SSO E2E and config

apps/api/src/controllers/auth.ts

@@ -181,7 +181,7 @@ export function authRoutes(fastify: FastifyInstance) {
       reply.send({
         oauth: true,
         success: true,
-        ouath_url: `${url}?client_id=${oauth.clientId}&redirect_uri=${oauth.redirectUri}&state=${email}&login=${email}`,
+        ouath_url: `${url}?client_id=${oauth.clientId}&redirect_uri=${oauth.redirectUri}&state=${email}&login=${email}&scope=user`,
       });
     }
   );
@@ -192,13 +192,17 @@ export function authRoutes(fastify: FastifyInstance) {
     async (request: FastifyRequest, reply: FastifyReply) => {
       const { code, state } = request.query as { code: string; state: string };
 
+      const provider = await prisma.provider.findFirst({});
+
+      console.log(provider);
+
       const data = await axios.post(
         `https://github.com/login/oauth/access_token`,
         {
-          client_id: "6b0c6bf8f44a4e0fa153",
-          client_secret: "4967e55b5f98e0ed189072b0584ef2a2a16e673b",
+          client_id: provider?.clientId,
+          client_secret: provider?.clientSecret,
           code: code,
-          redirect_uri: "http://localhost:5003/api/v1/auth/sso/login/check",
+          redirect_uri: provider?.redirectUri,
         },
         {
           headers: {
@@ -209,13 +213,27 @@ export function authRoutes(fastify: FastifyInstance) {
 
       const access_token = data.data;
 
+      console.log(access_token);
+
       if (access_token) {
+        const gh = await axios.get(`https://api.github.com/user/emails`, {
+          headers: {
+            Accept: "application/vnd.github+json",
+            Authorization: `token ${access_token.access_token}`,
+          },
+        });
+
+        const emails = gh.data;
+
+        const filter = emails.filter((e: any) => e.primary === true);
+
         let user = await prisma.user.findUnique({
-          where: { email: state },
+          where: { email: filter[0].email },
         });
 
         if (!user) {
-          reply.code(401).send({
+          reply.send({
+            success: false,
             message: "Invalid email",
           });
         }

apps/api/src/controllers/config.ts

@@ -6,6 +6,7 @@
 // Feature Flags
 
 import { FastifyInstance, FastifyReply, FastifyRequest } from "fastify";
+
 import { checkToken } from "../lib/jwt";
 import { prisma } from "../prisma";
 

apps/api/src/prisma/migrations/20231202030625_/migration.sql

@@ -0,0 +1,2 @@
+-- AlterTable
+ALTER TABLE "Config" ADD COLUMN     "encryption_key" TEXT;

apps/api/src/prisma/migrations/20231202030940_/migration.sql

@@ -0,0 +1,2 @@
+-- AlterTable
+ALTER TABLE "Config" ADD COLUMN     "first_time_setup" BOOLEAN NOT NULL DEFAULT true;

apps/api/src/prisma/migrations/20231202031821_/migration.sql

@@ -0,0 +1,9 @@
+/*
+  Warnings:
+
+  - The `encryption_key` column on the `Config` table would be dropped and recreated. This will lead to data loss if there is data in the column.
+
+*/
+-- AlterTable
+ALTER TABLE "Config" DROP COLUMN "encryption_key",
+ADD COLUMN     "encryption_key" BYTEA;

apps/api/src/prisma/schema.prisma

@@ -242,6 +242,8 @@ model Config {
   out_of_office_message String?
   out_of_office_start   DateTime?
   out_of_office_end     DateTime?
+  encryption_key        Bytes?
+  first_time_setup      Boolean   @default(true)
 }
 
 model Uptime {

apps/api/src/prisma/seed.js

@@ -1,31 +1,59 @@
 const { PrismaClient } = require("@prisma/client");
+const crypto = require("crypto");
 
 const prisma = new PrismaClient();
 
 async function main() {
-  await prisma.user.upsert({
-    where: { email: "[email protected]" },
-    update: {},
-    create: {
-      email: `[email protected]`,
-      name: "admin",
-      isAdmin: true,
-      password: "$2b$10$BFmibvOW7FtY0soAAwujoO9y2tIyB7WEJ2HNq9O7zh9aeejMvRsKu",
-      language: "en",
-    },
-  });
+  const setup = await prisma.config.findFirst({});
 
-  await prisma.client.upsert({
-    where: { email: `[email protected]` },
-    update: {},
-    create: {
-      email: `[email protected]`,
-      name: "internal",
-      contactName: "admin",
-      number: "123456789",
-      active: true,
-    },
-  });
+  if (setup === null) {
+    await prisma.user.upsert({
+      where: { email: "[email protected]" },
+      update: {},
+      create: {
+        email: `[email protected]`,
+        name: "admin",
+        isAdmin: true,
+        password:
+          "$2b$10$BFmibvOW7FtY0soAAwujoO9y2tIyB7WEJ2HNq9O7zh9aeejMvRsKu",
+        language: "en",
+      },
+    });
+
+    await prisma.client.upsert({
+      where: { email: `[email protected]` },
+      update: {},
+      create: {
+        email: `[email protected]`,
+        name: "internal",
+        contactName: "admin",
+        number: "123456789",
+        active: true,
+      },
+    });
+
+    const encryptionKey = crypto.randomBytes(32); // Generates a random key
+
+    const conf = await prisma.config.create({
+      data: {
+        gh_version: "0.3.6",
+        client_version: "0.3.6",
+        portal_locale: "en",
+        encryption_key: encryptionKey,
+      },
+    });
+
+    await prisma.config.update({
+      where: {
+        id: conf.id,
+      },
+      data: {
+        first_time_setup: false,
+      },
+    });
+  } else {
+    console.log("No need to seed, already seeded");
+  }
 }
 
 main()