Fix

2026-01-07 05:18:11 -05:00 · 2025-10-30 18:01:49 +01:00
parent e41bc64b0c
commit cae4b15bbb
8 changed files with 59 additions and 31 deletions
--- a/backend/api/src/app.ts
+++ b/backend/api/src/app.ts
@@ -69,6 +69,7 @@ import {IS_LOCAL} from "common/envs/constants";
 import {localSendTestEmail} from "api/test";
 import path from "node:path";
 import {saveSubscriptionMobile} from "api/save-subscription-mobile";
+import {authGoogle} from "api/auth-google";

 // const corsOptions: CorsOptions = {
 //   origin: ['*'], // Only allow requests from this domain
@@ -358,6 +359,7 @@ const handlers: { [k in APIPath]: APIHandler<k> } = {
  'save-subscription-mobile': saveSubscriptionMobile,
  'create-bookmarked-search': createBookmarkedSearch,
  'delete-bookmarked-search': deleteBookmarkedSearch,
+  'auth-google': authGoogle,
 }

 Object.entries(handlers).forEach(([path, handler]) => {
--- a/backend/api/src/auth-google.ts
+++ b/backend/api/src/auth-google.ts
@@ -0,0 +1,32 @@
+import {APIHandler} from './helpers/endpoint'
+import {GOOGLE_CLIENT_ID} from "common/constants";
+
+export const authGoogle: APIHandler<'auth-google'> = async (
+  {code},
+  _auth
+) => {
+  console.log('Google Auth Code:', code)
+  if (!code) return {success: false, result: {}}
+
+  const body = {
+    client_id: GOOGLE_CLIENT_ID,
+    client_secret: process.env.GOOGLE_CLIENT_SECRET!,
+    code: code as string,
+    grant_type: 'authorization_code',
+    redirect_uri: 'https://www.compassmeet.com/auth/callback',
+  };
+  console.log('Body:', body)
+  const tokenRes = await fetch('https://oauth2.googleapis.com/token', {
+    method: 'POST',
+    headers: {'Content-Type': 'application/x-www-form-urlencoded'},
+    body: new URLSearchParams(body),
+  });
+
+  const tokens = await tokenRes.json();
+  console.log('Google Tokens:', tokens);
+
+  return {
+    success: true,
+    result: {tokens},
+  }
+}
--- a/common/src/api/schema.ts
+++ b/common/src/api/schema.ts
@@ -733,6 +733,17 @@ export const API = (_apiTypeCheck = {
    summary: 'Delete a bookmarked search by ID',
    tag: 'Searches',
  },
+  'auth-google': {
+    method: 'GET',
+    authed: false,
+    rateLimited: true,
+    returns: {} as any,
+    props: z.object({
+      code: z.string(),
+    }),
+    summary: 'Google Auth',
+    tag: 'Authentication',
+  },
 } as const)

 export type APIPath = keyof typeof API
--- a/common/src/constants.ts
+++ b/common/src/constants.ts
@@ -24,3 +24,6 @@ export const IS_MAINTENANCE = false // set to true to enable the maintenance mod

 export const MIN_BIO_LENGTH = 250

+export const WEB_GOOGLE_CLIENT_ID = '253367029065-khkj31qt22l0vc3v754h09vhpg6t33ad.apps.googleusercontent.com'
+export const ANDROID_GOOGLE_CLIENT_ID = '253367029065-s9sr5vqgkhc8f7p5s6ti6a4chqsrqgc4.apps.googleusercontent.com'
+export const GOOGLE_CLIENT_ID = WEB_GOOGLE_CLIENT_ID
--- a/common/src/secrets.ts
+++ b/common/src/secrets.ts
@@ -26,6 +26,7 @@ export const secrets = (
    'VAPID_PUBLIC_KEY',
    'VAPID_PRIVATE_KEY',
    'DB_ENC_MASTER_KEY_BASE64',
+    'GOOGLE_CLIENT_SECRET',
    // Some typescript voodoo to keep the string literal types while being not readonly.
  ] as const
 ).concat()
--- a/web/lib/firebase/users.ts
+++ b/web/lib/firebase/users.ts
@@ -6,6 +6,7 @@ import {getAuth, GoogleAuthProvider, signInWithPopup} from 'firebase/auth'
 import {safeLocalStorage} from '../util/local'
 import {app} from './init'
 import {IS_LOCAL, WEB_URL} from "common/envs/constants";
+import {GOOGLE_CLIENT_ID} from "common/constants";

 dayjs.extend(utc)

@@ -69,10 +70,6 @@ async function generatePKCE() {
  return {codeVerifier, codeChallenge};
 }

-export const WEB_GOOGLE_CLIENT_ID = '253367029065-khkj31qt22l0vc3v754h09vhpg6t33ad.apps.googleusercontent.com'
-export const ANDROID_GOOGLE_CLIENT_ID = '253367029065-s9sr5vqgkhc8f7p5s6ti6a4chqsrqgc4.apps.googleusercontent.com'
-export const GOOGLE_CLIENT_ID = WEB_GOOGLE_CLIENT_ID
-
 /**
 * Authenticates a Firebase client running a webview APK on Android with Google OAuth.
 *
@@ -88,7 +85,7 @@ export async function webviewGoogleSignin() {
  localStorage.setItem('pkce_verifier', codeVerifier);

  const params = new URLSearchParams({
-    client_id: ANDROID_GOOGLE_CLIENT_ID,
+    client_id: GOOGLE_CLIENT_ID,
    redirect_uri: `${WEB_URL}/auth/callback`,
    response_type: 'code',
    scope: 'openid email profile',
--- a/web/pages/_app.tsx
+++ b/web/pages/_app.tsx
@@ -12,7 +12,7 @@ import clsx from 'clsx'
 import {initTracking} from 'web/lib/service/analytics'
 import WebPush from "web/lib/service/web-push";
 import AndroidPush from "web/lib/service/android-push";
-import {ANDROID_GOOGLE_CLIENT_ID} from "web/lib/firebase/users";
+import {unauthedApi} from "common/util/api";

 // See https://nextjs.org/docs/basic-features/font-optimization#google-fonts
 // and if you add a font, you must add it to tailwind config as well for it to work.
@@ -81,24 +81,9 @@ function MyApp({Component, pageProps}: AppProps<PageProps>) {
        return;
      }

-      const codeVerifier = localStorage.getItem('pkce_verifier');
-
-      const body = {
-        client_id: ANDROID_GOOGLE_CLIENT_ID,
-        code,
-        code_verifier: codeVerifier!,
-        redirect_uri: 'com.compassmeet:/auth',
-        grant_type: 'authorization_code',
-      }
-      console.log('Body:', body);
-      const tokenResponse = await fetch('https://oauth2.googleapis.com/token', {
-        method: 'POST',
-        headers: {'Content-Type': 'application/x-www-form-urlencoded'},
-        body: new URLSearchParams(body),
-      });
-
-      const tokens = await tokenResponse.json();
-      console.log('Tokens:', tokens);
+      const {result} = await unauthedApi('auth-google', {code})
+      console.log('/auth-google result', result);
+      //   google sign in
    }

    // Expose globally for native bridge
--- a/web/pages/auth/callback.tsx
+++ b/web/pages/auth/callback.tsx
@@ -1,21 +1,18 @@
 import {useEffect} from "react";
-import {GOOGLE_CLIENT_ID} from "web/lib/firebase/users";

 export default function GoogleAuthCallback() {
  useEffect(() => {
    async function fetchToken() {
      const params = new URLSearchParams(window.location.search);
-      console.log('/auth/callback code', params);
+      console.log('/auth/callback', params);
      const code = params.get('code');
-      const state = params.get('state');
-      console.log('/auth/callback code', code);
+      // const state = params.get('state');

      if (code) {
+        console.log('/auth/callback code', code);
        // Send code back to the native app
-        const deepLink = `com.compassmeet://auth?code=${encodeURIComponent(code)}&state=${encodeURIComponent(state || '')}`;
-        window.location.href = deepLink;
+        window.location.href = `com.compassmeet://auth?code=${encodeURIComponent(code)}}`;

-        //
        // const codeVerifier = localStorage.getItem('pkce_verifier');
        // const body = new URLSearchParams({
        //   client_id: GOOGLE_CLIENT_ID,