feat: implement GitHub OAuth flow with enhanced error handling and user info retrieval

Author: kingRayhan

src/app/api/auth/github/callback/route.ts

@@ -1,63 +1,63 @@
 import { GithubOAuthService } from "@/backend/services/oauth/GithubOAuthService";
-import { ActionException } from "@/backend/services/RepositoryException";
 import * as sessionActions from "@/backend/services/session.actions";
 import * as userActions from "@/backend/services/user.action";
 import { NextResponse } from "next/server";
 
 const githubOAuthService = new GithubOAuthService();
 
 export async function GET(request: Request) {
-  try {
-    const url = new URL(request.url);
-    const code = url.searchParams.get("code");
-    const state = url.searchParams.get("state");
-    const afterAuthRedirect = await sessionActions.getAfterAuthRedirect();
-
-    if (code === null || state === null) {
-      return NextResponse.json({ error: "Please restart the process." });
-    }
-
-    const githubUser = await githubOAuthService.getUserInfo(code!, state!);
-
-    const bootedSocialUser = await userActions.bootSocialUser({
-      service: "github",
-      service_uid: githubUser.id.toString(),
-      name: githubUser.name,
-      username: githubUser.login,
-      email: githubUser.email,
-      profile_photo: githubUser.avatar_url,
-      bio: githubUser.bio,
-    });
+  const url = new URL(request.url);
+  const code = url.searchParams.get("code");
+  const state = url.searchParams.get("state");
+  const afterAuthRedirect = await sessionActions.getAfterAuthRedirect();
 
-    await sessionActions.createLoginSession({
-      user_id: bootedSocialUser?.user.id!,
-      request,
-    });
+  if (code === null || state === null) {
+    return NextResponse.json({ error: "Please restart the process." });
+  }
+
+  const githubUser = await githubOAuthService.getUserInfo(code!, state!);
+  if (!githubUser.success) {
+    return NextResponse.json(
+      { error: githubUser.error, type: `Can't fetch github user` },
+      { status: 500 }
+    );
+  }
+
+  const bootedSocialUser = await userActions.bootSocialUser({
+    service: "github",
+    service_uid: githubUser?.data.id?.toString(),
+    name: githubUser?.data?.login,
+    username: githubUser?.data?.login,
+    email: githubUser?.data.email,
+    profile_photo: githubUser?.data?.avatar_url,
+    bio: githubUser?.data?.bio ?? "",
+  });
+
+  if (!bootedSocialUser.success) {
+    return NextResponse.json(
+      { error: bootedSocialUser.error },
+      { status: 500 }
+    );
+  }
 
-    if (afterAuthRedirect) {
-      return new Response(null, {
-        status: 302,
-        headers: {
-          Location: afterAuthRedirect ?? "/",
-        },
-      });
-    }
+  await sessionActions.createLoginSession({
+    user_id: bootedSocialUser.data?.user.id!,
+    request,
+  });
 
+  if (afterAuthRedirect) {
     return new Response(null, {
       status: 302,
       headers: {
-        Location: "/",
+        Location: afterAuthRedirect ?? "/",
       },
     });
-  } catch (error) {
-    if (error instanceof ActionException) {
-      return NextResponse.json({ error: error.toString() }, { status: 400 });
-    }
-    if (error instanceof Error) {
-      return NextResponse.json(
-        { error: "Something went wrong" },
-        { status: 500 }
-      );
-    }
   }
+
+  return new Response(null, {
+    status: 302,
+    headers: {
+      Location: "/",
+    },
+  });
 }

src/backend/models/action-contracts.ts

@@ -0,0 +1,9 @@
+export type ActionResponse<T = any> =
+  | {
+      success: true | boolean;
+      data: T;
+    }
+  | {
+      success: false;
+      error: string;
+    };

src/backend/persistence/persistence-repositories.ts

@@ -16,7 +16,7 @@ import { pgClient } from "./clients";
 import { DatabaseTableName } from "./persistence-contracts";
 
 const repositoryConfig = {
-  logging: true,
+  // logging: true,
 };
 
 const userRepository = new Repository<User>(

src/backend/services/RepositoryException.ts

@@ -1,6 +1,41 @@
-import { zodErrorToString } from "@/lib/utils";
 import { z } from "zod";
 
+export const handleActionException = (
+  error: unknown
+): {
+  success: false;
+  error: string;
+} => {
+  console.log(JSON.stringify(error));
+  if (error instanceof z.ZodError) {
+    return {
+      success: false as const,
+      error: zodErrorToString(error),
+    };
+  }
+
+  if (error instanceof ActionException) {
+    console.log("Action exception:", error.message);
+    return {
+      success: false as const,
+      error: error.message,
+    };
+  }
+
+  if (error instanceof Error) {
+    console.log("Standard error:", error.message);
+    return {
+      success: false as const,
+      error: error.message,
+    };
+  }
+
+  return {
+    error: "An unknown error occurred",
+    success: false as const,
+  };
+};
+
 export class ActionException extends Error {
   constructor(message?: string, options?: ErrorOptions) {
     super(message, options);
@@ -12,16 +47,8 @@ export class ActionException extends Error {
   }
 }
 
-export const handleActionException = (error: any) => {
-  if (error instanceof ActionException) {
-    return error.toString();
-  }
-
-  if (error instanceof Error) {
-    return error.message;
-  }
-
-  if (error instanceof z.ZodError) {
-    throw new ActionException(zodErrorToString(error));
-  }
+export const zodErrorToString = (err: z.ZodError) => {
+  return err.errors.reduce((acc, curr) => {
+    return acc + curr.message + "\n";
+  }, "");
 };

src/backend/services/oauth/GithubOAuthService.ts

@@ -1,15 +1,20 @@
-import {generateRandomString} from "@/lib/utils";
-import {IGithubUser, IOAuthService} from "./oauth-contract";
-import {cookies} from "next/headers";
-import {env} from "@/env";
+import { env } from "@/env";
+import { generateRandomString } from "@/lib/utils";
+import { cookies } from "next/headers";
+import { ActionException, handleActionException } from "../RepositoryException";
+import {
+  GithubUserEmailAPIResponse,
+  IGithubUser,
+  IOAuthService,
+} from "./oauth-contract";
 
 export class GithubOAuthService implements IOAuthService<IGithubUser> {
   async getAuthorizationUrl(): Promise<string> {
     const state = generateRandomString(50);
     const params = new URLSearchParams({
       client_id: env.GITHUB_CLIENT_ID,
       redirect_uri: env.GITHUB_CALLBACK_URL,
-      scope: "user:email",
+      scope: "read:user,user:email",
       state,
     });
     const _cookies = await cookies();
@@ -23,25 +28,32 @@ export class GithubOAuthService implements IOAuthService<IGithubUser> {
     return `https://github.com/login/oauth/authorize?${params.toString()}`;
   }
 
-  async getUserInfo(code: string, state: string): Promise<IGithubUser> {
-    const _cookies = await cookies();
-    const storedState = _cookies.get("github_oauth_state")?.value ?? null;
+  async getUserInfo(code: string, state: string) {
+    try {
+      const _cookies = await cookies();
+      const storedState = _cookies.get("github_oauth_state")?.value ?? null;
 
-    if (code === null || state === null || storedState === null) {
-      throw new Error("Please restart the process.");
-    }
-    if (state !== storedState) {
-      throw new Error("Please restart the process.");
-    }
+      if (code === null || state === null || storedState === null) {
+        throw new ActionException("Please restart the process.");
+      }
+      if (state !== storedState) {
+        throw new ActionException("Please restart the process.");
+      }
 
-    const githubAccessToken = await validateGitHubCode(
-      code,
-      env.GITHUB_CLIENT_ID,
-      env.GITHUB_CLIENT_SECRET,
-      env.GITHUB_CALLBACK_URL
-    );
+      const githubAccessToken = await validateGitHubCode(
+        code,
+        env.GITHUB_CLIENT_ID,
+        env.GITHUB_CLIENT_SECRET,
+        env.GITHUB_CALLBACK_URL
+      );
 
-    return await getGithubUser(githubAccessToken.access_token);
+      return {
+        success: true as const,
+        data: await getGithubUser(githubAccessToken.access_token),
+      };
+    } catch (error) {
+      return handleActionException(error);
+    }
   }
 }
 
@@ -82,14 +94,23 @@ export const validateGitHubCode = async (
 };
 
 const getGithubUser = async (accessToken: string): Promise<IGithubUser> => {
-  const githubAPI = await fetch("https://api.github.com/user", {
-    headers: {
-      Authorization: `Bearer ${accessToken}`,
-    },
+  const userInfoAPI = await fetch("https://api.github.com/user", {
+    headers: { Authorization: `Bearer ${accessToken}` },
   });
-  if (!githubAPI.ok) {
-    throw new Error("Failed to get GitHub user");
+
+  const userEmailAPI = await fetch("https://api.github.com/user/emails", {
+    headers: { Authorization: `Bearer ${accessToken}` },
+  });
+
+  if (!userInfoAPI.ok || !userEmailAPI.ok) {
+    throw new ActionException("Failed to get GitHub user");
   }
 
-  return (await githubAPI.json()) as IGithubUser;
+  const user = (await userInfoAPI.json()) as IGithubUser;
+  const emails = (await userEmailAPI.json()) as GithubUserEmailAPIResponse[];
+
+  const primaryEmail = emails.find((e) => e.primary);
+  user.email = primaryEmail?.email!;
+
+  return user;
 };

src/backend/services/oauth/oauth-contract.ts

@@ -1,6 +1,8 @@
+import { ActionResponse } from "@/backend/models/action-contracts";
+
 export interface IOAuthService<T> {
   getAuthorizationUrl(state: string, clientId: string): Promise<string>;
-  getUserInfo(code: string, state: string): Promise<T>;
+  getUserInfo(code: string, state: string): Promise<ActionResponse<T>>;
 }
 
 export interface IGithubUser {
@@ -39,3 +41,10 @@ export interface IGithubUser {
   created_at: Date;
   updated_at: Date;
 }
+
+export interface GithubUserEmailAPIResponse {
+  email: string;
+  verified: boolean;
+  primary: boolean;
+  visibility: string;
+}

src/backend/services/session.actions.ts

@@ -21,14 +21,14 @@ import { UserSessionInput } from "./inputs/session.input";
  */
 export async function createLoginSession(
   _input: z.infer<typeof UserSessionInput.createLoginSessionInput>
-): Promise<void> {
+) {
   const _cookies = await cookies();
   const token = generateRandomString(120);
   try {
     const input =
       await UserSessionInput.createLoginSessionInput.parseAsync(_input);
     const agent = userAgent(input.request);
-    await persistenceRepository.userSession.insert([
+    const insertData = await persistenceRepository.userSession.insert([
       {
         token,
         user_id: input.user_id,
@@ -51,8 +51,12 @@ export async function createLoginSession(
       maxAge: 60 * 60 * 24 * 30,
       sameSite: "lax",
     });
+    return {
+      success: true as const,
+      data: insertData.rows,
+    };
   } catch (error) {
-    handleActionException(error);
+    return handleActionException(error);
   }
 }
 

src/backend/services/user.action.ts

@@ -10,6 +10,8 @@ import { drizzleClient } from "@/backend/persistence/clients";
 import { usersTable } from "@/backend/persistence/schemas";
 import { authID } from "./session.actions";
 import { filterUndefined } from "@/lib/utils";
+import { ActionResult } from "next/dist/server/app-render/types";
+import { ActionResponse } from "../models/action-contracts";
 
 /**
  * Creates or syncs a user account from a social login provider.
@@ -66,11 +68,11 @@ export async function bootSocialUser(
     }
 
     return {
-      user,
-      userSocial,
+      success: true as const,
+      data: { user, userSocial },
     };
   } catch (error) {
-    handleActionException(error);
+    return handleActionException(error);
   }
 }