Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
const apiKey = req.header("X-Api-Key");
if (!apiKey) return cb("API key missing");
const userId = await apiLogins.getUserIdByApiKey(apiKey);
if (userId) {
return cb(null, { apiKey, userId });
}
cb("API key not found");
}),
);
// Initialize OAuth2 for Discord login
// When the user logs in through OAuth2, we create them a "login" (= api token) and update their user info in the DB
passport.use(
new OAuth2Strategy(
{
authorizationURL: "https://discordapp.com/api/oauth2/authorize",
tokenURL: "https://discordapp.com/api/oauth2/token",
clientID: process.env.CLIENT_ID,
clientSecret: process.env.CLIENT_SECRET,
callbackURL: process.env.OAUTH_CALLBACK_URL,
scope: ["identify"],
},
async (accessToken, refreshToken, profile, cb) => {
const user = await simpleDiscordAPIRequest(accessToken, "users/@me");
// Make sure the user is able to access at least 1 guild
const permissions = await apiPermissionAssignments.getByUserId(user.id);
if (permissions.length === 0) {
cb(null, {});
return;
module.exports = function (server, config) {
const oauth2Strategy = new OAuth2Strategy(
{
scope: 'profile email openid',
authorizationURL: config.get('AUTH_OAUTH2_AUTHORIZATION_URL'),
tokenURL: config.get('AUTH_OAUTH2_TOKEN_URL'),
clientID: config.get('AUTH_OAUTH2_CLIENT_ID'),
clientSecret: config.get('AUTH_OAUTH2_CLIENT_SECRET'),
callbackURL: config.get('AUTH_OAUTH2_CALLBACK_URL'),
},
(accessToken, refreshToken, params, profile, cb) => {
const err = null;
const user = getOauth2User(accessToken, params, profile);
const info = accessToken;
return cb(err, user, info);
},
);
import request from 'request';
import passport from 'passport';
import OAuth2Strategy from 'passport-oauth2';
import { authenticateOrLogin } from './middleware';
const {
GRAVITY_API_URL,
GRAVITY_ID,
GRAVITY_SECRET,
} = process.env;
const strategy = new OAuth2Strategy({
authorizationURL: GRAVITY_API_URL + '/oauth2/authorize',
tokenURL: GRAVITY_API_URL + '/oauth2/access_token',
clientID: GRAVITY_ID,
clientSecret: GRAVITY_SECRET,
callbackURL: '/auth/artsy/callback',
}, (accessToken, refreshToken, profile, done) => {
request({
url: GRAVITY_API_URL + '/api/v1/me',
headers: { 'X-Access-Token': accessToken },
}, (err, res, body) => {
done(null, JSON.parse(body));
});
});
passport.use('artsy', strategy);
passport.serializeUser((user, done) => done(null, user));