wip gateway

2025-12-21 09:44:21 +01:00 · 2025-08-09 01:28:27 -04:00
parent 81a3e02474
commit 7446f5ad7b
7 changed files with 75 additions and 89 deletions
--- a/cloud/function/src/auth.ts
+++ b/cloud/function/src/auth.ts
@@ -2,7 +2,9 @@ import { Resource } from "sst"
 import { z } from "zod"
 import { issuer } from "@openauthjs/openauth"
 import { createSubjects } from "@openauthjs/openauth/subject"
+import { CodeProvider } from "@openauthjs/openauth/provider/code"
 import { GithubProvider } from "@openauthjs/openauth/provider/github"
+import { GoogleOidcProvider } from "@openauthjs/openauth/provider/google"
 import { CloudflareStorage } from "@openauthjs/openauth/storage/cloudflare"
 import { Account } from "@opencode/cloud-core/account.js"

@@ -30,6 +32,53 @@ export default {
          clientSecret: Resource.GITHUB_CLIENT_SECRET_CONSOLE.value,
          scopes: ["read:user", "user:email"],
        }),
+        google: GoogleOidcProvider({
+          clientID: Resource.GOOGLE_CLIENT_ID.value,
+          scopes: ["openid", "email"],
+        }),
+        //        email: CodeProvider({
+        //          async request(req, state, form, error) {
+        //            console.log(state)
+        //            const params = new URLSearchParams()
+        //            if (error) {
+        //              params.set("error", error.type)
+        //            }
+        //            if (state.type === "start") {
+        //              return Response.redirect(process.env.AUTH_FRONTEND_URL + "/auth/email?" + params.toString(), 302)
+        //            }
+        //
+        //            if (state.type === "code") {
+        //              return Response.redirect(process.env.AUTH_FRONTEND_URL + "/auth/code?" + params.toString(), 302)
+        //            }
+        //
+        //            return new Response("ok")
+        //          },
+        //          async sendCode(claims, code) {
+        //            const email = z.string().email().parse(claims.email)
+        //            const cmd = new SendEmailCommand({
+        //              Destination: {
+        //                ToAddresses: [email],
+        //              },
+        //              FromEmailAddress: `SST <auth@${Resource.Email.sender}>`,
+        //              Content: {
+        //                Simple: {
+        //                  Body: {
+        //                    Html: {
+        //                      Data: `Your pin code is <strong>${code}</strong>`,
+        //                    },
+        //                    Text: {
+        //                      Data: `Your pin code is ${code}`,
+        //                    },
+        //                  },
+        //                  Subject: {
+        //                    Data: "SST Console Pin Code: " + code,
+        //                  },
+        //                },
+        //              },
+        //            })
+        //            await ses.send(cmd)
+        //          },
+        //        }),
      },
      storage: CloudflareStorage({
        namespace: env.AuthStorage,
@@ -50,7 +99,14 @@ export default {
          })
          const user = (await userResponse.json()) as { email: string }
          email = user.email
-        } else throw new Error("Unsupported provider")
+        } else if (response.provider === "google") {
+          if (!response.id.email_verified) throw new Error("Google email not verified")
+          email = response.id.email as string
+        }
+        //if (response.provider === "email") {
+        //  email = response.claims.email
+        //}
+        else throw new Error("Unsupported provider")

        if (!email) throw new Error("No email found")