🦂

quochuydev · quochuydev · commit c7b4f25eb711 · 2024-08-15T12:39:15.000+07:00
diff --git a/auth/app/api/auth/callback/[provider]/route.ts b/auth/app/api/auth/callback/[provider]/route.ts
@@ -8,6 +8,7 @@ import {
 } from "@/lib/constant";
 import { deleteCookie, setAuthSessionCookie } from "@/lib/cookie";
 import { prisma } from "@/lib/prisma";
+import { getWellKnown } from "@/lib/zitadel";
 import jwt from "jsonwebtoken";
 import { cookies } from "next/headers";
 import { NextRequest, NextResponse } from "next/server";
@@ -48,21 +49,7 @@ async function handler(
     tokenParams.append("redirect_uri", configuration[provider].redirectUrl);
     tokenParams.append("code_verifier", codeVerifierCookie.value);
 
-    const wellKnownResponse = await fetch(
-      `${configuration[provider].issuer}/.well-known/openid-configuration`
-    );
-
-    const wellKnown = (await wellKnownResponse.json()) as {
-      issuer: string;
-      authorization_endpoint: string;
-      token_endpoint: string;
-      userinfo_endpoint: string;
-      end_session_endpoint: string;
-    };
-
-    if (wellKnownResponse.status !== 200) {
-      throw { code: wellKnownResponse.status, details: wellKnown };
-    }
+    const wellKnown = await getWellKnown(configuration[provider].issuer);
 
     const response = await fetch(wellKnown.token_endpoint, {
       method: "post",
diff --git a/auth/app/api/auth/signin/[provider]/route.ts b/auth/app/api/auth/signin/[provider]/route.ts
@@ -12,6 +12,7 @@ import {
   stateCookieName,
 } from "@/lib/constant";
 import { deleteCookie, setShortLiveCookie } from "@/lib/cookie";
+import { getWellKnown } from "@/lib/zitadel";
 import { cookies } from "next/headers";
 import { NextRequest, NextResponse } from "next/server";
 import { URLSearchParams } from "url";
@@ -38,21 +39,7 @@ export async function POST(
   if (!csrfTokenCookie) throw new Error("csrfToken cookie not found");
   if (csrfTokenCookie.value !== csrfToken) throw new Error("Invalid csrfToken");
 
-  const wellKnownResponse = await fetch(
-    `${configuration[provider].issuer}/.well-known/openid-configuration`
-  );
-
-  const wellKnown = (await wellKnownResponse.json()) as {
-    issuer: string;
-    authorization_endpoint: string;
-    token_endpoint: string;
-    userinfo_endpoint: string;
-    end_session_endpoint: string;
-  };
-
-  if (wellKnownResponse.status !== 200) {
-    throw { code: wellKnownResponse.status, details: wellKnown };
-  }
+  const wellKnown = await getWellKnown(configuration[provider].issuer);
 
   const codeVerifier = generateCodeVerifier();
   const codeChallenge = generateCodeChallenge(codeVerifier);
diff --git a/auth/app/api/auth/signout/[provider]/route.ts b/auth/app/api/auth/signout/[provider]/route.ts
@@ -2,6 +2,7 @@ import configuration from "@/configuration";
 import { authSessionCookieName, returnUrlCookieName } from "@/lib/constant";
 import { setShortLiveCookie } from "@/lib/cookie";
 import { prisma } from "@/lib/prisma";
+import { getWellKnown } from "@/lib/zitadel";
 import { Prisma } from "@prisma/client";
 import { cookies } from "next/headers";
 import { NextRequest, NextResponse } from "next/server";
@@ -23,21 +24,7 @@ export async function POST(
     const provider = params.provider;
     if (!provider) throw new Error("provider not found");
 
-    const wellKnownResponse = await fetch(
-      `${configuration[provider].issuer}/.well-known/openid-configuration`
-    );
-
-    const wellKnown = (await wellKnownResponse.json()) as {
-      issuer: string;
-      authorization_endpoint: string;
-      token_endpoint: string;
-      userinfo_endpoint: string;
-      end_session_endpoint: string;
-    };
-
-    if (wellKnownResponse.status !== 200) {
-      throw { code: wellKnownResponse.status, details: wellKnown };
-    }
+    const wellKnown = await getWellKnown(configuration[provider].issuer);
 
     const requestParams = new URLSearchParams({
       client_id: configuration[provider].clientId,
diff --git a/auth/configuration.ts b/auth/configuration.ts
@@ -16,7 +16,7 @@ if (process.env.ENV_PATH) {
 const schema = z.object({
   appUrl: z.string(),
   domain: z.string(),
-  originRegex: z.unknown(),
+  originRegex: z.any(),
   cookie: z.object({
     httpOnly: z.boolean(),
     secure: z.boolean(),
diff --git a/auth/lib/zitadel.ts b/auth/lib/zitadel.ts
@@ -0,0 +1,19 @@
+export async function getWellKnown(issuer: string) {
+  const wellKnownResponse = await fetch(
+    new URL(`/.well-known/openid-configuration`, issuer).toString()
+  );
+
+  const wellKnown = (await wellKnownResponse.json()) as {
+    issuer: string;
+    authorization_endpoint: string;
+    token_endpoint: string;
+    userinfo_endpoint: string;
+    end_session_endpoint: string;
+  };
+
+  if (wellKnownResponse.status !== 200) {
+    throw { code: wellKnownResponse.status, details: wellKnown };
+  }
+
+  return wellKnown;
+}
