feature(auth): replace clerk.com with custom auth (#103)
* feature(auth): replace clerk.com with custom auth * minor fixes * remove notification preferences * decrease live events interval fix(api): cookies.. # Conflicts: # .gitignore # apps/api/src/index.ts # apps/dashboard/src/app/providers.tsx # packages/trpc/src/trpc.ts
This commit is contained in:
Carl-Gerhard Lindesvärd
committed by
Carl-Gerhard Lindesvärd
Carl-Gerhard Lindesvärd
parent
f28802b1c2
commit
d31d9924a5
@@ -1,164 +1,14 @@
|
||||
import fs from 'node:fs';
|
||||
import path from 'node:path';
|
||||
import type { WebhookEvent } from '@clerk/fastify';
|
||||
import { AccessLevel, db } from '@openpanel/db';
|
||||
import { db } from '@openpanel/db';
|
||||
import {
|
||||
sendSlackNotification,
|
||||
slackInstaller,
|
||||
} from '@openpanel/integrations/src/slack';
|
||||
import { getRedisPub } from '@openpanel/redis';
|
||||
import { zSlackAuthResponse } from '@openpanel/validation';
|
||||
import type { FastifyReply, FastifyRequest } from 'fastify';
|
||||
import { pathOr } from 'ramda';
|
||||
import { Webhook } from 'svix';
|
||||
import { z } from 'zod';
|
||||
|
||||
if (!process.env.CLERK_SIGNING_SECRET) {
|
||||
throw new Error('CLERK_SIGNING_SECRET is required');
|
||||
}
|
||||
|
||||
const wh = new Webhook(process.env.CLERK_SIGNING_SECRET);
|
||||
|
||||
function verify(body: any, headers: FastifyRequest['headers']) {
|
||||
try {
|
||||
const svix_id = headers['svix-id'] as string;
|
||||
const svix_timestamp = headers['svix-timestamp'] as string;
|
||||
const svix_signature = headers['svix-signature'] as string;
|
||||
|
||||
wh.verify(JSON.stringify(body), {
|
||||
'svix-id': svix_id,
|
||||
'svix-timestamp': svix_timestamp,
|
||||
'svix-signature': svix_signature,
|
||||
});
|
||||
|
||||
return true;
|
||||
} catch (error) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
export async function clerkWebhook(
|
||||
request: FastifyRequest<{
|
||||
Body: WebhookEvent;
|
||||
}>,
|
||||
reply: FastifyReply,
|
||||
) {
|
||||
const payload = request.body;
|
||||
const verified = verify(payload, request.headers);
|
||||
|
||||
if (!verified) {
|
||||
return reply.send({ message: 'Invalid signature' });
|
||||
}
|
||||
|
||||
if (payload.type === 'user.created') {
|
||||
const email = payload.data.email_addresses[0]?.email_address;
|
||||
const emails = payload.data.email_addresses.map((e) => e.email_address);
|
||||
|
||||
if (!email) {
|
||||
return Response.json(
|
||||
{ message: 'No email address found' },
|
||||
{ status: 400 },
|
||||
);
|
||||
}
|
||||
|
||||
const user = await db.user.create({
|
||||
data: {
|
||||
id: payload.data.id,
|
||||
email,
|
||||
firstName: payload.data.first_name,
|
||||
lastName: payload.data.last_name,
|
||||
},
|
||||
});
|
||||
|
||||
const memberships = await db.member.findMany({
|
||||
where: {
|
||||
email: {
|
||||
in: emails,
|
||||
},
|
||||
userId: null,
|
||||
},
|
||||
});
|
||||
|
||||
for (const membership of memberships) {
|
||||
const access = pathOr<string[]>([], ['meta', 'access'], membership);
|
||||
await db.$transaction([
|
||||
// Update the member to link it to the user
|
||||
// This will remove the item from invitations
|
||||
db.member.update({
|
||||
where: {
|
||||
id: membership.id,
|
||||
},
|
||||
data: {
|
||||
userId: user.id,
|
||||
},
|
||||
}),
|
||||
db.projectAccess.createMany({
|
||||
data: access
|
||||
.filter((a) => typeof a === 'string')
|
||||
.map((projectId) => ({
|
||||
organizationId: membership.organizationId,
|
||||
projectId: projectId,
|
||||
userId: user.id,
|
||||
level: AccessLevel.read,
|
||||
})),
|
||||
}),
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
if (payload.type === 'organizationMembership.created') {
|
||||
const access = payload.data.public_metadata.access;
|
||||
if (Array.isArray(access)) {
|
||||
await db.projectAccess.createMany({
|
||||
data: access
|
||||
.filter((a): a is string => typeof a === 'string')
|
||||
.map((projectId) => ({
|
||||
organizationId: payload.data.organization.slug,
|
||||
projectId: projectId,
|
||||
userId: payload.data.public_user_data.user_id,
|
||||
level: AccessLevel.read,
|
||||
})),
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
if (payload.type === 'user.deleted') {
|
||||
await db.$transaction([
|
||||
db.user.update({
|
||||
where: {
|
||||
id: payload.data.id,
|
||||
},
|
||||
data: {
|
||||
deletedAt: new Date(),
|
||||
firstName: null,
|
||||
lastName: null,
|
||||
},
|
||||
}),
|
||||
db.projectAccess.deleteMany({
|
||||
where: {
|
||||
userId: payload.data.id,
|
||||
},
|
||||
}),
|
||||
db.member.deleteMany({
|
||||
where: {
|
||||
userId: payload.data.id,
|
||||
},
|
||||
}),
|
||||
]);
|
||||
}
|
||||
|
||||
if (payload.type === 'organizationMembership.deleted') {
|
||||
await db.projectAccess.deleteMany({
|
||||
where: {
|
||||
organizationId: payload.data.organization.slug,
|
||||
userId: payload.data.public_user_data.user_id,
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
reply.send({ success: true });
|
||||
}
|
||||
|
||||
const paramsSchema = z.object({
|
||||
code: z.string(),
|
||||
state: z.string(),
|
||||
@@ -172,7 +22,7 @@ const metadataSchema = z.object({
|
||||
|
||||
export async function slackWebhook(
|
||||
request: FastifyRequest<{
|
||||
Querystring: WebhookEvent;
|
||||
Querystring: unknown;
|
||||
}>,
|
||||
reply: FastifyReply,
|
||||
) {
|
||||
|
||||
Reference in New Issue
Block a user