Jennie Robinson Faber
8a529a8e7c
Add oidc-provider with MongoDB adapter so ghostguild.org can act as the identity provider for the self-hosted Outline wiki. Members authenticate via the existing magic-link flow, with automatic SSO when an active session exists. Includes interaction routes, well-known discovery endpoint, and login page.
81 lines
2.6 KiB
TypeScript
81 lines
2.6 KiB
TypeScript
/**
|
|
* Handle magic link login request during OIDC interaction flow.
|
|
*
|
|
* POST /oidc/interaction/login
|
|
* Body: { email: string, uid: string }
|
|
*
|
|
* Sends a magic link email. The link includes the OIDC interaction uid so the
|
|
* verify step can complete the interaction after authenticating.
|
|
*/
|
|
import jwt from "jsonwebtoken";
|
|
import { Resend } from "resend";
|
|
import Member from "../../../models/member.js";
|
|
import { connectDB } from "../../../utils/mongoose.js";
|
|
|
|
const resend = new Resend(process.env.RESEND_API_KEY);
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
await connectDB();
|
|
|
|
const body = await readBody(event);
|
|
const email = body?.email?.trim()?.toLowerCase();
|
|
const uid = body?.uid;
|
|
|
|
if (!email || !uid) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: "Email and interaction uid are required",
|
|
});
|
|
}
|
|
|
|
const GENERIC_MESSAGE =
|
|
"If this email is registered, we've sent a login link.";
|
|
|
|
const member = await (Member as any).findOne({ email });
|
|
if (!member) {
|
|
return { success: true, message: GENERIC_MESSAGE };
|
|
}
|
|
|
|
const config = useRuntimeConfig(event);
|
|
const token = jwt.sign(
|
|
{ memberId: member._id, oidcUid: uid },
|
|
config.jwtSecret,
|
|
{ expiresIn: "15m" }
|
|
);
|
|
|
|
const headers = getHeaders(event);
|
|
const baseUrl =
|
|
process.env.BASE_URL ||
|
|
`${headers.host?.includes("localhost") ? "http" : "https"}://${headers.host}`;
|
|
|
|
try {
|
|
await resend.emails.send({
|
|
from: "Ghost Guild <ghostguild@babyghosts.org>",
|
|
to: email,
|
|
subject: "Sign in to Ghost Guild Wiki",
|
|
html: `
|
|
<div style="font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto;">
|
|
<h2 style="color: #2563eb;">Sign in to the Ghost Guild Wiki</h2>
|
|
<p>Click the button below to sign in:</p>
|
|
<div style="text-align: center; margin: 30px 0;">
|
|
<a href="${baseUrl}/oidc/interaction/verify?token=${token}"
|
|
style="background-color: #2563eb; color: white; padding: 12px 24px; text-decoration: none; border-radius: 6px; display: inline-block;">
|
|
Sign In
|
|
</a>
|
|
</div>
|
|
<p style="color: #666; font-size: 14px;">
|
|
This link expires in 15 minutes. If you didn't request this, you can safely ignore this email.
|
|
</p>
|
|
</div>
|
|
`,
|
|
});
|
|
|
|
return { success: true, message: GENERIC_MESSAGE };
|
|
} catch (error) {
|
|
console.error("Failed to send OIDC login email:", error);
|
|
throw createError({
|
|
statusCode: 500,
|
|
statusMessage: "Failed to send login email. Please try again.",
|
|
});
|
|
}
|
|
});
|