tanstack.com/src/utils/oauthClient.functions.ts at github-app · TanStack/tanstack.com · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
import { createServerFn } from '@tanstack/react-start'
import * as v from 'valibot'
import { requireAuth, getCurrentUser } from './auth.server'
import {
  listConnectedApps as listConnectedAppsService,
  revokeTokensForClient,
  createAuthorizationCode as createAuthorizationCodeService,
  validateRedirectUri as validateRedirectUriService,
} from '~/auth/oauthClient.server'

/**
 * List the current user's connected OAuth apps
 */
export const listConnectedApps = createServerFn({ method: 'POST' }).handler(
  async () => {
    const user = await requireAuth()

    const apps = await listConnectedAppsService(user.userId)

    return apps.map((app) => ({
      clientId: app.clientId,
      createdAt: app.createdAt,
      lastUsedAt: app.lastUsedAt,
    }))
  },
)

/**
 * Revoke access for a connected OAuth app
 */
export const revokeConnectedApp = createServerFn({ method: 'POST' })
  .inputValidator(
    v.object({
      clientId: v.string(),
    }),
  )
  .handler(async ({ data }) => {
    const user = await requireAuth()

    await revokeTokensForClient(user.userId, data.clientId)

    return { success: true }
  })

/**
 * Create an OAuth authorization code
 */
export const createAuthorizationCode = createServerFn({ method: 'POST' })
  .inputValidator(
    v.object({
      clientId: v.string(),
      redirectUri: v.string(),
      codeChallenge: v.string(),
      codeChallengeMethod: v.optional(v.string()),
      scope: v.optional(v.string()),
    }),
  )
  .handler(async ({ data }) => {
    const user = await getCurrentUser()

    if (!user) {
      throw new Error('Not authenticated')
    }

    // Validate redirect URI
    if (!validateRedirectUriService(data.redirectUri)) {
      throw new Error('Invalid redirect URI')
    }

    const code = await createAuthorizationCodeService({
      userId: user.userId,
      clientId: data.clientId,
      redirectUri: data.redirectUri,
      codeChallenge: data.codeChallenge,
      codeChallengeMethod: data.codeChallengeMethod || 'S256',
      scope: data.scope || 'api',
    })

    return { code }
  })