「Googleでログイン」を実装する #19

Author: sinproject-iwasaki

.vscode/settings.json

@@ -1,8 +1,10 @@
 {
 	"cSpell.words": [
+		"builtins",
 		"instanceof",
 		"minlength",
 		"onfocus",
+		"signin",
 		"sveltejs",
 		"sveltekit"
 	]

src/routes/+layout.svelte

@@ -1,11 +1,9 @@
-<!-- 
 <script lang="ts">
 	import { page } from '$app/stores'
 </script>
- -->
 
 <svelte:head>
-	<title> SvelteKit Authentication</title>
+	<title>SvelteKit Authentication</title>
 </svelte:head>
 
 <!-- <nav>
@@ -21,6 +19,19 @@
 	{/if}
 </nav> -->
 
+
+
+{#if $page.url.pathname != '/login' && !$page.data.user}
+	<script src="https://accounts.google.com/gsi/client" async defer></script>
+	<div
+		id="g_id_onload"
+		data-client_id="417364210012-9h5sc3ccdt8gsi2e4o2n01j55bcg0grn.apps.googleusercontent.com"
+		data-login_uri="/pin_code?/google"
+		data-auto_select="false"
+		data-redirect_url={$page.url.pathname}
+	/>
+{/if}
+
 <main>
 	<slot />
-</main>
+</main>

src/routes/login/+page.svelte

@@ -1,23 +1,87 @@
 <script lang="ts">
+	import { browser } from '$app/environment'
 	import { page } from '$app/stores'
 	import { onMount } from 'svelte'
-	
+
 	let first_element: HTMLInputElement
 
 	const redirect_url = $page.url.searchParams.get('redirect_url') ?? ''
 	const encoded_redirect_url = encodeURIComponent(redirect_url)
 
+	// // NOTE: https://oc-technote.com/javascript/javascript-post-params-move-to-page/
+	// // eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/explicit-function-return-type
+	// function post(params: any) {
+	// 	const form = document.createElement('form')
+	// 	form.method = 'post'
+	// 	form.action = '/pin_code?/google'
+
+	// 	for (const key in params) {
+	// 		// eslint-disable-next-line no-prototype-builtins
+	// 		if (params.hasOwnProperty(key)) {
+	// 			const hiddenField = document.createElement('input')
+	// 			hiddenField.type = 'hidden'
+	// 			hiddenField.name = key
+	// 			hiddenField.value = params[key]
+
+	// 			form.appendChild(hiddenField)
+	// 		}
+	// 	}
+
+	// 	document.body.appendChild(form)
+	// 	form.submit()
+	// }
+
+	// function handleCredentialResponse(response: any): void {
+	// 	post({ credential: response.credential })
+	// }
+
 	onMount(() => {
-		document.onfocus = (event) => {
+		document.onfocus = (event): void => {
 			if (event.target instanceof HTMLInputElement) event.target.select()
 		}
 
 		first_element.select()
+
+		// google.accounts.id.initialize({
+		// 	client_id: '417364210012-9h5sc3ccdt8gsi2e4o2n01j55bcg0grn.apps.googleusercontent.com',
+		// 	callback: handleCredentialResponse,
+		// 	// auto_select: true
+		// })
+
+		// google.accounts.id.renderButton(
+		// 	document.getElementById('buttonDiv'),
+		// 	{ theme: 'outline', size: 'large', width: '240' } // customization attributes
+		// )
+
+		// google.accounts.id.prompt() // also display the One Tap dialog
 	})
 </script>
 
 <h1>Log in / Register</h1>
+{#if browser}
+	<script src="https://accounts.google.com/gsi/client" async defer></script>
+{/if}
+
+<div
+	id="g_id_onload"
+	data-client_id="417364210012-9h5sc3ccdt8gsi2e4o2n01j55bcg0grn.apps.googleusercontent.com"
+	data-login_uri="/pin_code?/google"
+	data-auto_prompt="true"
+	data-auto_select="true"
+/>
+<div
+	class="g_id_signin"
+	data-width="240"
+	data-type="standard"
+	data-size="large"
+	data-theme="outline"
+	data-text="sign_in_with"
+	data-shape="rectangular"
+	data-logo_alignment="left"
+/>
 
+<!-- <div id="buttonDiv" style="max-width:400" /> -->
+<br />
 <form method="POST" action="/pin_code?/login&redirect_url={encoded_redirect_url}">
 	<input type="email" name="email" placeholder="Email" required bind:this={first_element} />
 

src/routes/pin_code/+page.server.ts

@@ -3,7 +3,7 @@ import { db } from '$lib/database'
 import { NodemailerManager as NodeMailerManager } from '$lib/nodemailer_manager'
 import type { PageServerLoad } from '.svelte-kit/types/src/routes/$types'
 import type { User } from '@prisma/client'
-import { invalid, redirect, type Action, type Actions } from '@sveltejs/kit'
+import { invalid, redirect, type Actions } from '@sveltejs/kit'
 
 enum Roles {
 	admin = 'admin',
@@ -48,8 +48,8 @@ async function sendMail(user: User, pin_code: string): Promise<void> {
 async function findUser(email: string, can_register = true): Promise<User | undefined> {
 	const user = await db.user.findUnique({ where: { email } })
 
-	if (user) return user;
-	if (!can_register) return undefined;
+	if (user) return user
+	if (!can_register) return undefined
 
 	try {
 		return await db.user.create({
@@ -64,34 +64,52 @@ async function findUser(email: string, can_register = true): Promise<User | unde
 	}
 }
 
-async function login(request: Request, can_register = true): Promise<Action> {
-	const data = await request.formData()
-	const email = data.get('email')?.toString() ?? ''
+type GoogleCredential = {
+	sub: string
+	name: string
+	given_name: string
+	family_name: string
+	picture: string
+	email: string
+}
 
-	if (!email) throw redirect(302, '/')
+function decodeJwtResponse(credential: string): GoogleCredential {
+	const base64Url = credential.split('.')[1]
+	const base64 = base64Url?.replace(/-/g, '+').replace(/_/g, '/') ?? ''
+	const jsonPayload = decodeURIComponent(
+		atob(base64)
+			.split('')
+			.map(function (c) {
+				return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2)
+			})
+			.join('')
+	)
+	return JSON.parse(jsonPayload) as GoogleCredential
+}
 
-	const user = await findUser(email, can_register)
+export const actions: Actions = {
+	login: async ({ request }) => {
+		const data = await request.formData()
+		const email = data.get('email')?.toString() ?? ''
 
-	if (!user) return { success: true, email, missing: false, credentials: false }
+		if (!email) throw redirect(302, '/')
 
-	const pin_code = createPinCode()
-	console.log('sendmail')
-	sendMail(user, pin_code)
+		const user = await findUser(email, true)
 
-	const user_id = user.id
+		if (!user) return { credentials: true, email, missing: false, success: false }
 
-	const a = await db.authPin.upsert({
-		where: { user_id },
-		update: { pin_code },
-		create: { user_id, pin_code },
-	})
+		const pin_code = createPinCode()
+		sendMail(user, pin_code)
 
-	return { success: true, email, missing: false, credentials: false }
-}
+		const user_id = user.id
 
-export const actions: Actions = {
-	login: async ({ request }) => {
-		return await login(request)
+		await db.authPin.upsert({
+			where: { user_id },
+			update: { pin_code },
+			create: { user_id, pin_code },
+		})
+
+		return { success: true, email, missing: false, credentials: false }
 	},
 	submit: async ({ cookies, request }) => {
 		const data = await request.formData()
@@ -135,4 +153,38 @@ export const actions: Actions = {
 
 		return { success: true, email }
 	},
+	google: async ({ cookies, request }) => {
+		const data = await request.formData()
+		const credential = data.get('credential')?.toString() ?? ''
+
+		console.log('Encoded JWT ID token: ' + credential)
+
+		if (!credential) return invalid(400, { message: 'Invalid credential' })
+
+		const payload = decodeJwtResponse(credential)
+
+		console.log('ID ' + payload.sub)
+		console.log('Full Name: ' + payload.name)
+		console.log('Given Name: ' + payload.given_name)
+		console.log('Family Name: ' + payload.family_name)
+		console.log('Image URL: ' + payload.picture)
+		console.log('Email: ' + payload.email)
+
+		const email = payload.email as string
+		const user = await findUser(email, true)
+
+		if (!user) return { credentials: true, email, missing: false }
+
+		const user_id = user.id
+
+		const auth_token = await db.authToken.upsert({
+			where: { user_id },
+			update: { token: crypto.randomUUID() },
+			create: { user_id, token: crypto.randomUUID() },
+		})
+
+		new CookiesManager(cookies).setSessionId(auth_token.token)
+
+		redirect(302, '/login')
+	},
 }