Skip to content
This repository was archived by the owner on Dec 12, 2025. It is now read-only.

Commit 6887dad

Browse files
fox3000foxyfox3000foxy
committed
feat: Enhance OAuth user verification by directly verifying tokens for Discord and Google
1 parent b85fe6d commit 6887dad

File tree

2 files changed

+18
-29
lines changed

2 files changed

+18
-29
lines changed

dist/controllers/UserController.js

Lines changed: 7 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -99,9 +99,7 @@ let Users = class Users {
9999
}
100100
let accessToken;
101101
let verifiedUser;
102-
// Échange le code contre un access_token
103102
if (provider === "discord") {
104-
// Échange code contre access_token
105103
const params = new URLSearchParams({
106104
client_id: process.env.DISCORD_CLIENT_ID,
107105
client_secret: process.env.DISCORD_CLIENT_SECRET,
@@ -118,6 +116,7 @@ let Users = class Users {
118116
return this.sendError(res, 500, "Failed to fetch Discord access token");
119117
const tokenData = await tokenRes.json();
120118
accessToken = tokenData.access_token;
119+
verifiedUser = await this.verifyDiscordToken(accessToken);
121120
}
122121
else if (provider === "google") {
123122
const params = new URLSearchParams({
@@ -136,27 +135,21 @@ let Users = class Users {
136135
return this.sendError(res, 500, "Failed to fetch Google access token");
137136
const tokenData = await tokenRes.json();
138137
accessToken = tokenData.access_token;
138+
verifiedUser = await this.verifyGoogleToken(accessToken);
139139
}
140140
else {
141141
return this.sendError(res, 400, "Unsupported OAuth provider");
142142
}
143-
// Récupère les infos utilisateur depuis le provider
144-
if (provider === "discord") {
145-
verifiedUser = await this.verifyDiscordToken(accessToken);
146-
}
147-
else /*if (provider === "google")*/ {
148-
verifiedUser = await this.verifyGoogleToken(accessToken);
149-
}
150-
// Utilise verifiedUser.id, verifiedUser.email, verifiedUser.username pour la suite
151143
const users = await this.userService.getAllUsersWithDisabled();
152144
const token = req.headers["cookie"]?.toString().split("token=")[1]?.split(";")[0];
153145
let user = await this.userService.authenticateUser(token);
154-
if (typeof verifiedUser === "undefined") {
146+
if (!verifiedUser) {
155147
await this.createLog(req, "loginOAuth", "users", 500);
156148
return this.sendError(res, 500, "Failed to verify OAuth user");
157149
}
158150
if (!user) {
159-
user = users.find((u) => u.discord_id == verifiedUser.id || u.google_id == verifiedUser.id) || null;
151+
user = users.find((u) => (provider === "discord" && u.discord_id == verifiedUser.id) ||
152+
(provider === "google" && u.google_id == verifiedUser.id)) || null;
160153
}
161154
if (!user) {
162155
const userId = crypto_1.default.randomUUID();
@@ -167,7 +160,8 @@ let Users = class Users {
167160
if ((provider === "discord" && !user.discord_id) || (provider === "google" && !user.google_id)) {
168161
await this.userService.associateOAuth(user.user_id, provider, verifiedUser.id);
169162
}
170-
if ((provider === "discord" && user.discord_id && user.discord_id != verifiedUser.id) || (provider === "google" && user.google_id && user.google_id != verifiedUser.id)) {
163+
if ((provider === "discord" && user.discord_id && user.discord_id != verifiedUser.id) ||
164+
(provider === "google" && user.google_id && user.google_id != verifiedUser.id)) {
171165
await this.createLog(req, "loginOAuth", "users", 401, user.user_id);
172166
return this.sendError(res, 401, "OAuth providerId mismatch");
173167
}

src/controllers/UserController.ts

Lines changed: 11 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -96,9 +96,7 @@ export class Users {
9696
let accessToken: string | undefined;
9797
let verifiedUser: { id: string; email: string; username: string };
9898

99-
// Échange le code contre un access_token
10099
if (provider === "discord") {
101-
// Échange code contre access_token
102100
const params = new URLSearchParams({
103101
client_id: process.env.DISCORD_CLIENT_ID!,
104102
client_secret: process.env.DISCORD_CLIENT_SECRET!,
@@ -114,6 +112,7 @@ export class Users {
114112
if (!tokenRes.ok) return this.sendError(res, 500, "Failed to fetch Discord access token");
115113
const tokenData = await tokenRes.json();
116114
accessToken = tokenData.access_token;
115+
verifiedUser = await this.verifyDiscordToken(accessToken!);
117116
} else if (provider === "google") {
118117
const params = new URLSearchParams({
119118
client_id: process.env.GOOGLE_CLIENT_ID!,
@@ -130,30 +129,25 @@ export class Users {
130129
if (!tokenRes.ok) return this.sendError(res, 500, "Failed to fetch Google access token");
131130
const tokenData = await tokenRes.json();
132131
accessToken = tokenData.access_token;
132+
verifiedUser = await this.verifyGoogleToken(accessToken!);
133133
} else {
134134
return this.sendError(res, 400, "Unsupported OAuth provider");
135135
}
136136

137-
// Récupère les infos utilisateur depuis le provider
138-
if (provider === "discord") {
139-
verifiedUser = await this.verifyDiscordToken(accessToken!);
140-
} else /*if (provider === "google")*/ {
141-
verifiedUser = await this.verifyGoogleToken(accessToken!);
142-
}
143-
144-
// Utilise verifiedUser.id, verifiedUser.email, verifiedUser.username pour la suite
145137
const users = await this.userService.getAllUsersWithDisabled();
146138
const token = req.headers["cookie"]?.toString().split("token=")[1]?.split(";")[0];
147-
148139
let user = await this.userService.authenticateUser(token as string);
149140

150-
if (typeof verifiedUser === "undefined") {
141+
if (!verifiedUser) {
151142
await this.createLog(req, "loginOAuth", "users", 500);
152143
return this.sendError(res, 500, "Failed to verify OAuth user");
153144
}
154145

155146
if (!user) {
156-
user = users.find((u) => u.discord_id == verifiedUser.id || u.google_id == verifiedUser.id) || null;
147+
user = users.find((u) =>
148+
(provider === "discord" && u.discord_id == verifiedUser.id) ||
149+
(provider === "google" && u.google_id == verifiedUser.id)
150+
) || null;
157151
}
158152

159153
if (!user) {
@@ -164,17 +158,18 @@ export class Users {
164158
if ((provider === "discord" && !user.discord_id) || (provider === "google" && !user.google_id)) {
165159
await this.userService.associateOAuth(user.user_id, provider, verifiedUser.id);
166160
}
167-
if ((provider === "discord" && user.discord_id && user.discord_id != verifiedUser.id) || (provider === "google" && user.google_id && user.google_id != verifiedUser.id)) {
161+
if ((provider === "discord" && user.discord_id && user.discord_id != verifiedUser.id) ||
162+
(provider === "google" && user.google_id && user.google_id != verifiedUser.id)) {
168163
await this.createLog(req, "loginOAuth", "users", 401, user.user_id);
169164
return this.sendError(res, 401, "OAuth providerId mismatch");
170165
}
171166
}
172-
167+
173168
if (user.disabled) {
174169
await this.createLog(req, "loginOAuth", "users", 403, user.user_id);
175170
return this.sendError(res, 403, "Account is disabled");
176171
}
177-
172+
178173
await this.createLog(req, "loginOAuth", "users", 200, user.user_id);
179174
const apiKey = genKey(user.user_id);
180175
const jwtToken = generateUserJwt(user, apiKey);

0 commit comments

Comments
 (0)