ComputerSurge/shields
3
0
Fork 0
Code Pull Requests 1 Activity
Files
657a146a8e37166b4fffbe417e2c83ec24858fb9
shields/services/github/auth/acceptor.js
dependabot[bot] b9d96755ec chore(deps-dev): bump prettier from 2.8.8 to 3.0.0 (#9357) 
* chore(deps-dev): bump prettier from 2.8.8 to 3.0.0

Bumps [prettier](https://github.com/prettier/prettier) from 2.8.8 to 3.0.0.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.8.8...3.0.0)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* reformat all the things (prettier 3)

* update tests to await calls to prettier.format()

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chris48s <git@chris-shaw.dev>
2023-07-10 09:27:51 +00:00

84 lines
2.7 KiB
JavaScript
Raw Blame History

import queryString from 'query-string'
import { fetch } from '../../../core/base-service/got.js'
import log from '../../../core/server/log.js'
function setRoutes({ server, authHelper, onTokenAccepted }) {
const baseUrl = 'https://img.shields.io'
server.route(/^\/github-auth$/, (data, match, end, ask) => {
ask.res.statusCode = 302 // Found.
const query = queryString.stringify({
// TODO The `_user` property bypasses security checks in AuthHelper.
// (e.g: enforceStrictSsl and shouldAuthenticateRequest).
// Do not use it elsewhere. It would be better to clean this up so
// it's not setting a bad example.
client_id: authHelper._user,
redirect_uri: `${baseUrl}/github-auth/done`,
})
ask.res.setHeader(
'Location',
`https://github.com/login/oauth/authorize?${query}`,
)
end('')
})
server.route(/^\/github-auth\/done$/, async (data, match, end, ask) => {
if (!data.code) {
log.log(`GitHub OAuth data: ${JSON.stringify(data)}`)
return end('GitHub OAuth authentication failed to provide a code.')
}
const options = {
method: 'POST',
headers: {
'Content-type': 'application/x-www-form-urlencoded;charset=UTF-8',
},
form: {
// TODO The `_user` and `_pass` properties bypass security checks in
// AuthHelper (e.g: enforceStrictSsl and shouldAuthenticateRequest).
// Do not use them elsewhere. It would be better to clean
// this up so it's not setting a bad example.
client_id: authHelper._user,
client_secret: authHelper._pass,
code: data.code,
},
}
let resp
try {
resp = await fetch('https://github.com/login/oauth/access_token', options)
} catch (e) {
return end('The connection to GitHub failed.')
}
let content
try {
content = queryString.parse(resp.buffer)
} catch (e) {
return end('The GitHub OAuth token could not be parsed.')
}
const { access_token: token } = content
if (!token) {
return end('The GitHub OAuth process did not return a user token.')
}
ask.res.setHeader('Content-Type', 'text/html')
end(
'<p>Shields.io has received your app-specific GitHub user token. ' +
'You can revoke it by going to ' +
'<a href="https://github.com/settings/applications">GitHub</a>.</p>' +
'<p>Until you do, you have now increased the rate limit for GitHub ' +
'requests going through Shields.io. GitHub-related badges are ' +
'therefore more robust.</p>' +
'<p>Thanks for contributing to a smoother experience for ' +
'everyone!</p>' +
'<p><a href="/">Back to the website</a></p>',
)
onTokenAccepted(token)
})
}
export { setRoutes }
View Git Blame Copy Permalink