add: request object to generateStateFunction (#41)

Author: rmiraballes

README.md

@@ -78,6 +78,44 @@ fastify.register(oauthPlugin, {
 })
 ```
 
+## Set custom state
+
+The `generateStateFunction` accepts a function to generate the `state` parameter for the OAUTH flow. This function receives the Fastify's `request` object as parameter.
+When you set it, it is required to provide the function `checkStateFunction` also in order to validate the states generated.
+
+```js
+  const validStates = new Set()
+
+  fastify.register(oauthPlugin, {
+    name: 'facebookOAuth2',
+    credentials: {
+      client: {
+        id: '<CLIENT_ID>',
+        secret: '<CLIENT_SECRET>'
+      },
+      auth: oauthPlugin.FACEBOOK_CONFIGURATION
+    },
+    // register a fastify url to start the redirect flow
+    startRedirectPath: '/login/facebook',
+    // facebook redirect here after the user login
+    callbackUri: 'http://localhost:3000/login/facebook/callback',
+    // custom function to generate the state
+    generateStateFunction: (request) => {
+      const state = request.query.customCode
+      validStates.add(state)
+      return state
+    },
+    // custom function to check the state is valid
+    checkStateFunction: (returnedState, callback) => {
+      if (validStates.has(returnedState)) {
+        callback()
+        return
+      }
+      callback(new Error('Invalid state'))
+    }
+  })
+```
+
 ## Example
 
 See the [`example/`](./examples/) folder for more example.

index.js

@@ -55,7 +55,7 @@ const oauthPlugin = fp(function (fastify, options, next) {
   const startRedirectPath = options.startRedirectPath
 
   function startRedirectHandler (request, reply) {
-    const state = generateStateFunction()
+    const state = generateStateFunction(request)
     const urlOptions = Object.assign({}, callbackUriParams, {
       redirect_uri: callbackUri,
       scope: scope,

test.js

@@ -289,6 +289,47 @@ t.test('options.callbackUriParams', t => {
   })
 })
 
+t.test('options.generateStateFunction with request', t => {
+  t.plan(5)
+  const fastify = createFastify({ logger: true })
+
+  fastify.register(oauthPlugin, {
+    name: 'the-name',
+    credentials: {
+      client: {
+        id: 'my-client-id',
+        secret: 'my-secret'
+      },
+      auth: oauthPlugin.GITHUB_CONFIGURATION
+    },
+    startRedirectPath: '/login/github',
+    callbackUri: '/callback',
+    generateStateFunction: (request) => {
+      t.ok(request, 'the request param has been set')
+      return request.query.code
+    },
+    checkStateFunction: () => true,
+    scope: ['notifications']
+  })
+
+  t.tearDown(fastify.close.bind(fastify))
+
+  fastify.listen(0, function (err) {
+    t.error(err)
+
+    fastify.inject({
+      method: 'GET',
+      url: '/login/github',
+      query: { code: 'generated_code' }
+    }, function (err, responseStart) {
+      t.error(err)
+      t.equal(responseStart.statusCode, 302)
+      const matched = responseStart.headers.location.match(/https:\/\/github\.com\/login\/oauth\/authorize\?response_type=code&client_id=my-client-id&redirect_uri=%2Fcallback&scope=notifications&state=generated_code/)
+      t.ok(matched)
+    })
+  })
+})
+
 t.test('options.generateStateFunction should be an object', t => {
   t.plan(1)