Spaces:
Running
Running
| import { redirect, error } from "@sveltejs/kit"; | |
| import { getOIDCUserData, validateAndParseCsrfToken } from "$lib/server/auth"; | |
| import { z } from "zod"; | |
| import { base } from "$app/paths"; | |
| import { updateUser } from "./updateUser"; | |
| export async function load({ url, locals, cookies, request, getClientAddress }) { | |
| const { error: errorName, error_description: errorDescription } = z | |
| .object({ | |
| error: z.string().optional(), | |
| error_description: z.string().optional(), | |
| }) | |
| .parse(Object.fromEntries(url.searchParams.entries())); | |
| if (errorName) { | |
| throw error(400, errorName + (errorDescription ? ": " + errorDescription : "")); | |
| } | |
| const { code, state } = z | |
| .object({ | |
| code: z.string(), | |
| state: z.string(), | |
| }) | |
| .parse(Object.fromEntries(url.searchParams.entries())); | |
| const csrfToken = Buffer.from(state, "base64").toString("utf-8"); | |
| const validatedToken = await validateAndParseCsrfToken(csrfToken, locals.sessionId); | |
| if (!validatedToken) { | |
| throw error(403, "Invalid or expired CSRF token"); | |
| } | |
| const { userData } = await getOIDCUserData({ redirectURI: validatedToken.redirectUrl }, code); | |
| await updateUser({ | |
| userData, | |
| locals, | |
| cookies, | |
| userAgent: request.headers.get("user-agent") ?? undefined, | |
| ip: getClientAddress(), | |
| }); | |
| throw redirect(302, `${base}/`); | |
| } | |