Spaces:
Running
Running
import { redirect, error } from "@sveltejs/kit"; | |
import { getOIDCUserData, validateAndParseCsrfToken } from "$lib/server/auth"; | |
import { z } from "zod"; | |
import { base } from "$app/paths"; | |
import { updateUser } from "./updateUser"; | |
export async function load({ url, locals, cookies }) { | |
const { error: errorName, error_description: errorDescription } = z | |
.object({ | |
error: z.string().optional(), | |
error_description: z.string().optional(), | |
}) | |
.parse(Object.fromEntries(url.searchParams.entries())); | |
if (errorName) { | |
throw error(400, errorName + (errorDescription ? ": " + errorDescription : "")); | |
} | |
const { code, state } = z | |
.object({ | |
code: z.string(), | |
state: z.string(), | |
}) | |
.parse(Object.fromEntries(url.searchParams.entries())); | |
const csrfToken = Buffer.from(state, "base64").toString("utf-8"); | |
const validatedToken = await validateAndParseCsrfToken(csrfToken, locals.sessionId); | |
if (!validatedToken) { | |
throw error(403, "Invalid or expired CSRF token"); | |
} | |
const { userData } = await getOIDCUserData({ redirectURI: validatedToken.redirectUrl }, code); | |
await updateUser({ userData, locals, cookies }); | |
throw redirect(302, `${base}/`); | |
} | |