28 lines
839 B
TypeScript
28 lines
839 B
TypeScript
export default defineEventHandler(async (event) => {
|
|
const config = useRuntimeConfig();
|
|
|
|
// Generate state for CSRF protection
|
|
const state = Math.random().toString(36).substring(7);
|
|
|
|
// Store state in session (you'll need to implement session storage)
|
|
setCookie(event, "oauth_state", state, {
|
|
httpOnly: true,
|
|
secure: true,
|
|
sameSite: "lax",
|
|
maxAge: 60 * 10, // 10 minutes
|
|
});
|
|
|
|
// Build OAuth authorization URL
|
|
const params = new URLSearchParams({
|
|
client_id: String(config.ghostguildClientId || ""),
|
|
redirect_uri: `${config.public.siteUrl}/api/auth/callback`,
|
|
response_type: "code",
|
|
scope: "read:user read:member",
|
|
state: state,
|
|
});
|
|
|
|
const authUrl = `${config.ghostguildApiUrl}/oauth/authorize?${params}`;
|
|
|
|
// Redirect to Ghost Guild OAuth
|
|
return sendRedirect(event, authUrl);
|
|
});
|