zias/stats
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(auth): Better error logging

Browse Source
This commit is contained in:
Carl-Gerhard Lindesvärd
2024-12-21 10:20:30 +01:00
parent 3c9450c112
commit b6ab9d3bb9
1 changed files with 58 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
apps/api/src/controllers/oauth-callback.controller.tsx
View File

@@ -54,30 +54,44 @@ export async function githubCallback(
const query = schema.safeParse(req.query); const query = schema.safeParse(req.query);
if (!query.success) { if (!query.success) {
req.log.error('invalid callback query params', {
error: query.error.message,
query: req.query,
provider: 'github',
});
return reply.status(400).send(query.error.message); return reply.status(400).send(query.error.message);
} }
const { code, state, inviteId } = query.data; const { code, state, inviteId } = query.data;
const storedState = req.cookies.github_oauth_state ?? null; const storedState = req.cookies.github_oauth_state ?? null;
if (code === null || state === null || storedState === null) { if (code === null || state === null || storedState === null) {
return new Response('Please restart the process.', { req.log.error('missing oauth parameters', {
status: 400, code: code === null,
state: state === null,
storedState: storedState === null,
provider: 'github',
}); });
return reply.status(400).send('Please restart the process.');
} }
if (state !== storedState) { if (state !== storedState) {
return new Response('Please restart the process.', { req.log.error('oauth state mismatch', {
status: 400, state,
storedState,
provider: 'github',
}); });
return reply.status(400).send('Please restart the process.');
} }
let tokens: OAuth2Tokens; let tokens: OAuth2Tokens;
try { try {
tokens = await github.validateAuthorizationCode(code); tokens = await github.validateAuthorizationCode(code);
} catch { } catch (error) {
// Invalid code or client credentials req.log.error('github authorization failed', {
return new Response('Please restart the process.', { error: error instanceof Error ? error.message : 'Unknown error',
status: 400, provider: 'github',
}); });
return reply.status(400).send('Please restart the process.');
} }
const githubAccessToken = tokens.accessToken(); const githubAccessToken = tokens.accessToken();
@@ -97,6 +111,11 @@ export async function githubCallback(
const userResult = userSchema.safeParse(userJson); const userResult = userSchema.safeParse(userJson);
if (!userResult.success) { if (!userResult.success) {
req.log.error('user schema error', {
error: userResult.error.message,
userJson,
provider: 'github',
});
return reply.status(400).send(userResult.error.message); return reply.status(400).send(userResult.error.message);
} }
const githubUserId = userResult.data.id; const githubUserId = userResult.data.id;
@@ -156,6 +175,10 @@ export async function githubCallback(
} }
if (email === null) { if (email === null) {
req.log.error('github email not found or not verified', {
githubUserId,
provider: 'github',
});
return reply.status(400).send('Please verify your GitHub email address.'); return reply.status(400).send('Please verify your GitHub email address.');
} }
@@ -217,6 +240,11 @@ export async function googleCallback(
const query = schema.safeParse(req.query); const query = schema.safeParse(req.query);
if (!query.success) { if (!query.success) {
req.log.error('invalid callback query params', {
error: query.error.message,
query: req.query,
provider: 'google',
});
return reply.status(400).send(query.error.message); return reply.status(400).send(query.error.message);
} }
@@ -230,16 +258,32 @@ export async function googleCallback(
storedState === null || storedState === null ||
codeVerifier === null codeVerifier === null
) { ) {
req.log.error('missing oauth parameters', {
code: code === null,
state: state === null,
storedState: storedState === null,
codeVerifier: codeVerifier === null,
provider: 'google',
});
return reply.status(400).send('Please restart the process.'); return reply.status(400).send('Please restart the process.');
} }
if (state !== storedState) { if (state !== storedState) {
req.log.error('oauth state mismatch', {
state,
storedState,
provider: 'google',
});
return reply.status(400).send('Please restart the process.'); return reply.status(400).send('Please restart the process.');
} }
let tokens: OAuth2Tokens; let tokens: OAuth2Tokens;
try { try {
tokens = await google.validateAuthorizationCode(code, codeVerifier); tokens = await google.validateAuthorizationCode(code, codeVerifier);
} catch { } catch (error) {
req.log.error('google authorization failed', {
error: error instanceof Error ? error.message : 'Unknown error',
provider: 'google',
});
return reply.status(400).send('Please restart the process.'); return reply.status(400).send('Please restart the process.');
} }
@@ -264,6 +308,11 @@ export async function googleCallback(
const claimsResult = claimsParser.safeParse(claims); const claimsResult = claimsParser.safeParse(claims);
if (!claimsResult.success) { if (!claimsResult.success) {
req.log.error('invalid claims format', {
error: claimsResult.error.message,
claims,
provider: 'google',
});
return reply.status(400).send(claimsResult.error.message); return reply.status(400).send(claimsResult.error.message);
} }