feat: set oauth origin dynamically based on host header

nhost · Nov 3, 2023 · 4189efa · 4189efa
1 parent 59e588a
commit 4189efa
Show file tree

Hide file tree

Showing 4 changed files with 190 additions and 11 deletions.
diff --git a/Makefile b/Makefile
@@ -23,20 +23,20 @@ get-version:  ## Return version.
 
 
 .PHONY: dev
-dev: check-port install dev-env-up  ## Start development environment.
+dev: check-port dev-env-up  ## Start development environment.
 	bash -c "trap 'make dev-env-down' EXIT; pnpm dev:start"
 
 
 .PHONY: test
-test: check-port install dev-env-up ## Run end-to-end tests.
+test: check-port dev-env-up ## Run end-to-end tests.
 	pnpm test
 
 .PHONY: check-port
 check-port:
 	[ -z $$(lsof -t -i tcp:$(PORT)) ] || (echo "The port $(PORT) is already in use"; exit 1;)
 
 .PHONY: docgen
-docgen: check-port install dev-env-up ## Generate the openapi.json file.
+docgen: check-port dev-env-up ## Generate the openapi.json file.
 	AUTH_CLIENT_URL=https://my-app.com AUTH_LOG_LEVEL=error AUTH_ACCESS_CONTROL_ALLOWED_REDIRECT_URLS= pnpm dev &
 	while [ "$$(curl -s -o /dev/null -w ''%{http_code}'' http://localhost:$(PORT)/healthz)" != "200" ]; do sleep 1; done
 	curl http://localhost:$(PORT)/openapi.json | json_pp > docs/openapi.json
@@ -45,28 +45,27 @@ docgen: check-port install dev-env-up ## Generate the openapi.json file.
 
 
 .PHONY: watch
-watch: check-port install dev-env-up ## Start tests in watch mode.
+watch: check-port dev-env-up ## Start tests in watch mode.
 	bash -c "trap 'make dev-env-down' EXIT; pnpm test:watch"
 
 
 .PHONY: build
-build: 
+build:
 	docker build -t $(IMAGE) .
 
 
-.PHONY: dev-env-down 
+.PHONY: dev-env-down
 dev-env-up: ## Start required services (Hasura, Postgres, Mailhog).
-	docker-compose -f docker-compose.yaml up -d
+	docker compose -f docker-compose.yaml up -d
 	while [ "$$(curl -s -o /dev/null -w ''%{http_code}'' http://localhost:8080/healthz)" != "200" ]; do sleep 1; done
 	@echo "Hasura is ready";
 
 
 .PHONY: dev-env-down
 dev-env-down:  ## Stop required services (Hasura, Posgres, Mailhbg).
-	docker-compose -f docker-compose.yaml down
+	docker compose -f docker-compose.yaml down
 
 
 .PHONY: install
-install: 
+install:
 	pnpm install
-
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -0,0 +1,98 @@
+{
+  description = "Nhost Hasura Auth";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    nix-filter.url = "github:numtide/nix-filter";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = { self, nixpkgs, flake-utils, nix-filter }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        overlays = [
+          (final: prev: {
+            nodejs = prev.nodejs-18_x;
+          })
+        ];
+
+        pkgs = import nixpkgs {
+          inherit overlays system;
+        };
+
+        nix-src = nix-filter.lib.filter {
+          root = ./.;
+          include = [
+            (nix-filter.lib.matchExt "nix")
+          ];
+        };
+
+        node_modules = pkgs.stdenv.mkDerivation {
+          inherit version;
+
+          pname = "node_modules";
+
+          nativeBuildInputs = with pkgs; [
+            nodePackages.pnpm
+          ];
+
+          src = nix-filter.lib.filter {
+            root = ./.;
+            include = [
+              ./package.json
+              ./pnpm-lock.yaml
+            ];
+          };
+
+          buildPhase = ''
+            pnpm install
+          '';
+
+          installPhase = ''
+            mkdir -p $out
+            cp -r node_modules $out
+          '';
+        };
+
+
+        name = "hasura-auth";
+        version = "0.0.0-dev";
+
+        buildInputs = [ ];
+        nativeBuildInputs = with pkgs; [
+          nodePackages.pnpm
+        ];
+      in
+      {
+        checks = {
+          nixpkgs-fmt = pkgs.runCommand "check-nixpkgs-fmt"
+            {
+              nativeBuildInputs = with pkgs;
+                [
+                  nixpkgs-fmt
+                ];
+            }
+            ''
+              mkdir $out
+              nixpkgs-fmt --check ${nix-src}
+            '';
+
+        };
+
+        devShells = flake-utils.lib.flattenTree rec {
+          default = pkgs.mkShell {
+            buildInputs = with pkgs; [
+              nixpkgs-fmt
+              gnumake
+            ] ++ buildInputs ++ nativeBuildInputs;
+
+            shellHook = ''
+              export PATH=${node_modules}/node_modules/.bin:$PATH
+              rm -rf node_modules
+              ln -sf ${node_modules}/node_modules/ node_modules
+            '';
+          };
+        };
+      }
+    );
+}
diff --git a/src/routes/oauth/index.ts b/src/routes/oauth/index.ts
@@ -93,7 +93,7 @@ export const oauthProviders = Router()
    *
    * The redirect url has been set in the previous middleware and is available in the locals
    */
-  .all(`${OAUTH_ROUTE}/:provider`, ({ params: { provider } }, res, next) => {
+  .all(`${OAUTH_ROUTE}/:provider`, ({ headers, params: { provider } }, res, next) => {
     const redirectTo: string = res.locals.redirectTo;
     const providerConfig = grantConfig[provider];
     // * Check if provider is enabled
@@ -114,6 +114,11 @@ export const oauthProviders = Router()
         true
       );
     }
+
+    if ( headers.host ) {
+      providerConfig.origin = headers.host.split("/signin")[0];
+    }
+
     next();
   })