bot/apps/builder/pages/api/auth/[...nextauth].ts

import NextAuth, { Account } from 'next-auth'
import EmailProvider from 'next-auth/providers/email'
import GitHubProvider from 'next-auth/providers/github'
import GitlabProvider from 'next-auth/providers/gitlab'
import GoogleProvider from 'next-auth/providers/google'
import FacebookProvider from 'next-auth/providers/facebook'
import AzureADProvider from 'next-auth/providers/azure-ad'
import prisma from 'libs/prisma'
import { Provider } from 'next-auth/providers'
import { NextApiRequest, NextApiResponse } from 'next'
import { withSentry } from '@sentry/nextjs'
import { CustomAdapter } from './adapter'
import { User } from 'db'
import { env, isNotEmpty } from 'utils'

const providers: Provider[] = []

if (
  isNotEmpty(process.env.GITHUB_CLIENT_ID) &&
  isNotEmpty(process.env.GITHUB_CLIENT_SECRET)
)
  providers.push(
    GitHubProvider({
      clientId: process.env.GITHUB_CLIENT_ID,
      clientSecret: process.env.GITHUB_CLIENT_SECRET,
    })
  )

if (isNotEmpty(env('SMTP_FROM')) && process.env.SMTP_AUTH_DISABLED !== 'true')
  providers.push(
    EmailProvider({
      server: {
        host: process.env.SMTP_HOST,
        port: process.env.SMTP_PORT ? Number(process.env.SMTP_PORT) : 25,
        auth: {
          user: process.env.SMTP_USERNAME,
          pass: process.env.SMTP_PASSWORD,
        },
        ignoreTLS: process.env.SMTP_IGNORE_TLS === 'true',
      },
      from: env('SMTP_FROM'),
    })
  )

if (
  isNotEmpty(process.env.GOOGLE_CLIENT_ID) &&
  isNotEmpty(process.env.GOOGLE_CLIENT_SECRET)
)
  providers.push(
    GoogleProvider({
      clientId: process.env.GOOGLE_CLIENT_ID,
      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
    })
  )

if (
  isNotEmpty(process.env.FACEBOOK_CLIENT_ID) &&
  isNotEmpty(process.env.FACEBOOK_CLIENT_SECRET)
)
  providers.push(
    FacebookProvider({
      clientId: process.env.FACEBOOK_CLIENT_ID,
      clientSecret: process.env.FACEBOOK_CLIENT_SECRET,
    })
  )

if (
  isNotEmpty(process.env.GITLAB_CLIENT_ID) &&
  isNotEmpty(process.env.GITLAB_CLIENT_SECRET)
) {
  const BASE_URL = process.env.GITLAB_BASE_URL || 'https://gitlab.com'
  providers.push(
    GitlabProvider({
      clientId: process.env.GITLAB_CLIENT_ID,
      clientSecret: process.env.GITLAB_CLIENT_SECRET,
      authorization: `${BASE_URL}/oauth/authorize?scope=read_api`,
      token: `${BASE_URL}/oauth/token`,
      userinfo: `${BASE_URL}/api/v4/user`,
      name: process.env.GITLAB_NAME || 'GitLab',
    })
  )
}

if (
  isNotEmpty(process.env.AZURE_AD_CLIENT_ID) &&
  isNotEmpty(process.env.AZURE_AD_CLIENT_SECRET) &&
  isNotEmpty(process.env.AZURE_AD_TENANT_ID)
) {
  providers.push(
    AzureADProvider({
      clientId: process.env.AZURE_AD_CLIENT_ID,
      clientSecret: process.env.AZURE_AD_CLIENT_SECRET,
      tenantId: process.env.AZURE_AD_TENANT_ID,
    })
  )
}

const handler = (req: NextApiRequest, res: NextApiResponse) => {
  if (req.method === 'HEAD') {
    res.status(200)
    return
  }
  NextAuth(req, res, {
    adapter: CustomAdapter(prisma),
    secret: process.env.ENCRYPTION_SECRET,
    providers,
    session: {
      strategy: 'database',
    },
    callbacks: {
      session: async ({ session, user }) => {
        const userFromDb = user as User
        await updateLastActivityDate(userFromDb)
        return {
          ...session,
          user: userFromDb,
        }
      },
      signIn: async ({ account }) => {
        const requiredGroups = getRequiredGroups(account.provider)
        if (requiredGroups.length > 0) {
          const userGroups = await getUserGroups(account)
          return checkHasGroups(userGroups, requiredGroups)
        }
        return true
      },
    },
  })
}

const updateLastActivityDate = async (user: User) => {
  const datesAreOnSameDay = (first: Date, second: Date) =>
    first.getFullYear() === second.getFullYear() &&
    first.getMonth() === second.getMonth() &&
    first.getDate() === second.getDate()

  if (!datesAreOnSameDay(user.lastActivityAt, new Date()))
    await prisma.user.update({
      where: { id: user.id },
      data: { lastActivityAt: new Date() },
    })
}

const getUserGroups = async (account: Account): Promise<string[]> => {
  switch (account.provider) {
    case 'gitlab': {
      const getGitlabGroups = async (
        accessToken: string,
        page = 1
      ): Promise<{ full_path: string }[]> => {
        const res = await fetch(
          `${
            process.env.GITLAB_BASE_URL || 'https://gitlab.com'
          }/api/v4/groups?per_page=100&page=${page}`,
          { headers: { Authorization: `Bearer ${accessToken}` } }
        )
        const groups: { full_path: string }[] = await res.json()
        const nextPage = parseInt(res.headers.get('X-Next-Page') || '')
        if (nextPage)
          groups.push(...(await getGitlabGroups(accessToken, nextPage)))
        return groups
      }
      const groups = await getGitlabGroups(account.access_token as string)
      return groups.map((group) => group.full_path)
    }
    default:
      return []
  }
}

const getRequiredGroups = (provider: string): string[] => {
  switch (provider) {
    case 'gitlab':
      return process.env.GITLAB_REQUIRED_GROUPS?.split(',') || []
    default:
      return []
  }
}

const checkHasGroups = (userGroups: string[], requiredGroups: string[]) =>
  userGroups?.some((userGroup) => requiredGroups?.includes(userGroup))

export default withSentry(handler)
feat(auth): 🔒 add checking for required group 2022-04-26 09:51:11 +02:00			`import NextAuth, { Account } from 'next-auth'`
Add authentication 2021-11-29 15:19:07 +01:00			`import EmailProvider from 'next-auth/providers/email'`
			`import GitHubProvider from 'next-auth/providers/github'`
feat(auth): 🔒 add gitlab provider 2022-04-26 09:50:02 +02:00			`import GitlabProvider from 'next-auth/providers/gitlab'`
Add authentication 2021-11-29 15:19:07 +01:00			`import GoogleProvider from 'next-auth/providers/google'`
			`import FacebookProvider from 'next-auth/providers/facebook'`
fix(auth): 🔧 Add ignoreTLS option for SMTP creds 2022-06-13 11:50:05 +02:00			`import AzureADProvider from 'next-auth/providers/azure-ad'`
Add Dashboard 2021-12-06 15:48:50 +01:00			`import prisma from 'libs/prisma'`
			`import { Provider } from 'next-auth/providers'`
Add user account page 2021-12-27 15:59:32 +01:00			`import { NextApiRequest, NextApiResponse } from 'next'`
feat(api): ✨ Add routes for subscribing webhook 2022-02-21 11:46:56 +01:00			`import { withSentry } from '@sentry/nextjs'`
feat: ✨ Add collaboration 2022-02-24 11:13:19 +01:00			`import { CustomAdapter } from './adapter'`
feat(db): 🗃️ Add createdAt and updatedAt 2022-02-24 14:52:35 +01:00			`import { User } from 'db'`
fix(docker): 🐛 Runtime public environment 2022-06-22 07:36:11 +02:00			`import { env, isNotEmpty } from 'utils'`
Add authentication 2021-11-29 15:19:07 +01:00
docs: 📝 Update env var and write Configuration doc 2022-03-13 08:56:10 +01:00			`const providers: Provider[] = []`

build: add pnpm 2022-08-08 08:21:36 +02:00			`if (`
			`isNotEmpty(process.env.GITHUB_CLIENT_ID) &&`
			`isNotEmpty(process.env.GITHUB_CLIENT_SECRET)`
			`)`
docs: 📝 Improve configuration doc 2022-04-12 14:58:55 -05:00			`providers.push(`
			`GitHubProvider({`
build(docker): 🧱 Improve runtime environment 2022-05-30 16:40:13 +02:00			`clientId: process.env.GITHUB_CLIENT_ID,`
docs: 📝 Improve configuration doc 2022-04-12 14:58:55 -05:00			`clientSecret: process.env.GITHUB_CLIENT_SECRET,`
			`})`
			`)`
Add Dashboard 2021-12-06 15:48:50 +01:00
fix(docker): 🐛 Runtime public environment 2022-06-22 07:36:11 +02:00			`if (isNotEmpty(env('SMTP_FROM')) && process.env.SMTP_AUTH_DISABLED !== 'true')`
Add Dashboard 2021-12-06 15:48:50 +01:00			`providers.push(`
docs: 📝 Update env var and write Configuration doc 2022-03-13 08:56:10 +01:00			`EmailProvider({`
			`server: {`
			`host: process.env.SMTP_HOST,`
			`port: process.env.SMTP_PORT ? Number(process.env.SMTP_PORT) : 25,`
			`auth: {`
			`user: process.env.SMTP_USERNAME,`
			`pass: process.env.SMTP_PASSWORD,`
			`},`
fix(auth): 🔧 Add ignoreTLS option for SMTP creds 2022-06-13 11:50:05 +02:00			`ignoreTLS: process.env.SMTP_IGNORE_TLS === 'true',`
docs: 📝 Update env var and write Configuration doc 2022-03-13 08:56:10 +01:00			`},`
fix(docker): 🐛 Runtime public environment 2022-06-22 07:36:11 +02:00			`from: env('SMTP_FROM'),`
Add Dashboard 2021-12-06 15:48:50 +01:00			`})`
			`)`

docs: 📝 Update env var and write Configuration doc 2022-03-13 08:56:10 +01:00			`if (`
build(docker): 🧱 Improve runtime environment 2022-05-30 16:40:13 +02:00			`isNotEmpty(process.env.GOOGLE_CLIENT_ID) &&`
build: 👷 New compose file and entrypoints 2022-05-25 08:13:35 -07:00			`isNotEmpty(process.env.GOOGLE_CLIENT_SECRET)`
docs: 📝 Update env var and write Configuration doc 2022-03-13 08:56:10 +01:00			`)`
Add Dashboard 2021-12-06 15:48:50 +01:00			`providers.push(`
Add authentication 2021-11-29 15:19:07 +01:00			`GoogleProvider({`
build(docker): 🧱 Improve runtime environment 2022-05-30 16:40:13 +02:00			`clientId: process.env.GOOGLE_CLIENT_ID,`
Add Dashboard 2021-12-06 15:48:50 +01:00			`clientSecret: process.env.GOOGLE_CLIENT_SECRET,`
			`})`
			`)`

docs: 📝 Update env var and write Configuration doc 2022-03-13 08:56:10 +01:00			`if (`
build(docker): 🧱 Improve runtime environment 2022-05-30 16:40:13 +02:00			`isNotEmpty(process.env.FACEBOOK_CLIENT_ID) &&`
build: 👷 New compose file and entrypoints 2022-05-25 08:13:35 -07:00			`isNotEmpty(process.env.FACEBOOK_CLIENT_SECRET)`
docs: 📝 Update env var and write Configuration doc 2022-03-13 08:56:10 +01:00			`)`
Add Dashboard 2021-12-06 15:48:50 +01:00			`providers.push(`
Add authentication 2021-11-29 15:19:07 +01:00			`FacebookProvider({`
build(docker): 🧱 Improve runtime environment 2022-05-30 16:40:13 +02:00			`clientId: process.env.FACEBOOK_CLIENT_ID,`
Add Dashboard 2021-12-06 15:48:50 +01:00			`clientSecret: process.env.FACEBOOK_CLIENT_SECRET,`
			`})`
			`)`

feat(auth): 🔒 add gitlab provider 2022-04-26 09:50:02 +02:00			`if (`
build(docker): 🧱 Improve runtime environment 2022-05-30 16:40:13 +02:00			`isNotEmpty(process.env.GITLAB_CLIENT_ID) &&`
build: 👷 New compose file and entrypoints 2022-05-25 08:13:35 -07:00			`isNotEmpty(process.env.GITLAB_CLIENT_SECRET)`
feat(auth): 🔒 add gitlab provider 2022-04-26 09:50:02 +02:00			`) {`
fix: 🎨 Formatting 2022-04-30 07:10:02 -07:00			`const BASE_URL = process.env.GITLAB_BASE_URL \|\| 'https://gitlab.com'`
			`providers.push(`
			`GitlabProvider({`
build(docker): 🧱 Improve runtime environment 2022-05-30 16:40:13 +02:00			`clientId: process.env.GITLAB_CLIENT_ID,`
fix: 🎨 Formatting 2022-04-30 07:10:02 -07:00			`clientSecret: process.env.GITLAB_CLIENT_SECRET,`
			authorization: `${BASE_URL}/oauth/authorize?scope=read_api`,
			token: `${BASE_URL}/oauth/token`,
			userinfo: `${BASE_URL}/api/v4/user`,
build(docker): 🧱 Improve runtime environment 2022-05-30 16:40:13 +02:00			`name: process.env.GITLAB_NAME \|\| 'GitLab',`
fix: 🎨 Formatting 2022-04-30 07:10:02 -07:00			`})`
			`)`
feat(auth): 🔒 add gitlab provider 2022-04-26 09:50:02 +02:00			`}`

add azure-ad login option 2022-06-06 15:34:47 +02:00			`if (`
			`isNotEmpty(process.env.AZURE_AD_CLIENT_ID) &&`
			`isNotEmpty(process.env.AZURE_AD_CLIENT_SECRET) &&`
			`isNotEmpty(process.env.AZURE_AD_TENANT_ID)`
			`) {`
			`providers.push(`
			`AzureADProvider({`
			`clientId: process.env.AZURE_AD_CLIENT_ID,`
			`clientSecret: process.env.AZURE_AD_CLIENT_SECRET,`
			`tenantId: process.env.AZURE_AD_TENANT_ID,`
fix(auth): 🔧 Add ignoreTLS option for SMTP creds 2022-06-13 11:50:05 +02:00			`})`
add azure-ad login option 2022-06-06 15:34:47 +02:00			`)`
			`}`

chore(e2e): 👷 Fix e2e pipeline 2022-01-28 17:57:14 +01:00			`const handler = (req: NextApiRequest, res: NextApiResponse) => {`
fix(auth): 🐛 Attempt to fix auth issue behind proxy 2022-03-10 15:16:44 +01:00			`if (req.method === 'HEAD') {`
			`res.status(200)`
			`return`
			`}`
chore(e2e): 👷 Fix e2e pipeline 2022-01-28 17:57:14 +01:00			`NextAuth(req, res, {`
feat: ✨ Add collaboration 2022-02-24 11:13:19 +01:00			`adapter: CustomAdapter(prisma),`
fix(results): 🐛 Loading rows 2022-02-11 15:30:02 +01:00			`secret: process.env.ENCRYPTION_SECRET,`
chore(e2e): 👷 Fix e2e pipeline 2022-01-28 17:57:14 +01:00			`providers,`
			`session: {`
			`strategy: 'database',`
Add Dashboard 2021-12-06 15:48:50 +01:00			`},`
chore(e2e): 👷 Fix e2e pipeline 2022-01-28 17:57:14 +01:00			`callbacks: {`
feat(db): 🗃️ Add createdAt and updatedAt 2022-02-24 14:52:35 +01:00			`session: async ({ session, user }) => {`
			`const userFromDb = user as User`
			`await updateLastActivityDate(userFromDb)`
			`return {`
			`...session,`
fix(hotfix): 2022-02-24 15:36:03 +01:00			`user: userFromDb,`
feat(db): 🗃️ Add createdAt and updatedAt 2022-02-24 14:52:35 +01:00			`}`
			`},`
feat(auth): 🔒 add checking for required group 2022-04-26 09:51:11 +02:00			`signIn: async ({ account }) => {`
			`const requiredGroups = getRequiredGroups(account.provider)`
			`if (requiredGroups.length > 0) {`
			`const userGroups = await getUserGroups(account)`
			`return checkHasGroups(userGroups, requiredGroups)`
			`}`
			`return true`
			`},`
Add Dashboard 2021-12-06 15:48:50 +01:00			`},`
chore(e2e): 👷 Fix e2e pipeline 2022-01-28 17:57:14 +01:00			`})`
Add user account page 2021-12-27 15:59:32 +01:00			`}`
chore(e2e): 👷 Fix e2e pipeline 2022-01-28 17:57:14 +01:00
feat(db): 🗃️ Add createdAt and updatedAt 2022-02-24 14:52:35 +01:00			`const updateLastActivityDate = async (user: User) => {`
			`const datesAreOnSameDay = (first: Date, second: Date) =>`
			`first.getFullYear() === second.getFullYear() &&`
			`first.getMonth() === second.getMonth() &&`
			`first.getDate() === second.getDate()`

			`if (!datesAreOnSameDay(user.lastActivityAt, new Date()))`
			`await prisma.user.update({`
			`where: { id: user.id },`
			`data: { lastActivityAt: new Date() },`
			`})`
			`}`

fix: 🎨 Formatting 2022-04-30 07:10:02 -07:00			`const getUserGroups = async (account: Account): Promise<string[]> => {`
feat(auth): 🔒 add checking for required group 2022-04-26 09:51:11 +02:00			`switch (account.provider) {`
			`case 'gitlab': {`
fix: 🎨 Code format 2022-05-16 08:02:02 -07:00			`const getGitlabGroups = async (`
			`accessToken: string,`
			`page = 1`
			`): Promise<{ full_path: string }[]> => {`
feat(auth): 🔒 add gitlab pagination 2022-05-16 15:49:24 +02:00			`const res = await fetch(`
fix: 🎨 Code format 2022-05-16 08:02:02 -07:00			`${
			`process.env.GITLAB_BASE_URL \|\| 'https://gitlab.com'`
			}/api/v4/groups?per_page=100&page=${page}`,
feat(auth): 🔒 add gitlab pagination 2022-05-16 15:49:24 +02:00			{ headers: { Authorization: `Bearer ${accessToken}` } }
			`)`
fix: 🎨 Code format 2022-05-16 08:02:02 -07:00			`const groups: { full_path: string }[] = await res.json()`
feat(auth): 🔒 add gitlab pagination 2022-05-16 15:49:24 +02:00			`const nextPage = parseInt(res.headers.get('X-Next-Page') \|\| '')`
fix: 🎨 Code format 2022-05-16 08:02:02 -07:00			`if (nextPage)`
			`groups.push(...(await getGitlabGroups(accessToken, nextPage)))`
feat(auth): 🔒 add gitlab pagination 2022-05-16 15:49:24 +02:00			`return groups`
			`}`
fix: 🎨 Code format 2022-05-16 08:02:02 -07:00			`const groups = await getGitlabGroups(account.access_token as string)`
			`return groups.map((group) => group.full_path)`
feat(auth): 🔒 add checking for required group 2022-04-26 09:51:11 +02:00			`}`
fix: 🎨 Formatting 2022-04-30 07:10:02 -07:00			`default:`
			`return []`
feat(auth): 🔒 add checking for required group 2022-04-26 09:51:11 +02:00			`}`
			`}`

fix: 🎨 Formatting 2022-04-30 07:10:02 -07:00			`const getRequiredGroups = (provider: string): string[] => {`
feat(auth): 🔒 add checking for required group 2022-04-26 09:51:11 +02:00			`switch (provider) {`
fix: 🎨 Formatting 2022-04-30 07:10:02 -07:00			`case 'gitlab':`
			`return process.env.GITLAB_REQUIRED_GROUPS?.split(',') \|\| []`
			`default:`
			`return []`
feat(auth): 🔒 add checking for required group 2022-04-26 09:51:11 +02:00			`}`
			`}`

fix: 🎨 Formatting 2022-04-30 07:10:02 -07:00			`const checkHasGroups = (userGroups: string[], requiredGroups: string[]) =>`
			`userGroups?.some((userGroup) => requiredGroups?.includes(userGroup))`
feat(auth): 🔒 add checking for required group 2022-04-26 09:51:11 +02:00
feat(api): ✨ Add routes for subscribing webhook 2022-02-21 11:46:56 +01:00			`export default withSentry(handler)`