on peut seulement se login avec github ou discord ? : la car j'ai l'url

Author: softpython2884

src/app/api/auth/discord/oauth/callback/route.ts

@@ -1,7 +1,8 @@
 
 import { type NextRequest, NextResponse } from 'next/server';
-import { auth } from '@/lib/authEdge';
-import { storeUserDiscordToken } from '@/lib/db';
+import { storeUserDiscordToken, getUserByEmail, createUser } from '@/lib/db';
+import { createSessionForUser } from '@/lib/authService';
+import type { User } from '@/types';
 
 export async function GET(request: NextRequest) {
   const searchParams = request.nextUrl.searchParams;
@@ -14,40 +15,35 @@ export async function GET(request: NextRequest) {
 
   if (!DISCORD_CLIENT_ID || !DISCORD_CLIENT_SECRET || !NEXT_PUBLIC_APP_URL) {
     console.error('[Discord OAuth Callback] OAuth environment variables not configured.');
-    return NextResponse.redirect(new URL('/profile?error=oauth_config_error', request.url));
+    return NextResponse.redirect(new URL('/login?error=oauth_config_error', request.url));
   }
 
   const storedStateCookie = request.cookies.get('discord_oauth_state');
   request.cookies.delete('discord_oauth_state');
 
   if (!storedStateCookie) {
     console.error('[Discord OAuth Callback] Missing OAuth state cookie.');
-    return NextResponse.redirect(new URL('/profile?error=oauth_state_missing', request.url));
+    return NextResponse.redirect(new URL('/login?error=oauth_state_missing', request.url));
   }
 
   let storedStateData;
   try {
     storedStateData = JSON.parse(storedStateCookie.value);
   } catch (e) {
     console.error('[Discord OAuth Callback] Error parsing OAuth state cookie:', e);
-    return NextResponse.redirect(new URL('/profile?error=oauth_state_invalid_parse', request.url));
+    return NextResponse.redirect(new URL('/login?error=oauth_state_invalid_parse', request.url));
   }
 
   if (!stateFromDiscord || stateFromDiscord !== storedStateData.csrf) {
     console.error('[Discord OAuth Callback] OAuth state mismatch.');
-    return NextResponse.redirect(new URL('/profile?error=oauth_state_mismatch', request.url));
-  }
-
-  const session = await auth();
-  if (!session?.user?.uuid) {
-    console.error('[Discord OAuth Callback] No active FlowUp user session found.');
-    return NextResponse.redirect(new URL('/login?error=oauth_no_session', request.url));
+    return NextResponse.redirect(new URL('/login?error=oauth_state_mismatch', request.url));
   }
 
   if (!code) {
     const error = searchParams.get('error');
     const errorDescription = searchParams.get('error_description');
-    return NextResponse.redirect(new URL(`/profile?error=oauth_missing_code&discord_error=${error || ''}&discord_desc=${errorDescription || ''}`, request.url));
+    console.error(`[Discord OAuth Callback] Authorization failed on Discord's side. Error: ${error}, Desc: ${errorDescription}`);
+    return NextResponse.redirect(new URL(`/login?error=oauth_provider_error&message=${encodeURIComponent(errorDescription || error || "Unknown Discord error")}`, request.url));
   }
 
   try {
@@ -62,43 +58,71 @@ export async function GET(request: NextRequest) {
         grant_type: 'authorization_code',
         code,
         redirect_uri: `${NEXT_PUBLIC_APP_URL}/api/auth/discord/oauth/callback`,
+        scope: 'identify email',
       }),
     });
 
     if (!tokenResponse.ok) {
-        throw new Error(`Discord token exchange failed: ${await tokenResponse.text()}`);
+        const errorText = await tokenResponse.text();
+        console.error(`[Discord OAuth Callback] Discord token exchange failed: ${errorText}`);
+        throw new Error(`Discord token exchange failed: ${errorText}`);
     }
     const tokenData = await tokenResponse.json();
 
     const userResponse = await fetch('https://discord.com/api/users/@me', {
-        headers: {
-            Authorization: `Bearer ${tokenData.access_token}`,
-        },
+        headers: { Authorization: `Bearer ${tokenData.access_token}` },
     });
 
     if (!userResponse.ok) {
-        throw new Error(`Failed to fetch Discord user details: ${await userResponse.text()}`);
+        const errorText = await userResponse.text();
+        console.error(`[Discord OAuth Callback] Failed to fetch Discord user details: ${errorText}`);
+        throw new Error(`Failed to fetch Discord user details: ${errorText}`);
+    }
+    const discordUser = await userResponse.json();
+
+    if (!discordUser.email || !discordUser.verified) {
+      console.error(`[Discord OAuth Callback] User's Discord email is missing or not verified.`);
+      return NextResponse.redirect(new URL(`/login?error=discord_email_unverified`, request.url));
+    }
+
+    let appUser: (User & { hashedPassword?: string }) | null = await getUserByEmail(discordUser.email);
+
+    if (!appUser) {
+      // Signup
+      console.log(`[Discord OAuth Callback] No user found for email ${discordUser.email}. Creating new user.`);
+      const newUserInfo = await createUser(
+        discordUser.username,
+        discordUser.email
+      );
+      appUser = { ...newUserInfo }; // Add necessary properties if createUser returns a different shape
+    } else {
+      console.log(`[Discord OAuth Callback] Found existing user for email ${discordUser.email}. Logging in.`);
+    }
+
+    if (!appUser || !appUser.uuid) {
+      console.error("[Discord OAuth Callback] Failed to get or create a user in FlowUp DB.");
+      throw new Error("User session could not be established.");
     }
-    const userData = await userResponse.json();
 
-    await storeUserDiscordToken(session.user.uuid, {
+    const { hashedPassword, ...userToReturn } = appUser;
+    
+    // Create session and store token
+    await createSessionForUser(userToReturn);
+    await storeUserDiscordToken(userToReturn.uuid, {
         accessToken: tokenData.access_token,
         refreshToken: tokenData.refresh_token,
         expiresAt: Date.now() + tokenData.expires_in * 1000,
         scopes: tokenData.scope,
-        discordUserId: userData.id,
-        discordUsername: userData.username,
-        discordAvatar: userData.avatar,
+        discordUserId: discordUser.id,
+        discordUsername: discordUser.username,
+        discordAvatar: discordUser.avatar,
     });
 
-    const redirectPath = storedStateData.redirectTo || '/profile';
-    const redirectUrlObj = new URL(redirectPath, request.nextUrl.origin);
-    redirectUrlObj.searchParams.set('discord_oauth_status', 'success');
-    
-    return NextResponse.redirect(redirectUrlObj);
+    // Redirect to dashboard on successful login/signup
+    return NextResponse.redirect(new URL('/dashboard', request.url));
 
   } catch (error: any) {
-    console.error('[Discord OAuth Callback] Error:', error);
-    return NextResponse.redirect(new URL(`/profile?error=oauth_callback_error&message=${encodeURIComponent(error.message || 'Unknown error')}`, request.url));
+    console.error('[Discord OAuth Callback] Final catch block error:', error);
+    return NextResponse.redirect(new URL(`/login?error=oauth_callback_error&message=${encodeURIComponent(error.message || 'Unknown error')}`, request.url));
   }
 }

src/app/api/auth/discord/oauth/login/route.ts

@@ -31,9 +31,9 @@ export async function GET(request: NextRequest) {
   discordAuthUrl.searchParams.append('redirect_uri', `${NEXT_PUBLIC_APP_URL}/api/auth/discord/oauth/callback`);
   discordAuthUrl.searchParams.append('response_type', 'code');
   // Requesting 'identify' and 'email' for basic user profile information.
-  // The 'bot' scope should be requested in a separate flow if DM permissions are needed later.
   discordAuthUrl.searchParams.append('scope', 'identify email'); 
   discordAuthUrl.searchParams.append('state', state);
+  discordAuthUrl.searchParams.append('prompt', 'consent'); // Always ask for consent, useful for testing
 
   console.log('[Discord OAuth Login] Redirecting to Discord:', discordAuthUrl.toString());
   return NextResponse.redirect(discordAuthUrl.toString());

src/app/api/auth/github/oauth/callback/route.ts

@@ -1,8 +1,9 @@
 
 import { type NextRequest, NextResponse } from 'next/server';
-import { auth } from '@/lib/authEdge';
-import { storeUserGithubOAuthToken } from '@/lib/db';
 import { Octokit } from 'octokit';
+import { storeUserGithubOAuthToken, getUserByEmail, createUser } from '@/lib/db';
+import { createSessionForUser } from '@/lib/authService';
+import type { User } from '@/types';
 
 export async function GET(request: NextRequest) {
   const searchParams = request.nextUrl.searchParams;
@@ -15,97 +16,99 @@ export async function GET(request: NextRequest) {
 
   if (!GITHUB_CLIENT_ID || !GITHUB_CLIENT_SECRET || !NEXT_PUBLIC_APP_URL) {
     console.error('[GitHub OAuth Callback] OAuth environment variables not configured.');
-    return NextResponse.redirect(new URL('/dashboard?error=oauth_config_error', request.url));
+    return NextResponse.redirect(new URL('/login?error=oauth_config_error', request.url));
   }
 
   const storedStateCookie = request.cookies.get('github_oauth_state');
-  request.cookies.delete('github_oauth_state'); // Clean up state cookie
+  request.cookies.delete('github_oauth_state');
 
   if (!storedStateCookie) {
     console.error('[GitHub OAuth Callback] Missing OAuth state cookie.');
-    return NextResponse.redirect(new URL('/dashboard?error=oauth_state_missing', request.url));
+    return NextResponse.redirect(new URL('/login?error=oauth_state_missing', request.url));
   }
 
   let storedStateData;
   try {
     storedStateData = JSON.parse(storedStateCookie.value);
   } catch (e) {
     console.error('[GitHub OAuth Callback] Error parsing OAuth state cookie:', e);
-    return NextResponse.redirect(new URL('/dashboard?error=oauth_state_invalid_parse', request.url));
+    return NextResponse.redirect(new URL('/login?error=oauth_state_invalid_parse', request.url));
   }
 
   if (!stateFromGitHub || stateFromGitHub !== storedStateData.csrf) {
     console.error('[GitHub OAuth Callback] OAuth state mismatch.', { stateFromGitHub, storedStateCSRF: storedStateData.csrf });
-    return NextResponse.redirect(new URL('/dashboard?error=oauth_state_mismatch', request.url));
-  }
-
-  const session = await auth();
-  if (!session?.user?.uuid) {
-    console.error('[GitHub OAuth Callback] No active FlowUp user session found.');
-    return NextResponse.redirect(new URL('/login?error=oauth_no_session', request.url));
+    return NextResponse.redirect(new URL('/login?error=oauth_state_mismatch', request.url));
   }
 
   if (!code) {
-    console.error('[GitHub OAuth Callback] Missing authorization code from GitHub.');
     const error = searchParams.get('error');
     const errorDescription = searchParams.get('error_description');
-    return NextResponse.redirect(new URL(`/dashboard?error=oauth_missing_code&gh_error=${error || ''}&gh_desc=${errorDescription || ''}`, request.url));
+    console.error(`[GitHub OAuth Callback] Authorization failed on GitHub's side. Error: ${error}, Desc: ${errorDescription}`);
+    return NextResponse.redirect(new URL(`/login?error=oauth_provider_error&message=${encodeURIComponent(errorDescription || error || 'Unknown GitHub error')}`, request.url));
   }
 
   try {
-    console.log('[GitHub OAuth Callback] Exchanging code for access token...');
     const tokenResponse = await fetch('https://github.com/login/oauth/access_token', {
       method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        'Accept': 'application/json',
-      },
+      headers: { 'Content-Type': 'application/json', 'Accept': 'application/json' },
       body: JSON.stringify({
         client_id: GITHUB_CLIENT_ID,
         client_secret: GITHUB_CLIENT_SECRET,
-        code: code,
+        code,
         redirect_uri: `${NEXT_PUBLIC_APP_URL}/api/auth/github/oauth/callback`,
       }),
     });
 
     if (!tokenResponse.ok) {
-      const errorBody = await tokenResponse.text();
-      console.error('[GitHub OAuth Callback] Error exchanging code for token:', tokenResponse.status, errorBody);
-      throw new Error(`GitHub token exchange failed with status ${tokenResponse.status}: ${errorBody}`);
+      throw new Error(`GitHub token exchange failed: ${await tokenResponse.text()}`);
     }
-
     const tokenData = await tokenResponse.json();
-
     if (tokenData.error || !tokenData.access_token) {
-      console.error('[GitHub OAuth Callback] GitHub returned error or no access_token:', tokenData);
       throw new Error(tokenData.error_description || 'Failed to retrieve access token from GitHub.');
     }
 
+    const octokit = new Octokit({ auth: tokenData.access_token });
+    const { data: githubUser } = await octokit.rest.users.getAuthenticated();
+    
+    // Find primary, verified email
+    const { data: emails } = await octokit.rest.users.listEmailsForAuthenticatedUser();
+    const primaryEmail = emails.find(email => email.primary && email.verified)?.email;
+
+    if (!primaryEmail) {
+      return NextResponse.redirect(new URL('/login?error=github_no_verified_email', request.url));
+    }
+
+    let appUser: (User & { hashedPassword?: string }) | null = await getUserByEmail(primaryEmail);
+
+    if (!appUser) {
+      console.log(`[GitHub OAuth Callback] No user found for email ${primaryEmail}. Creating new user.`);
+      const newUserInfo = await createUser(githubUser.name || githubUser.login, primaryEmail);
+      appUser = { ...newUserInfo };
+    } else {
+      console.log(`[GitHub OAuth Callback] Found existing user for email ${primaryEmail}. Logging in.`);
+    }
+
+    if (!appUser || !appUser.uuid) {
+      throw new Error("User session could not be established after DB operation.");
+    }
+
+    const { hashedPassword, ...userToReturn } = appUser;
+    
+    await createSessionForUser(userToReturn);
     await storeUserGithubOAuthToken(
-      session.user.uuid,
+      userToReturn.uuid,
       tokenData.access_token,
       tokenData.scope,
       tokenData.token_type,
-      tokenData.refresh_token, // May not always be present
-      tokenData.expires_in    // May not always be present
+      tokenData.refresh_token,
+      tokenData.expires_in
     );
-    console.log(`[GitHub OAuth Callback] Stored OAuth token for FlowUp user ${session.user.uuid}.`);
-
-    // Determine redirect URL from stored state
-    let redirectPath = storedStateData.redirectTo || '/dashboard';
-    if (storedStateData.projectUuid) {
-        redirectPath = `/projects/${storedStateData.projectUuid}?tab=codespace&oauth_status=success`;
-    } else {
-        const redirectUrlObj = new URL(redirectPath, request.nextUrl.origin);
-        redirectUrlObj.searchParams.set('oauth_status', 'success');
-        redirectPath = `${redirectUrlObj.pathname}${redirectUrlObj.search}`;
-    }
 
-    console.log(`[GitHub OAuth Callback] Redirecting to: ${redirectPath}`);
-    return NextResponse.redirect(new URL(redirectPath, request.url));
+    console.log(`[GitHub OAuth Callback] Successfully logged in/signed up user ${userToReturn.email}. Redirecting to dashboard.`);
+    return NextResponse.redirect(new URL('/dashboard', request.url));
 
   } catch (error: any) {
     console.error('[GitHub OAuth Callback] Error in callback:', error);
-    return NextResponse.redirect(new URL(`/dashboard?error=oauth_callback_error&message=${encodeURIComponent(error.message || 'Unknown error')}`, request.url));
+    return NextResponse.redirect(new URL(`/login?error=oauth_callback_error&message=${encodeURIComponent(error.message || 'Unknown error')}`, request.url));
   }
 }

src/lib/authService.ts

@@ -6,6 +6,8 @@ import * as bcrypt from 'bcryptjs';
 import { createUser as dbCreateUser, getUserByEmail as dbGetUserByEmail, updateUserProfile as dbUpdateUserProfile, getUserByUuid as dbGetUserByUuid } from './db';
 import jwt from 'jsonwebtoken';
 import { cookies } from 'next/headers';
+import { auth } from '@/lib/authEdge';
+
 
 const AUTH_COOKIE_NAME = 'flowup_auth_token'; 
 
@@ -18,7 +20,7 @@ const getJwtSecretOrThrow = (): string => {
   return secret;
 };
 
-const generateTokenAndSetCookie = (user: Omit<User, 'hashedPassword'>) => {
+export const createSessionForUser = async (user: Omit<User, 'hashedPassword'>) => {
   const JWT_SECRET = getJwtSecretOrThrow();
   const tokenPayload = {
     uuid: user.uuid,
@@ -33,12 +35,14 @@ const generateTokenAndSetCookie = (user: Omit<User, 'hashedPassword'>) => {
       maxAge: 60 * 60 * 24 * 7, // 7 days
       sameSite: 'lax',
     });
-    console.log(`[authService.generateTokenAndSetCookie] Token generated and cookie set for user UUID: ${user.uuid}. Secure flag: ${process.env.NODE_ENV === 'production'}`);
+    console.log(`[authService.createSessionForUser] Session created for user UUID: ${user.uuid}.`);
   } catch (error) {
-     console.error("[authService.generateTokenAndSetCookie] Error setting cookie:", error);
+     console.error("[authService.createSessionForUser] Error setting cookie:", error);
+     throw new Error("Could not create user session.");
   }
 };
 
+
 export const login = async (email: string, password?: string): Promise<User | null> => {
   console.log('[authService.login] Attempting login for email:', email);
   if (!password) {
@@ -54,7 +58,7 @@ export const login = async (email: string, password?: string): Promise<User | nu
     const isValidPassword = await bcrypt.compare(password, userFromDb.hashedPassword);
     if (isValidPassword) {
       const { hashedPassword, ...userToReturn } = userFromDb;
-      generateTokenAndSetCookie(userToReturn);
+      await createSessionForUser(userToReturn);
       console.log('[authService.login] Login SUCCESSFUL for email:', email);
       return userToReturn;
     }
@@ -81,7 +85,7 @@ export const signup = async (name: string, email: string, password?: string, rol
     const newUser = await dbCreateUser(name, email, password, role);
     if (newUser) {
         const { hashedPassword, ...userToReturn } = newUser;
-        generateTokenAndSetCookie(userToReturn);
+        await createSessionForUser(userToReturn);
         console.log('[authService.signup] Signup SUCCESSFUL for email:', email, 'UUID:', userToReturn.uuid);
         return userToReturn;
     }
@@ -116,7 +120,7 @@ export const updateUserProfile = async (uuid: string, name: string, email: strin
         const session = await auth(); 
         if (session?.user?.uuid === userToReturn.uuid) {
             console.log('[authService.updateUserProfile] User data changed, re-issuing token for UUID:', userToReturn.uuid);
-            generateTokenAndSetCookie(userToReturn);
+            await createSessionForUser(userToReturn);
         }
         return userToReturn;
     }
@@ -138,6 +142,3 @@ export const getCurrentUserSession = async (): Promise<User | null> => {
   console.log('[authService.getCurrentUserSession] No active session found via auth().');
   return null;
 };
-
-import { auth } from '@/lib/authEdge';
-