getGitlabGroups(accessToken, nextPage)))`
feat(auth): 🔒 add gitlab pagination 2022-05-16 15:49:24 +02:00			`return groups`
			`}`
fix: 🎨 Code format 2022-05-16 08:02:02 -07:00			`const groups = await getGitlabGroups(account.access_token as string)`
			`return groups.map((group) => group.full_path)`
feat(auth): 🔒 add checking for required group 2022-04-26 09:51:11 +02:00			`}`
fix: 🎨 Formatting 2022-04-30 07:10:02 -07:00			`default:`
			`return []`
feat(auth): 🔒 add checking for required group 2022-04-26 09:51:11 +02:00			`}`
			`}`

fix: 🎨 Formatting 2022-04-30 07:10:02 -07:00			`const getRequiredGroups = (provider: string): string[] => {`
feat(auth): 🔒 add checking for required group 2022-04-26 09:51:11 +02:00			`switch (provider) {`
fix: 🎨 Formatting 2022-04-30 07:10:02 -07:00			`case 'gitlab':`
:technologist: Improve env variables type safety and management (#718) Closes #679 2023-08-28 09:13:53 +02:00			`return env.GITLAB_REQUIRED_GROUPS ?? []`
fix: 🎨 Formatting 2022-04-30 07:10:02 -07:00			`default:`
			`return []`
feat(auth): 🔒 add checking for required group 2022-04-26 09:51:11 +02:00			`}`
			`}`

fix: 🎨 Formatting 2022-04-30 07:10:02 -07:00			`const checkHasGroups = (userGroups: string[], requiredGroups: string[]) =>`
			`userGroups?.some((userGroup) => requiredGroups?.includes(userGroup))`
feat(auth): 🔒 add checking for required group 2022-04-26 09:51:11 +02:00
:green_heart: Fix sentry not receiving events 2022-12-16 08:39:14 +01:00			`export default handler`