open.source/manifold
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add a shitload of logging to the server auth code (#749)

Browse Source
This commit is contained in:
Marshall Polaris 2022-08-11 20:46:18 -07:00 committed by GitHub
parent 38d9e8190c
commit e2eae01ad8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 36 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
web/lib/firebase/server-auth.ts
View File

@ -74,26 +74,34 @@ type RequestContext = {
const authAndRefreshTokens = async (ctx: RequestContext) => { const authAndRefreshTokens = async (ctx: RequestContext) => {
const adminAuth = (await ensureApp()).auth() const adminAuth = (await ensureApp()).auth()
const clientAuth = getAuth(clientApp) const clientAuth = getAuth(clientApp)
console.debug('Initialized Firebase auth libraries.')
let { id, refresh, custom } = getTokensFromCookies(ctx.req) let { id, refresh, custom } = getTokensFromCookies(ctx.req)
// step 0: if you have no refresh token you are logged out // step 0: if you have no refresh token you are logged out
if (refresh == null) { if (refresh == null) {
console.debug('User is unauthenticated.')
return undefined return undefined
} }
console.debug('User may be authenticated; checking cookies.')
// step 1: given a valid refresh token, ensure a valid ID token // step 1: given a valid refresh token, ensure a valid ID token
if (id != null) { if (id != null) {
// if they have an ID token, throw it out if it's invalid/expired // if they have an ID token, throw it out if it's invalid/expired
try { try {
await adminAuth.verifyIdToken(id) await adminAuth.verifyIdToken(id)
console.debug('Verified ID token.')
} catch { } catch {
id = undefined id = undefined
console.debug('Invalid existing ID token.')
} }
} }
if (id == null) { if (id == null) {
// ask for a new one from google using the refresh token // ask for a new one from google using the refresh token
try { try {
const resp = await requestFirebaseIdToken(refresh) const resp = await requestFirebaseIdToken(refresh)
console.debug('Obtained fresh ID token from Firebase.')
id = resp.id_token id = resp.id_token
refresh = resp.refresh_token refresh = resp.refresh_token
} catch (e) { } catch (e) {
@ -108,27 +116,23 @@ const authAndRefreshTokens = async (ctx: RequestContext) => {
if (custom != null) { if (custom != null) {
// sign in with this token, or throw it out if it's invalid/expired // sign in with this token, or throw it out if it's invalid/expired
try { try {
return { const creds = await signInWithCustomToken(clientAuth, custom)
creds: await signInWithCustomToken(clientAuth, custom), console.debug('Signed in with custom token.')
id, return { creds, id, refresh, custom }
refresh,
custom,
}
} catch { } catch {
custom = undefined custom = undefined
console.debug('Invalid existing custom token.')
} }
} }
if (custom == null) { if (custom == null) {
// ask for a new one from our cloud functions using the ID token, then sign in // ask for a new one from our cloud functions using the ID token, then sign in
try { try {
const resp = await requestManifoldCustomToken(id) const resp = await requestManifoldCustomToken(id)
console.debug('Obtained fresh custom token from backend.')
custom = resp.token custom = resp.token
return { const creds = await signInWithCustomToken(clientAuth, custom)
creds: await signInWithCustomToken(clientAuth, custom), console.debug('Signed in with custom token.')
id, return { creds, id, refresh, custom }
refresh,
custom,
}
} catch (e) { } catch (e) {
// big unexpected problem -- functionally, they are not logged in // big unexpected problem -- functionally, they are not logged in
console.error(e) console.error(e)
@ -138,13 +142,17 @@ const authAndRefreshTokens = async (ctx: RequestContext) => {
} }
export const authenticateOnServer = async (ctx: RequestContext) => { export const authenticateOnServer = async (ctx: RequestContext) => {
console.debug('Server authentication sequence starting.')
const tokens = await authAndRefreshTokens(ctx) const tokens = await authAndRefreshTokens(ctx)
console.debug('Finished checking and refreshing tokens.')
const creds = tokens?.creds const creds = tokens?.creds
try { try {
if (tokens == null) { if (tokens == null) {
deleteTokenCookies(ctx.res) deleteTokenCookies(ctx.res)
console.debug('Not logged in; cleared token cookies.')
} else { } else {
setTokenCookies(tokens, ctx.res) setTokenCookies(tokens, ctx.res)
console.debug('Logged in; set current token cookies.')
} }
} catch (e) { } catch (e) {
// definitely not supposed to happen, but let's be maximally robust // definitely not supposed to happen, but let's be maximally robust
@ -168,8 +176,15 @@ export const redirectIfLoggedIn = <P>(
return async (ctx: GetServerSidePropsContext) => { return async (ctx: GetServerSidePropsContext) => {
const creds = await authenticateOnServer(ctx) const creds = await authenticateOnServer(ctx)
if (creds == null) { if (creds == null) {
return fn != null ? await fn(ctx) : { props: {} } if (fn == null) {
return { props: {} }
} else {
const props = fn(ctx)
console.debug('Finished getting initial props for rendering.')
return props
}
} else { } else {
console.debug(`Redirecting to ${dest}.`)
return { redirect: { destination: dest, permanent: false } } return { redirect: { destination: dest, permanent: false } }
} }
} }
@ -182,9 +197,16 @@ export const redirectIfLoggedOut = <P>(
return async (ctx: GetServerSidePropsContext) => { return async (ctx: GetServerSidePropsContext) => {
const creds = await authenticateOnServer(ctx) const creds = await authenticateOnServer(ctx)
if (creds == null) { if (creds == null) {
console.debug(`Redirecting to ${dest}.`)
return { redirect: { destination: dest, permanent: false } } return { redirect: { destination: dest, permanent: false } }
} else { } else {
return fn != null ? await fn(ctx, creds) : { props: {} } if (fn == null) {
return { props: {} }
} else {
const props = fn(ctx, creds)
console.debug('Finished getting initial props for rendering.')
return props
}
} }
} }
} }