refactor(server): auth (#5895)

Remove `next-auth` and implement our own Authorization/Authentication system from scratch. ## Server - [x] tokens - [x] function - [x] encryption - [x] AuthController - [x] /api/auth/sign-in - [x] /api/auth/sign-out - [x] /api/auth/session - [x] /api/auth/session (WE SUPPORT MULTI-ACCOUNT!) - [x] OAuthPlugin - [x] OAuthController - [x] /oauth/login - [x] /oauth/callback - [x] Providers - [x] Google - [x] GitHub ## Client - [x] useSession - [x] cloudSignIn - [x] cloudSignOut ## NOTE: Tests will be adding in the future
2026-02-12 12:28:42 +00:00 · 2024-03-12 10:00:09 +00:00
parent af49e8cc41
commit fb3a0e7b8f
148 changed files with 3407 additions and 2851 deletions
--- a/packages/backend/server/src/schema.gql
+++ b/packages/backend/server/src/schema.gql
@@ -67,14 +67,14 @@ type InviteUserType {
  """User avatar url"""
  avatarUrl: String

-  """User created date"""
-  createdAt: DateTime
+  """User email verified"""
+  createdAt: DateTime @deprecated(reason: "useless")

  """User email"""
  email: String

  """User email verified"""
-  emailVerified: DateTime
+  emailVerified: Boolean

  """User password has been set"""
  hasPassword: Boolean
@@ -111,7 +111,7 @@ type Mutation {
  addToEarlyAccess(email: String!): Int!
  addWorkspaceFeature(feature: FeatureType!, workspaceId: String!): Int!
  cancelSubscription(idempotencyKey: String!): UserSubscription!
-  changeEmail(token: String!): UserType!
+  changeEmail(email: String!, token: String!): UserType!
  changePassword(newPassword: String!, token: String!): UserType!

  """Create a subscription checkout link of stripe"""
@@ -141,15 +141,17 @@ type Mutation {
  revoke(userId: String!, workspaceId: String!): Boolean!
  revokePage(pageId: String!, workspaceId: String!): Boolean! @deprecated(reason: "use revokePublicPage")
  revokePublicPage(pageId: String!, workspaceId: String!): WorkspacePage!
-  sendChangeEmail(callbackUrl: String!, email: String!): Boolean!
-  sendChangePasswordEmail(callbackUrl: String!, email: String!): Boolean!
-  sendSetPasswordEmail(callbackUrl: String!, email: String!): Boolean!
+  sendChangeEmail(callbackUrl: String!, email: String): Boolean!
+  sendChangePasswordEmail(callbackUrl: String!, email: String): Boolean!
+  sendSetPasswordEmail(callbackUrl: String!, email: String): Boolean!
  sendVerifyChangeEmail(callbackUrl: String!, email: String!, token: String!): Boolean!
+  sendVerifyEmail(callbackUrl: String!): Boolean!
  setBlob(blob: Upload!, workspaceId: String!): String!
  setWorkspaceExperimentalFeature(enable: Boolean!, feature: FeatureType!, workspaceId: String!): Boolean!
  sharePage(pageId: String!, workspaceId: String!): Boolean! @deprecated(reason: "renamed to publicPage")
  signIn(email: String!, password: String!): UserType!
  signUp(email: String!, name: String!, password: String!): UserType!
+  updateProfile(input: UpdateUserInput!): UserType!
  updateSubscriptionRecurring(idempotencyKey: String!, recurring: SubscriptionRecurring!): UserSubscription!

  """Update workspace"""
@@ -157,6 +159,12 @@ type Mutation {

  """Upload user avatar"""
  uploadAvatar(avatar: Upload!): UserType!
+  verifyEmail(token: String!): Boolean!
+}
+
+enum OAuthProviderType {
+  GitHub
+  Google
 }

 """User permission in workspace"""
@@ -239,6 +247,7 @@ type ServerConfigType {

  """server identical name could be shown as badge on user interface"""
  name: String!
+  oauthProviders: [OAuthProviderType!]!

  """server type"""
  type: ServerDeploymentType!
@@ -253,6 +262,7 @@ enum ServerDeploymentType {
 }

 enum ServerFeature {
+  OAuth
  Payment
 }

@@ -288,10 +298,9 @@ enum SubscriptionStatus {
  Unpaid
 }

-type TokenType {
-  refresh: String!
-  sessionToken: String
-  token: String!
+input UpdateUserInput {
+  """User name"""
+  name: String
 }

 input UpdateWorkspaceInput {
@@ -356,14 +365,14 @@ type UserType {
  """User avatar url"""
  avatarUrl: String

-  """User created date"""
-  createdAt: DateTime
+  """User email verified"""
+  createdAt: DateTime @deprecated(reason: "useless")

  """User email"""
  email: String!

  """User email verified"""
-  emailVerified: DateTime
+  emailVerified: Boolean!

  """User password has been set"""
  hasPassword: Boolean
@@ -377,7 +386,7 @@ type UserType {
  name: String!
  quota: UserQuota
  subscription: UserSubscription
-  token: TokenType!
+  token: tokenType! @deprecated(reason: "use [/api/auth/authorize]")
 }

 type WorkspaceBlobSizes {
@@ -432,4 +441,10 @@ type WorkspaceType {

  """Shared pages of workspace"""
  sharedPages: [String!]! @deprecated(reason: "use WorkspaceType.publicPages")
+}
+
+type tokenType {
+  refresh: String!
+  sessionToken: String
+  token: String!
 }