accounts-frontend/packages/app/services/api/oauth.ts

import { ApplicationType } from 'app/components/dev/apps';
import request from 'app/services/request';

export type Scope = 'minecraft_server_session' | 'offline_access' | 'account_info' | 'account_email';

export interface Client {
    id: string;
    name: string;
    description: string;
}

export interface OauthAppResponse {
    clientId: string;
    clientSecret: string;
    type: ApplicationType;
    name: string;
    websiteUrl: string;
    createdAt: number;
    // fields for 'application' type
    countUsers?: number;
    description?: string;
    redirectUri?: string;
    // fields for 'minecraft-server' type
    minecraftServerIp?: string;
}

interface AuthCodeFlowRequestData {
    client_id: string;
    redirect_uri: string;
    response_type: string;
    scope: string;
    state?: string;
}

interface DeviceCodeFlowRequestData {
    user_code: string;
}

export type OauthRequestData = (AuthCodeFlowRequestData | DeviceCodeFlowRequestData) & {
    description?: string;
};

export interface OAuthValidateResponse {
    session: {
        scopes: Scope[];
    };
    client: Client;
}

interface FormPayloads {
    name?: string;
    description?: string;
    websiteUrl?: string;
    redirectUri?: string;
    minecraftServerIp?: string;
}

const api = {
    validate(oauthData: OauthRequestData) {
        return request
            .get<OAuthValidateResponse>('/api/oauth2/v1/validate', oauthData)
            .catch(handleOauthParamsValidation);
    },

    complete(
        oauthData: OauthRequestData,
        params: { accept?: boolean } = {},
    ): Promise<{
        success: boolean;
        redirectUri?: string;
    }> {
        const query = request.buildQuery(oauthData);

        return request
            .post<{
                success: boolean;
                redirectUri: string;
            }>(
                `/api/oauth2/v1/complete?${query}`,
                typeof params.accept === 'undefined' ? {} : { accept: params.accept },
            )
            .catch((resp = {}) => {
                if (resp.statusCode === 401 && resp.error === 'access_denied') {
                    // user declined permissions
                    return {
                        success: false,
                        redirectUri: resp.redirectUri,
                        originalResponse: resp.originalResponse,
                    };
                }

                if (resp.status === 401 && resp.name === 'Unauthorized') {
                    const error: { [key: string]: any } = new Error('Unauthorized');
                    error.unauthorized = true;
                    throw error;
                }

                if (resp.statusCode === 401 && resp.error === 'accept_required') {
                    const error: { [key: string]: any } = new Error('Permissions accept required');
                    error.acceptRequired = true;
                    throw error;
                }

                return handleOauthParamsValidation(resp);
            });
    },

    create(type: string, formParams: FormPayloads) {
        return request.post<{ success: boolean; data: OauthAppResponse }>(`/api/v1/oauth2/${type}`, formParams);
    },

    update(clientId: string, formParams: FormPayloads) {
        return request.put<{ success: boolean; data: OauthAppResponse }>(`/api/v1/oauth2/${clientId}`, formParams);
    },

    getApp(clientId: string) {
        return request.get<OauthAppResponse>(`/api/v1/oauth2/${clientId}`);
    },

    getAppsByUser(userId: number): Promise<OauthAppResponse[]> {
        return request.get(`/api/v1/accounts/${userId}/oauth2/clients`);
    },

    reset(clientId: string, regenerateSecret: boolean = false) {
        return request.post<{ success: boolean; data: OauthAppResponse }>(
            `/api/v1/oauth2/${clientId}/reset${regenerateSecret ? '?regenerateSecret' : ''}`,
        );
    },

    delete(clientId: string) {
        return request.delete<{ success: boolean }>(`/api/v1/oauth2/${clientId}`);
    },
};

if ('Cypress' in window) {
    (window as any).oauthApi = api;
}

export default api;

function handleOauthParamsValidation(
    resp:
        | Record<string, any>
        | {
              statusCode: number;
              success: false;
              error:
                  | 'invalid_request'
                  | 'unsupported_response_type'
                  | 'invalid_scope'
                  | 'invalid_client'
                  | 'invalid_user_code';
              parameter: string;
          } = {},
) {
    let userMessage: string | null = null;

    if (resp.statusCode === 400 && resp.error === 'invalid_request') {
        userMessage = `Invalid request (${resp.parameter} required).`;
    } else if (resp.statusCode === 400 && resp.error === 'unsupported_response_type') {
        userMessage = `Invalid response type '${resp.parameter}'.`;
    } else if (resp.statusCode === 400 && resp.error === 'invalid_scope') {
        userMessage = `Invalid scope '${resp.parameter}'.`;
    } else if (resp.statusCode === 401 && resp.error === 'invalid_client') {
        userMessage = 'Can not find application you are trying to authorize.';
    }

    return userMessage ? Promise.reject({ ...resp, userMessage }) : Promise.reject(resp);
}
Create app namespace for all absolute requires of app modules. Move all packages under packages yarn workspace 2019-12-08 00:32:00 +05:30			`import { ApplicationType } from 'app/components/dev/apps';`
			`import request from 'app/services/request';`
Decouple oauth api calls into separate module. Simple tests for oauth actions 2016-07-27 23:57:21 +05:30
Change prettier rules 2020-05-24 04:38:24 +05:30			`export type Scope = 'minecraft_server_session' \| 'offline_access' \| 'account_info' \| 'account_email';`
Major deps updates: router, redux, intl, react-transition-group, flow-type, testing deps 2019-06-30 19:02:50 +05:30
Implemented strict mode for the project (broken tests, hundreds of @ts-ignore and new errors are included) [skip ci] 2020-01-18 02:07:52 +05:30			`export interface Client {`
Change prettier rules 2020-05-24 04:38:24 +05:30			`id: string;`
			`name: string;`
			`description: string;`
Implemented strict mode for the project (broken tests, hundreds of @ts-ignore and new errors are included) [skip ci] 2020-01-18 02:07:52 +05:30			`}`
Major deps updates: router, redux, intl, react-transition-group, flow-type, testing deps 2019-06-30 19:02:50 +05:30
Implemented strict mode for the project (broken tests, hundreds of @ts-ignore and new errors are included) [skip ci] 2020-01-18 02:07:52 +05:30			`export interface OauthAppResponse {`
Change prettier rules 2020-05-24 04:38:24 +05:30			`clientId: string;`
			`clientSecret: string;`
			`type: ApplicationType;`
			`name: string;`
			`websiteUrl: string;`
			`createdAt: number;`
			`// fields for 'application' type`
			`countUsers?: number;`
			`description?: string;`
			`redirectUri?: string;`
			`// fields for 'minecraft-server' type`
			`minecraftServerIp?: string;`
Implemented strict mode for the project (broken tests, hundreds of @ts-ignore and new errors are included) [skip ci] 2020-01-18 02:07:52 +05:30			`}`
Implemented UI for Accounts applications management. Introduced copy service and injected it usage into auth finish page. Introduced Collapse component. Introduced Radio component. Generalized Checkbox component to share Radio component styles. Improved Textarea component: it now has auto height functionality. Improved profile/BackButton component: now you can pass custom url. BSOD is no longer displayed on 404 response. 2018-03-26 00:46:45 +05:30
Initial device code flow implementation 2024-12-11 01:12:06 +05:30			`interface AuthCodeFlowRequestData {`
Change prettier rules 2020-05-24 04:38:24 +05:30			`client_id: string;`
			`redirect_uri: string;`
			`response_type: string;`
			`scope: string;`
			`state?: string;`
Implemented strict mode for the project (broken tests, hundreds of @ts-ignore and new errors are included) [skip ci] 2020-01-18 02:07:52 +05:30			`}`
Fix some flow errors 2018-05-03 10:45:09 +05:30
Initial device code flow implementation 2024-12-11 01:12:06 +05:30			`interface DeviceCodeFlowRequestData {`
			`user_code: string;`
Implemented strict mode for the project (broken tests, hundreds of @ts-ignore and new errors are included) [skip ci] 2020-01-18 02:07:52 +05:30			`}`
Fix some flow errors 2018-05-03 10:45:09 +05:30
Initial device code flow implementation 2024-12-11 01:12:06 +05:30			`export type OauthRequestData = (AuthCodeFlowRequestData \| DeviceCodeFlowRequestData) & {`
			`description?: string;`
			`};`

Implemented strict mode for the project (broken tests, hundreds of @ts-ignore and new errors are included) [skip ci] 2020-01-18 02:07:52 +05:30			`export interface OAuthValidateResponse {`
Change prettier rules 2020-05-24 04:38:24 +05:30			`session: {`
			`scopes: Scope[];`
			`};`
			`client: Client;`
Implemented strict mode for the project (broken tests, hundreds of @ts-ignore and new errors are included) [skip ci] 2020-01-18 02:07:52 +05:30			`}`

			`interface FormPayloads {`
Change prettier rules 2020-05-24 04:38:24 +05:30			`name?: string;`
			`description?: string;`
			`websiteUrl?: string;`
			`redirectUri?: string;`
			`minecraftServerIp?: string;`
Implemented strict mode for the project (broken tests, hundreds of @ts-ignore and new errors are included) [skip ci] 2020-01-18 02:07:52 +05:30			`}`
Implemented UI for Accounts applications management. Introduced copy service and injected it usage into auth finish page. Introduced Collapse component. Introduced Radio component. Generalized Checkbox component to share Radio component styles. Improved Textarea component: it now has auto height functionality. Improved profile/BackButton component: now you can pass custom url. BSOD is no longer displayed on 404 response. 2018-03-26 00:46:45 +05:30
Some minor fixes and e2e tests for creating of website app 2018-11-10 14:33:47 +05:30			`const api = {`
Initial device code flow implementation 2024-12-11 01:12:06 +05:30			`validate(oauthData: OauthRequestData) {`
Change prettier rules 2020-05-24 04:38:24 +05:30			`return request`
Initial device code flow implementation 2024-12-11 01:12:06 +05:30			`.get<OAuthValidateResponse>('/api/oauth2/v1/validate', oauthData)`
Change prettier rules 2020-05-24 04:38:24 +05:30			`.catch(handleOauthParamsValidation);`
			`},`

			`complete(`
Initial device code flow implementation 2024-12-11 01:12:06 +05:30			`oauthData: OauthRequestData,`
Change prettier rules 2020-05-24 04:38:24 +05:30			`params: { accept?: boolean } = {},`
			`): Promise<{`
Migrate from flow to typescript 2019-12-07 16:58:52 +05:30			`success: boolean;`
Initial device code flow implementation 2024-12-11 01:12:06 +05:30			`redirectUri?: string;`
Change prettier rules 2020-05-24 04:38:24 +05:30			`}> {`
Initial device code flow implementation 2024-12-11 01:12:06 +05:30			`const query = request.buildQuery(oauthData);`
Change prettier rules 2020-05-24 04:38:24 +05:30
			`return request`
			`.post<{`
			`success: boolean;`
			`redirectUri: string;`
			`}>(`
			`/api/oauth2/v1/complete?${query}`,
			`typeof params.accept === 'undefined' ? {} : { accept: params.accept },`
			`)`
			`.catch((resp = {}) => {`
			`if (resp.statusCode === 401 && resp.error === 'access_denied') {`
			`// user declined permissions`
			`return {`
			`success: false,`
			`redirectUri: resp.redirectUri,`
			`originalResponse: resp.originalResponse,`
			`};`
			`}`

			`if (resp.status === 401 && resp.name === 'Unauthorized') {`
			`const error: { [key: string]: any } = new Error('Unauthorized');`
			`error.unauthorized = true;`
			`throw error;`
			`}`

			`if (resp.statusCode === 401 && resp.error === 'accept_required') {`
			`const error: { [key: string]: any } = new Error('Permissions accept required');`
			`error.acceptRequired = true;`
			`throw error;`
			`}`

			`return handleOauthParamsValidation(resp);`
			`});`
			`},`

			`create(type: string, formParams: FormPayloads) {`
			return request.post<{ success: boolean; data: OauthAppResponse }>(`/api/v1/oauth2/${type}`, formParams);
			`},`

			`update(clientId: string, formParams: FormPayloads) {`
			return request.put<{ success: boolean; data: OauthAppResponse }>(`/api/v1/oauth2/${clientId}`, formParams);
			`},`

			`getApp(clientId: string) {`
			return request.get<OauthAppResponse>(`/api/v1/oauth2/${clientId}`);
			`},`

			`getAppsByUser(userId: number): Promise<OauthAppResponse[]> {`
			return request.get(`/api/v1/accounts/${userId}/oauth2/clients`);
			`},`

			`reset(clientId: string, regenerateSecret: boolean = false) {`
			`return request.post<{ success: boolean; data: OauthAppResponse }>(`
			`/api/v1/oauth2/${clientId}/reset${regenerateSecret ? '?regenerateSecret' : ''}`,
			`);`
			`},`

			`delete(clientId: string) {`
			return request.delete<{ success: boolean }>(`/api/v1/oauth2/${clientId}`);
			`},`
Decouple oauth api calls into separate module. Simple tests for oauth actions 2016-07-27 23:57:21 +05:30			`};`
Some minor fixes and e2e tests for creating of website app 2018-11-10 14:33:47 +05:30
Migrate from flow to typescript 2019-12-07 16:58:52 +05:30			`if ('Cypress' in window) {`
Change prettier rules 2020-05-24 04:38:24 +05:30			`(window as any).oauthApi = api;`
Some minor fixes and e2e tests for creating of website app 2018-11-10 14:33:47 +05:30			`}`

			`export default api;`

Cover oauth with e2e tests and fix some old and newly introduced bugs 2019-12-26 17:48:58 +05:30			`function handleOauthParamsValidation(`
Change prettier rules 2020-05-24 04:38:24 +05:30			`resp:`
Initial device code flow implementation 2024-12-11 01:12:06 +05:30			`\| Record<string, any>`
Change prettier rules 2020-05-24 04:38:24 +05:30			`\| {`
			`statusCode: number;`
			`success: false;`
Initial device code flow implementation 2024-12-11 01:12:06 +05:30			`error:`
			`\| 'invalid_request'`
			`\| 'unsupported_response_type'`
			`\| 'invalid_scope'`
			`\| 'invalid_client'`
			`\| 'invalid_user_code';`
Change prettier rules 2020-05-24 04:38:24 +05:30			`parameter: string;`
			`} = {},`
Cover oauth with e2e tests and fix some old and newly introduced bugs 2019-12-26 17:48:58 +05:30			`) {`
Change prettier rules 2020-05-24 04:38:24 +05:30			`let userMessage: string \| null = null;`

			`if (resp.statusCode === 400 && resp.error === 'invalid_request') {`
			userMessage = `Invalid request (${resp.parameter} required).`;
			`} else if (resp.statusCode === 400 && resp.error === 'unsupported_response_type') {`
			userMessage = `Invalid response type '${resp.parameter}'.`;
			`} else if (resp.statusCode === 400 && resp.error === 'invalid_scope') {`
			userMessage = `Invalid scope '${resp.parameter}'.`;
			`} else if (resp.statusCode === 401 && resp.error === 'invalid_client') {`
			`userMessage = 'Can not find application you are trying to authorize.';`
			`}`

			`return userMessage ? Promise.reject({ ...resp, userMessage }) : Promise.reject(resp);`
Decouple oauth api calls into separate module. Simple tests for oauth actions 2016-07-27 23:57:21 +05:30			`}`