feat(axiom): implement google auth

MFarabi619 · MFarabi619 · commit c8b77aaa63d6 · 2025-03-02T05:53:48.000-05:00
diff --git a/apps/axiom/src/payload.config.ts b/apps/axiom/src/payload.config.ts
@@ -2,10 +2,9 @@
 // github.com/jhb-software/payload-plugins/tree/main/geocoding
 import path from "node:path";
 // import { s3Storage } from '@payloadcms/storage-s3'
-// import {linkedinOAuth} from './endpoints/auth/linkedin'
 /* eslint-disable node/prefer-global/process */
 import { fileURLToPath } from "node:url";
-// import { googleOAuth } from '@cuhacking/cms/endpoints/auth/google'
+import { googleOAuth } from '@/cms/endpoints/auth/google'
 import {Brands} from "@/db/collections"
 import { Media, Users, Emails } from "@/db/collections/models";
 import {Website, SocialLinks} from "@/db/collections/globals";
@@ -119,7 +118,7 @@ export default buildConfig({
     //     endpoint: process.env.S3_ENDPOINT,
     //   },
     // }),
-    // googleOAuth,
+    googleOAuth,
     // linkedinOAuth
     // payloadCloudPlugin(),
   ],
diff --git a/libs/cms/endpoints/auth/google.ts b/libs/cms/endpoints/auth/google.ts
@@ -1,16 +1,13 @@
 import { PayloadRequest } from "payload";
 import { OAuth2Plugin, defaultGetToken } from "payload-oauth2";
 
-////////////////////////////////////////////////////////////////////////////////
-// Google OAuth
-////////////////////////////////////////////////////////////////////////////////
 export const googleOAuth = OAuth2Plugin({
   enabled:
     typeof process.env.GOOGLE_CLIENT_ID === "string" &&
     typeof process.env.GOOGLE_CLIENT_SECRET === "string",
   strategyName: "google",
   useEmailAsIdentity: true,
-  serverURL: process.env.NEXT_PUBLIC_URL || "http://localhost:3000",
+  serverURL: process.env.NEXT_PUBLIC_URL || "http://localhost:8000",
   clientId: process.env.GOOGLE_CLIENT_ID || "",
   clientSecret: process.env.GOOGLE_CLIENT_SECRET || "",
   authorizePath: "/oauth/google",
@@ -23,44 +20,98 @@ export const googleOAuth = OAuth2Plugin({
     "https://www.googleapis.com/auth/userinfo.profile",
   ],
   providerAuthorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth",
-  getUserInfo: async (accessToken: string, req: PayloadRequest) => {
-    const response = await fetch(
-      "https://www.googleapis.com/oauth2/v3/userinfo",
-      { headers: { Authorization: `Bearer ${accessToken}` } },
-    );
-    const user = await response.json();
-    return { email: user.email, sub: user.sub };
-  },
-  /**
-   * This param is optional to demonstrate how to customize your own
-   * `getToken` function (i.e. add hooks to run after getting the token)
-   * Leave this blank should you wish to use the default getToken function
-   */
+
+getUserInfo: async (accessToken: string, req: PayloadRequest) => {
+  const response = await fetch(
+     // https://cloud.google.com/identity-platform/docs/reference/rest/v1/UserInfo
+    "https://www.googleapis.com/oauth2/v3/userinfo",
+    { headers: { Authorization: `Bearer ${accessToken}` } }
+  );
+
+  const user = await response.json();
+
+// const existingUser = await req.payload.find({
+//         collection: 'users',
+//         where: {
+//           email: {
+//             equals: req.user?.email,
+//           },
+//         },
+//         limit: 1,
+//       })
+
+//       if (!existingUser.docs || existingUser.docs.length === 0) {
+//         console.log('Creating new user for:', req.user)
+
+//         const newUser = await req.payload.create({
+//           collection: 'users',
+//           data: {
+//             email: req.user?.email,
+//             displayName: req.user?.displayName,
+//             mediaUrl: req.user?.photoUrl
+//             // roles: ['hacker'],
+//           },
+//         })
+//         return {
+//           ...newUser,
+//           // roles: ['customer'],
+//         }
+//       }
+
+//   console.log('Found existing user:', existingUser.docs[0])
+//       const userFromDB = existingUser.docs[0]
+
+  return {
+      email: user.email,
+      displayName: user.name,
+    firstName: user.given_name,
+    lastName: user.family_name,
+      mediaUrl: user.photoUrl,
+      googleSub: user.sub,
+      googleEmailVerified: user.email_verified,
+  };
+},
   getToken: async (code: string, req: PayloadRequest) => {
-    const redirectUri = `${process.env.NEXT_PUBLIC_URL || "http://localhost:3000"}/api/users/oauth/google/callback`;
+    const redirectUri = `${process.env.NEXT_PUBLIC_URL || "http://localhost:8000"}/api/users/oauth/google/callback`;
     const token = await defaultGetToken(
       "https://oauth2.googleapis.com/token",
       process.env.GOOGLE_CLIENT_ID || "",
       process.env.GOOGLE_CLIENT_SECRET || "",
       redirectUri,
       code,
     );
+
     ////////////////////////////////////////////////////////////////////////////
     // Consider this section afterToken hook
     ////////////////////////////////////////////////////////////////////////////
-    req.payload.logger.info("Received token: ${token} 👀");
+    // req.payload.logger.info(`Received token: ${token} 👀`);
+
     if (req.user) {
       req.payload.update({
         collection: "users",
-        id: req.user.id,
-        data: {},
+        data: {
+    email: req.user?.email,
+    firstName: req.user.given_name,
+    lastName: req.user.family_name,
+      mediaUrl: req.user.photoUrl,
+      googleSub: req.user.sub,
+      googleEmailVerified: req.user.email_verified,
+        },
       });
-    }
+    };
 
     return token;
   },
-  successRedirect: (req) => {
+
+  successRedirect: (req: PayloadRequest, accessToken?: string) => {
     return "/admin";
+ // const user = req.user
+ //    if (user && Array.isArray(user.roles)) {
+ //      if (user.roles.includes('admin')) {
+ //        return '/admin'
+ //      }
+ //    }
+ //    return '/' // Default redirect for customers
   },
   failureRedirect: (req, err) => {
     req.payload.logger.error(err);
diff --git a/libs/cms/endpoints/index.ts b/libs/cms/endpoints/index.ts
@@ -0,0 +1 @@
+export * from './auth'
diff --git a/libs/db/collections/models/Users.ts b/libs/db/collections/models/Users.ts
@@ -35,8 +35,6 @@ export const Users: CollectionConfig = {
     useAsTitle: 'displayName',
     defaultColumns: [
       'displayName',
-      // "firstName",
-      // "lastName",
       'pronouns',
       'email',
       'updatedAt',
@@ -175,6 +173,45 @@ export const Users: CollectionConfig = {
         { name: 'emergencyContactEmailAddress', type: 'email', label: 'Email Address' },
       ],
     },
+    {
+      name: 'linkedinSub',
+      type: 'text',
+      admin: {
+        readOnly: true,
+      //   condition: (data, siblingData, { user }) => {
+      //     return false
+      },
+    },
+    {
+      name: 'linkedinEmailVerified',
+      type: 'text',
+      admin: {
+        readOnly: true,
+      },
+    },
+    {
+      name: 'linkedinLocale',
+      type: 'text',
+      admin: {
+        readOnly: true,
+      },
+    },
+    {
+      name: 'googleSub',
+      type: 'text',
+      admin: {
+        readOnly: true,
+      //   condition: (data, siblingData, { user }) => {
+      //     return false
+      },
+    },
+    {
+      name: 'googleEmailVerified',
+      type: 'text',
+      admin: {
+        readOnly: true,
+      },
+    },
   ],
   timestamps: true,
 }
