refactor(server): auth (#5895)

Remove `next-auth` and implement our own Authorization/Authentication system from scratch. ## Server - [x] tokens - [x] function - [x] encryption - [x] AuthController - [x] /api/auth/sign-in - [x] /api/auth/sign-out - [x] /api/auth/session - [x] /api/auth/session (WE SUPPORT MULTI-ACCOUNT!) - [x] OAuthPlugin - [x] OAuthController - [x] /oauth/login - [x] /oauth/callback - [x] Providers - [x] Google - [x] GitHub ## Client - [x] useSession - [x] cloudSignIn - [x] cloudSignOut ## NOTE: Tests will be adding in the future
2026-02-13 21:05:19 +00:00 · 2024-03-12 10:00:09 +00:00
parent af49e8cc41
commit fb3a0e7b8f
148 changed files with 3407 additions and 2851 deletions
--- a/packages/frontend/graphql/src/graphql/change-email.gql
+++ b/packages/frontend/graphql/src/graphql/change-email.gql
@@ -1,8 +1,6 @@
-mutation changeEmail($token: String!) {
-  changeEmail(token: $token) {
+mutation changeEmail($token: String!, $email: String!) {
+  changeEmail(token: $token, email: $email) {
    id
-    name
-    avatarUrl
    email
  }
 }
--- a/packages/frontend/graphql/src/graphql/change-password.gql
+++ b/packages/frontend/graphql/src/graphql/change-password.gql
@@ -1,8 +1,5 @@
 mutation changePassword($token: String!, $newPassword: String!) {
  changePassword(token: $token, newPassword: $newPassword) {
    id
-    name
-    avatarUrl
-    email
  }
 }
--- a/packages/frontend/graphql/src/graphql/early-access-list.gql
+++ b/packages/frontend/graphql/src/graphql/early-access-list.gql
@@ -5,7 +5,6 @@ query earlyAccessUsers {
    email
    avatarUrl
    emailVerified
-    createdAt
    subscription {
      plan
      recurring
--- a/packages/frontend/graphql/src/graphql/get-current-user.gql
+++ b/packages/frontend/graphql/src/graphql/get-current-user.gql
@@ -5,7 +5,6 @@ query getCurrentUser {
    email
    emailVerified
    avatarUrl
-    createdAt
    token {
      sessionToken
    }
--- a/packages/frontend/graphql/src/graphql/get-oauth-providers.gql
+++ b/packages/frontend/graphql/src/graphql/get-oauth-providers.gql
@@ -0,0 +1,5 @@
+query oauthProviders {
+  serverConfig {
+    oauthProviders
+  }
+}
--- a/packages/frontend/graphql/src/graphql/index.ts
+++ b/packages/frontend/graphql/src/graphql/index.ts
@@ -101,11 +101,9 @@ export const changeEmailMutation = {
  definitionName: 'changeEmail',
  containsFile: false,
  query: `
-mutation changeEmail($token: String!) {
-  changeEmail(token: $token) {
+mutation changeEmail($token: String!, $email: String!) {
+  changeEmail(token: $token, email: $email) {
    id
-    name
-    avatarUrl
    email
  }
 }`,
@@ -120,9 +118,6 @@ export const changePasswordMutation = {
 mutation changePassword($token: String!, $newPassword: String!) {
  changePassword(token: $token, newPassword: $newPassword) {
    id
-    name
-    avatarUrl
-    email
  }
 }`,
 };
@@ -212,7 +207,6 @@ query earlyAccessUsers {
    email
    avatarUrl
    emailVerified
-    createdAt
    subscription {
      plan
      recurring
@@ -248,7 +242,6 @@ query getCurrentUser {
    email
    emailVerified
    avatarUrl
-    createdAt
    token {
      sessionToken
    }
@@ -324,6 +317,19 @@ query getMembersByWorkspaceId($workspaceId: String!, $skip: Int!, $take: Int!) {
 }`,
 };

+export const oauthProvidersQuery = {
+  id: 'oauthProvidersQuery' as const,
+  operationName: 'oauthProviders',
+  definitionName: 'serverConfig',
+  containsFile: false,
+  query: `
+query oauthProviders {
+  serverConfig {
+    oauthProviders
+  }
+}`,
+};
+
 export const getPublicWorkspaceQuery = {
  id: 'getPublicWorkspaceQuery' as const,
  operationName: 'getPublicWorkspace',
@@ -627,8 +633,8 @@ export const sendChangeEmailMutation = {
  definitionName: 'sendChangeEmail',
  containsFile: false,
  query: `
-mutation sendChangeEmail($email: String!, $callbackUrl: String!) {
-  sendChangeEmail(email: $email, callbackUrl: $callbackUrl)
+mutation sendChangeEmail($callbackUrl: String!) {
+  sendChangeEmail(callbackUrl: $callbackUrl)
 }`,
 };

@@ -638,8 +644,8 @@ export const sendChangePasswordEmailMutation = {
  definitionName: 'sendChangePasswordEmail',
  containsFile: false,
  query: `
-mutation sendChangePasswordEmail($email: String!, $callbackUrl: String!) {
-  sendChangePasswordEmail(email: $email, callbackUrl: $callbackUrl)
+mutation sendChangePasswordEmail($callbackUrl: String!) {
+  sendChangePasswordEmail(callbackUrl: $callbackUrl)
 }`,
 };

@@ -649,8 +655,8 @@ export const sendSetPasswordEmailMutation = {
  definitionName: 'sendSetPasswordEmail',
  containsFile: false,
  query: `
-mutation sendSetPasswordEmail($email: String!, $callbackUrl: String!) {
-  sendSetPasswordEmail(email: $email, callbackUrl: $callbackUrl)
+mutation sendSetPasswordEmail($callbackUrl: String!) {
+  sendSetPasswordEmail(callbackUrl: $callbackUrl)
 }`,
 };

@@ -665,6 +671,17 @@ mutation sendVerifyChangeEmail($token: String!, $email: String!, $callbackUrl: S
 }`,
 };

+export const sendVerifyEmailMutation = {
+  id: 'sendVerifyEmailMutation' as const,
+  operationName: 'sendVerifyEmail',
+  definitionName: 'sendVerifyEmail',
+  containsFile: false,
+  query: `
+mutation sendVerifyEmail($callbackUrl: String!) {
+  sendVerifyEmail(callbackUrl: $callbackUrl)
+}`,
+};
+
 export const serverConfigQuery = {
  id: 'serverConfigQuery' as const,
  operationName: 'serverConfig',
@@ -695,36 +712,6 @@ mutation setWorkspacePublicById($id: ID!, $public: Boolean!) {
 }`,
 };

-export const signInMutation = {
-  id: 'signInMutation' as const,
-  operationName: 'signIn',
-  definitionName: 'signIn',
-  containsFile: false,
-  query: `
-mutation signIn($email: String!, $password: String!) {
-  signIn(email: $email, password: $password) {
-    token {
-      token
-    }
-  }
-}`,
-};
-
-export const signUpMutation = {
-  id: 'signUpMutation' as const,
-  operationName: 'signUp',
-  definitionName: 'signUp',
-  containsFile: false,
-  query: `
-mutation signUp($name: String!, $email: String!, $password: String!) {
-  signUp(name: $name, email: $email, password: $password) {
-    token {
-      token
-    }
-  }
-}`,
-};
-
 export const subscriptionQuery = {
  id: 'subscriptionQuery' as const,
  operationName: 'subscription',
@@ -766,6 +753,20 @@ mutation updateSubscription($recurring: SubscriptionRecurring!, $idempotencyKey:
 }`,
 };

+export const updateUserProfileMutation = {
+  id: 'updateUserProfileMutation' as const,
+  operationName: 'updateUserProfile',
+  definitionName: 'updateProfile',
+  containsFile: false,
+  query: `
+mutation updateUserProfile($input: UpdateUserInput!) {
+  updateProfile(input: $input) {
+    id
+    name
+  }
+}`,
+};
+
 export const uploadAvatarMutation = {
  id: 'uploadAvatarMutation' as const,
  operationName: 'uploadAvatar',
@@ -782,6 +783,17 @@ mutation uploadAvatar($avatar: Upload!) {
 }`,
 };

+export const verifyEmailMutation = {
+  id: 'verifyEmailMutation' as const,
+  operationName: 'verifyEmail',
+  definitionName: 'verifyEmail',
+  containsFile: false,
+  query: `
+mutation verifyEmail($token: String!) {
+  verifyEmail(token: $token)
+}`,
+};
+
 export const enabledFeaturesQuery = {
  id: 'enabledFeaturesQuery' as const,
  operationName: 'enabledFeatures',
--- a/packages/frontend/graphql/src/graphql/send-change-email.gql
+++ b/packages/frontend/graphql/src/graphql/send-change-email.gql
@@ -1,3 +1,3 @@
-mutation sendChangeEmail($email: String!, $callbackUrl: String!) {
-  sendChangeEmail(email: $email, callbackUrl: $callbackUrl)
+mutation sendChangeEmail($callbackUrl: String!) {
+  sendChangeEmail(callbackUrl: $callbackUrl)
 }
--- a/packages/frontend/graphql/src/graphql/send-change-password-email.gql
+++ b/packages/frontend/graphql/src/graphql/send-change-password-email.gql
@@ -1,3 +1,3 @@
-mutation sendChangePasswordEmail($email: String!, $callbackUrl: String!) {
-  sendChangePasswordEmail(email: $email, callbackUrl: $callbackUrl)
+mutation sendChangePasswordEmail($callbackUrl: String!) {
+  sendChangePasswordEmail(callbackUrl: $callbackUrl)
 }
--- a/packages/frontend/graphql/src/graphql/send-set-password-email.gql
+++ b/packages/frontend/graphql/src/graphql/send-set-password-email.gql
@@ -1,3 +1,3 @@
-mutation sendSetPasswordEmail($email: String!, $callbackUrl: String!) {
-  sendSetPasswordEmail(email: $email, callbackUrl: $callbackUrl)
+mutation sendSetPasswordEmail($callbackUrl: String!) {
+  sendSetPasswordEmail(callbackUrl: $callbackUrl)
 }
--- a/packages/frontend/graphql/src/graphql/send-verify-email.gql
+++ b/packages/frontend/graphql/src/graphql/send-verify-email.gql
@@ -0,0 +1,3 @@
+mutation sendVerifyEmail($callbackUrl: String!) {
+  sendVerifyEmail(callbackUrl: $callbackUrl)
+}
--- a/packages/frontend/graphql/src/graphql/sign-in.gql
+++ b/packages/frontend/graphql/src/graphql/sign-in.gql
@@ -1,7 +0,0 @@
-mutation signIn($email: String!, $password: String!) {
-  signIn(email: $email, password: $password) {
-    token {
-      token
-    }
-  }
-}
--- a/packages/frontend/graphql/src/graphql/sign-up.gql
+++ b/packages/frontend/graphql/src/graphql/sign-up.gql
@@ -1,7 +0,0 @@
-mutation signUp($name: String!, $email: String!, $password: String!) {
-  signUp(name: $name, email: $email, password: $password) {
-    token {
-      token
-    }
-  }
-}
--- a/packages/frontend/graphql/src/graphql/update-user-profile.gql
+++ b/packages/frontend/graphql/src/graphql/update-user-profile.gql
@@ -0,0 +1,6 @@
+mutation updateUserProfile($input: UpdateUserInput!) {
+  updateProfile(input: $input) {
+    id
+    name
+  }
+}
--- a/packages/frontend/graphql/src/graphql/verify-email.gql
+++ b/packages/frontend/graphql/src/graphql/verify-email.gql
@@ -0,0 +1,3 @@
+mutation verifyEmail($token: String!) {
+  verifyEmail(token: $token)
+}
--- a/packages/frontend/graphql/src/schema.ts
+++ b/packages/frontend/graphql/src/schema.ts
@@ -57,6 +57,11 @@ export enum InvoiceStatus {
  Void = 'Void',
 }

+export enum OAuthProviderType {
+  GitHub = 'GitHub',
+  Google = 'Google',
+}
+
 /** User permission in workspace */
 export enum Permission {
  Admin = 'Admin',
@@ -77,6 +82,7 @@ export enum ServerDeploymentType {
 }

 export enum ServerFeature {
+  OAuth = 'OAuth',
  Payment = 'Payment',
 }

@@ -104,6 +110,11 @@ export enum SubscriptionStatus {
  Unpaid = 'Unpaid',
 }

+export interface UpdateUserInput {
+  /** User name */
+  name: InputMaybe<Scalars['String']['input']>;
+}
+
 export interface UpdateWorkspaceInput {
  id: Scalars['ID']['input'];
  /** is Public workspace */
@@ -176,17 +187,12 @@ export type CancelSubscriptionMutation = {

 export type ChangeEmailMutationVariables = Exact<{
  token: Scalars['String']['input'];
+  email: Scalars['String']['input'];
 }>;

 export type ChangeEmailMutation = {
  __typename?: 'Mutation';
-  changeEmail: {
-    __typename?: 'UserType';
-    id: string;
-    name: string;
-    avatarUrl: string | null;
-    email: string;
-  };
+  changeEmail: { __typename?: 'UserType'; id: string; email: string };
 };

 export type ChangePasswordMutationVariables = Exact<{
@@ -196,13 +202,7 @@ export type ChangePasswordMutationVariables = Exact<{

 export type ChangePasswordMutation = {
  __typename?: 'Mutation';
-  changePassword: {
-    __typename?: 'UserType';
-    id: string;
-    name: string;
-    avatarUrl: string | null;
-    email: string;
-  };
+  changePassword: { __typename?: 'UserType'; id: string };
 };

 export type CreateCheckoutSessionMutationVariables = Exact<{
@@ -270,8 +270,7 @@ export type EarlyAccessUsersQuery = {
    name: string;
    email: string;
    avatarUrl: string | null;
-    emailVerified: string | null;
-    createdAt: string | null;
+    emailVerified: boolean;
    subscription: {
      __typename?: 'UserSubscription';
      plan: SubscriptionPlan;
@@ -301,10 +300,9 @@ export type GetCurrentUserQuery = {
    id: string;
    name: string;
    email: string;
-    emailVerified: string | null;
+    emailVerified: boolean;
    avatarUrl: string | null;
-    createdAt: string | null;
-    token: { __typename?: 'TokenType'; sessionToken: string | null };
+    token: { __typename?: 'tokenType'; sessionToken: string | null };
  } | null;
 };

@@ -365,11 +363,21 @@ export type GetMembersByWorkspaceIdQuery = {
      permission: Permission;
      inviteId: string;
      accepted: boolean;
-      emailVerified: string | null;
+      emailVerified: boolean | null;
    }>;
  };
 };

+export type OauthProvidersQueryVariables = Exact<{ [key: string]: never }>;
+
+export type OauthProvidersQuery = {
+  __typename?: 'Query';
+  serverConfig: {
+    __typename?: 'ServerConfigType';
+    oauthProviders: Array<OAuthProviderType>;
+  };
+};
+
 export type GetPublicWorkspaceQueryVariables = Exact<{
  id: Scalars['String']['input'];
 }>;
@@ -386,18 +394,14 @@ export type GetUserQueryVariables = Exact<{
 export type GetUserQuery = {
  __typename?: 'Query';
  user:
-    | {
-        __typename: 'LimitedUserType';
-        email: string;
-        hasPassword: boolean | null;
-      }
+    | { __typename: 'LimitedUserType'; email: string; hasPassword: boolean }
    | {
        __typename: 'UserType';
        id: string;
        name: string;
        avatarUrl: string | null;
        email: string;
-        hasPassword: boolean | null;
+        hasPassword: boolean;
      }
    | null;
 };
@@ -628,7 +632,6 @@ export type RevokePublicPageMutation = {
 };

 export type SendChangeEmailMutationVariables = Exact<{
-  email: Scalars['String']['input'];
  callbackUrl: Scalars['String']['input'];
 }>;

@@ -638,7 +641,6 @@ export type SendChangeEmailMutation = {
 };

 export type SendChangePasswordEmailMutationVariables = Exact<{
-  email: Scalars['String']['input'];
  callbackUrl: Scalars['String']['input'];
 }>;

@@ -648,7 +650,6 @@ export type SendChangePasswordEmailMutation = {
 };

 export type SendSetPasswordEmailMutationVariables = Exact<{
-  email: Scalars['String']['input'];
  callbackUrl: Scalars['String']['input'];
 }>;

@@ -668,6 +669,15 @@ export type SendVerifyChangeEmailMutation = {
  sendVerifyChangeEmail: boolean;
 };

+export type SendVerifyEmailMutationVariables = Exact<{
+  callbackUrl: Scalars['String']['input'];
+}>;
+
+export type SendVerifyEmailMutation = {
+  __typename?: 'Mutation';
+  sendVerifyEmail: boolean;
+};
+
 export type ServerConfigQueryVariables = Exact<{ [key: string]: never }>;

 export type ServerConfigQuery = {
@@ -692,33 +702,6 @@ export type SetWorkspacePublicByIdMutation = {
  updateWorkspace: { __typename?: 'WorkspaceType'; id: string };
 };

-export type SignInMutationVariables = Exact<{
-  email: Scalars['String']['input'];
-  password: Scalars['String']['input'];
-}>;
-
-export type SignInMutation = {
-  __typename?: 'Mutation';
-  signIn: {
-    __typename?: 'UserType';
-    token: { __typename?: 'TokenType'; token: string };
-  };
-};
-
-export type SignUpMutationVariables = Exact<{
-  name: Scalars['String']['input'];
-  email: Scalars['String']['input'];
-  password: Scalars['String']['input'];
-}>;
-
-export type SignUpMutation = {
-  __typename?: 'Mutation';
-  signUp: {
-    __typename?: 'UserType';
-    token: { __typename?: 'TokenType'; token: string };
-  };
-};
-
 export type SubscriptionQueryVariables = Exact<{ [key: string]: never }>;

 export type SubscriptionQuery = {
@@ -755,6 +738,15 @@ export type UpdateSubscriptionMutation = {
  };
 };

+export type UpdateUserProfileMutationVariables = Exact<{
+  input: UpdateUserInput;
+}>;
+
+export type UpdateUserProfileMutation = {
+  __typename?: 'Mutation';
+  updateProfile: { __typename?: 'UserType'; id: string; name: string };
+};
+
 export type UploadAvatarMutationVariables = Exact<{
  avatar: Scalars['Upload']['input'];
 }>;
@@ -770,6 +762,15 @@ export type UploadAvatarMutation = {
  };
 };

+export type VerifyEmailMutationVariables = Exact<{
+  token: Scalars['String']['input'];
+}>;
+
+export type VerifyEmailMutation = {
+  __typename?: 'Mutation';
+  verifyEmail: boolean;
+};
+
 export type EnabledFeaturesQueryVariables = Exact<{
  id: Scalars['String']['input'];
 }>;
@@ -938,6 +939,11 @@ export type Queries =
      variables: GetMembersByWorkspaceIdQueryVariables;
      response: GetMembersByWorkspaceIdQuery;
    }
+  | {
+      name: 'oauthProvidersQuery';
+      variables: OauthProvidersQueryVariables;
+      response: OauthProvidersQuery;
+    }
  | {
      name: 'getPublicWorkspaceQuery';
      variables: GetPublicWorkspaceQueryVariables;
@@ -1145,31 +1151,36 @@ export type Mutations =
      variables: SendVerifyChangeEmailMutationVariables;
      response: SendVerifyChangeEmailMutation;
    }
+  | {
+      name: 'sendVerifyEmailMutation';
+      variables: SendVerifyEmailMutationVariables;
+      response: SendVerifyEmailMutation;
+    }
  | {
      name: 'setWorkspacePublicByIdMutation';
      variables: SetWorkspacePublicByIdMutationVariables;
      response: SetWorkspacePublicByIdMutation;
    }
-  | {
-      name: 'signInMutation';
-      variables: SignInMutationVariables;
-      response: SignInMutation;
-    }
-  | {
-      name: 'signUpMutation';
-      variables: SignUpMutationVariables;
-      response: SignUpMutation;
-    }
  | {
      name: 'updateSubscriptionMutation';
      variables: UpdateSubscriptionMutationVariables;
      response: UpdateSubscriptionMutation;
    }
+  | {
+      name: 'updateUserProfileMutation';
+      variables: UpdateUserProfileMutationVariables;
+      response: UpdateUserProfileMutation;
+    }
  | {
      name: 'uploadAvatarMutation';
      variables: UploadAvatarMutationVariables;
      response: UploadAvatarMutation;
    }
+  | {
+      name: 'verifyEmailMutation';
+      variables: VerifyEmailMutationVariables;
+      response: VerifyEmailMutation;
+    }
  | {
      name: 'setWorkspaceExperimentalFeatureMutation';
      variables: SetWorkspaceExperimentalFeatureMutationVariables;