change passport strategy to support oauth2

Author: kamicut

.prettierignore

@@ -0,0 +1 @@
+**

app/lib/osm.js

@@ -10,7 +10,7 @@ const url = require('url')
 const db = require('../db')
 const xml2js = require('xml2js')
 const InternalOAuthError = require('passport-oauth').InternalOAuthError
-const OSMStrategy = require('passport-openstreetmap').Strategy
+const OAuth2Strategy = require('passport-oauth2').Strategy
 
 const { serverRuntimeConfig, publicRuntimeConfig } = require('../../next.config')
 
@@ -23,8 +23,9 @@ function openstreetmap (req, res) {
   /**
    * override the userProfile method of OSMStrategy to allow for custom osm endpoints
    */
-  OSMStrategy.prototype.userProfile = function (token, tokenSecret, params, done) {
-    this._oauth.get(`${OSM_API}/api/0.6/user/details`, token, tokenSecret, function (err, body, res) {
+  OAuth2Strategy.prototype.userProfile = function (accessToken, done) {
+    this._oauth2.useAuthorizationHeaderforGET(true)
+    this._oauth2.get(`${OSM_API}/api/0.6/user/details`, accessToken, function (err, body, res) {
       if (err) { return done(new InternalOAuthError('failed to fetch user profile', err)) }
 
       var parser = new xml2js.Parser()
@@ -45,31 +46,31 @@ function openstreetmap (req, res) {
     })
   }
 
-  const strategy = new OSMStrategy({
-    requestTokenURL: `${OSM_API}/oauth/request_token`,
-    accessTokenURL: `${OSM_API}/oauth/access_token`,
-    userAuthorizationURL: `${OSM_DOMAIN}/oauth/authorize`,
-    consumerKey: OSM_CONSUMER_KEY,
-    consumerSecret: OSM_CONSUMER_SECRET,
+  const strategy = new OAuth2Strategy({
+    authorizationURL: `${OSM_DOMAIN}/oauth2/authorize`,
+    tokenURL: `${OSM_DOMAIN}/oauth2/token`,
+    clientID: OSM_CONSUMER_KEY,
+    scope: ['openid', 'read_prefs'],
+    clientSecret: OSM_CONSUMER_SECRET,
     callbackURL: `${publicRuntimeConfig.APP_URL}/oauth/openstreetmap/callback?login_challenge=${encodeURIComponent(challenge)}`
-  }, async (token, tokenSecret, profile, done) => {
+  }, async (accessToken, refreshToken, profile, done) => {
     let conn = await db()
     let [user] = await conn('users').where('id', profile.id)
     if (user) {
       const newProfile = R.mergeDeepRight(user.profile, profile)
       await conn('users').where('id', profile.id).update(
         {
-          'osmToken': token,
-          'osmTokenSecret': tokenSecret,
+          'osmToken': accessToken,
+          'osmTokenSecret': refreshToken,
           'profile': JSON.stringify(newProfile)
         }
       )
     } else {
       await conn('users').insert(
         {
           'id': profile.id,
-          'osmToken': token,
-          'osmTokenSecret': tokenSecret,
+          'osmToken': accessToken,
+          'osmTokenSecret': refreshToken,
           profile: JSON.stringify(profile)
         }
       )

next.config.js

@@ -8,7 +8,7 @@ module.exports = {
   serverRuntimeConfig: {
     NODE_ENV: process.env.NODE_ENV || 'development',
     OSM_DOMAIN: process.env.OSM_DOMAIN || 'https://www.openstreetmap.org',
-    OSM_API: process.env.OSM_API || process.env.OSM_DOMAIN || 'https://www.openstreetmap.org',
+    OSM_API: process.env.OSM_API || process.env.OSM_DOMAIN || 'https://api.openstreetmap.org',
     OSM_HYDRA_ID: process.env.OSM_HYDRA_ID || 'manage',
     OSM_HYDRA_SECRET: process.env.OSM_HYDRA_SECRET || 'manage-secret',
     OSM_CONSUMER_KEY: process.env.OSM_CONSUMER_KEY,
@@ -20,7 +20,7 @@ module.exports = {
     HYDRA_ADMIN_HOST: process.env.HYDRA_ADMIN_HOST || 'http://localhost:4445'
   },
   publicRuntimeConfig: {
-    APP_URL: process.env.APP_URL || 'http://localhost:8989',
+    APP_URL: process.env.APP_URL || 'http://127.0.0.1:8989',
     OSM_NAME: process.env.OSM_NAME || 'OSM'
   },
   onDemandEntries: {

package.json

@@ -41,7 +41,7 @@
     ]
   },
   "dependencies": {
-    "body-parser": "^1.19.1",
+    "body-parser": "^1.20.2",
     "chance": "^1.1.8",
     "compression": "^1.7.3",
     "connect-session-knex": "^2.1.1",
@@ -65,6 +65,7 @@
     "node-fetch": "^2.6.7",
     "passport-light": "^1.0.1",
     "passport-oauth": "^1.0.0",
+    "passport-oauth2": "^1.8.0",
     "passport-openstreetmap": "^0.1.2",
     "pg": "^8.7.1",
     "pino": "^5.17.0",