sapling/eden/contrib/reviewstack.dev/functions/_oauth/callback.ts at 5718962ea295d2c99298069b82fd86766609fa70 · facebook/sapling · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
interface GitHubTokenResponse {
  access_token?: string;
  error?: string;
  error_description?: string;
}

export const onRequestGet: PagesFunction<{ CLIENT_ID: string; CLIENT_SECRET: string }> = async (context) => {
  const url = new URL(context.request.url);
  const code = url.searchParams.get('code');

  if (!code) {
    return new Response('Missing code parameter', { status: 400 });
  }

  const tokenResponse = await fetch('https://github.com/login/oauth/access_token', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'Accept': 'application/json',
    },
    body: JSON.stringify({
      client_id: context.env.CLIENT_ID,
      client_secret: context.env.CLIENT_SECRET,
      code,
    }),
  });

  const data: GitHubTokenResponse = await tokenResponse.json();

  if (data.error || !data.access_token) {
    const errorMsg = encodeURIComponent(data.error_description || data.error || 'Unknown error');
    return Response.redirect(`${url.origin}/?error=${errorMsg}`, 302);
  }

  // Redirect back to app with token in hash (not exposed to server logs)
  return Response.redirect(`${url.origin}/#token=${data.access_token}`, 302);
};