We have clarified our Privacy Statement even further. Please have a look at our changes.
Browse Source

Remove sign in with Google account

master
Jonas Lochmann 3 months ago
parent
commit
32d278bdd5
Signed by: Jonas Lochmann <git@inkompetenz.org> GPG Key ID: 8B8C9AEE10FA5B36
7 changed files with 2 additions and 277 deletions
  1. +0
    -3
      Readme.md
  2. +0
    -190
      package-lock.json
  3. +0
    -1
      package.json
  4. +0
    -1
      scripts/build-schemas.js
  5. +1
    -63
      src/api/auth.ts
  6. +0
    -4
      src/api/schema.ts
  7. +1
    -15
      src/api/validator.ts

+ 0
- 3
Readme.md View File

@@ -45,9 +45,6 @@ This fixes the causes of lint warnings (where possible).
- GOOGLE_PLAY_PUBLIC_KEY
- key for validating purchases
- purchases using google play don't work without it
- GOOGLE_SIGN_IN_CLIENT_ID
- token for validating sign in with google requests
- sign in with Google does not work without it
- MAIL_SENDER
- sender (for the from-field) for sent mails
- MAIL_TRANSPORT

+ 0
- 190
package-lock.json View File

@@ -246,14 +246,6 @@
"resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz",
"integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q=="
},
"abort-controller": {
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/abort-controller/-/abort-controller-3.0.0.tgz",
"integrity": "sha512-h8lQ8tacZYnR3vNQTgibj+tODHI5/+l06Au2Pcriv/Gmet0eaj4TwWH41sO9wnHDiQsEj19q0drzdWdeAHtweg==",
"requires": {
"event-target-shim": "5.0.1"
}
},
"accepts": {
"version": "1.3.5",
"resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.5.tgz",
@@ -288,14 +280,6 @@
"resolved": "https://registry.npmjs.org/after/-/after-0.8.2.tgz",
"integrity": "sha1-/ts5T58OAqqXaOcCvaI7UF+ufh8="
},
"agent-base": {
"version": "4.3.0",
"resolved": "https://registry.npmjs.org/agent-base/-/agent-base-4.3.0.tgz",
"integrity": "sha512-salcGninV0nPrwpGNn4VTXBb1SOuXQBiqbrNXoeizJsHrsL6ERFM2Ne3JUSBWRE6aeNJI2ROP/WEEIDUiDe3cg==",
"requires": {
"es6-promisify": "5.0.0"
}
},
"ajv": {
"version": "6.5.2",
"resolved": "https://registry.npmjs.org/ajv/-/ajv-6.5.2.tgz",
@@ -493,11 +477,6 @@
"resolved": "https://registry.npmjs.org/arraybuffer.slice/-/arraybuffer.slice-0.0.7.tgz",
"integrity": "sha512-wGUIVQXuehL5TCqQun8OW81jGzAWycqzFF8lFp+GOM5BXLYj3bKNsYC4daB7n6XjCqxQA/qgTJ+8ANR3acjrog=="
},
"arrify": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/arrify/-/arrify-2.0.1.tgz",
"integrity": "sha512-3duEwti880xqi4eAMN8AyR4a0ByT90zoYdLlevfrvU43vb0YZwZVfxOgxWrLXXXpyugL0hNZc9G6BiB5B3nUug=="
},
"asap": {
"version": "2.0.6",
"resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz",
@@ -682,11 +661,6 @@
"resolved": "https://registry.npmjs.org/base64-arraybuffer/-/base64-arraybuffer-0.1.5.tgz",
"integrity": "sha1-c5JncZI7Whl0etZmqlzUv5xunOg="
},
"base64-js": {
"version": "1.3.0",
"resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.3.0.tgz",
"integrity": "sha512-ccav/yGvoa80BQDljCxsmmQ3Xvx60/UpBIij5QN21W3wBi/hhIC9OoO+KLpu9IJTS9j4DRVJ3aDDF9cMSoa2lw=="
},
"base64id": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/base64id/-/base64id-1.0.0.tgz",
@@ -717,11 +691,6 @@
"callsite": "1.0.0"
}
},
"bignumber.js": {
"version": "7.2.1",
"resolved": "https://registry.npmjs.org/bignumber.js/-/bignumber.js-7.2.1.tgz",
"integrity": "sha512-S4XzBk5sMB+Rcb/LNcpzXr57VRTxgAvaAEDAl1AwRx27j00hT84O6OkteE7u8UB3NuaaygCRrEpqox4uDOrbdQ=="
},
"binary-extensions": {
"version": "1.11.0",
"resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-1.11.0.tgz",
@@ -880,11 +849,6 @@
}
}
},
"buffer-equal-constant-time": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz",
"integrity": "sha1-+OcRMvf/5uAaXJaXpMbz5I1cyBk="
},
"buffer-writer": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/buffer-writer/-/buffer-writer-2.0.0.tgz",
@@ -1591,14 +1555,6 @@
"safer-buffer": "2.1.2"
}
},
"ecdsa-sig-formatter": {
"version": "1.0.11",
"resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz",
"integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==",
"requires": {
"safe-buffer": "5.1.2"
}
},
"editions": {
"version": "1.3.4",
"resolved": "https://registry.npmjs.org/editions/-/editions-1.3.4.tgz",
@@ -1750,19 +1706,6 @@
}
}
},
"es6-promise": {
"version": "4.2.8",
"resolved": "https://registry.npmjs.org/es6-promise/-/es6-promise-4.2.8.tgz",
"integrity": "sha512-HJDGx5daxeIvxdBxvG2cb9g4tEvwIk3i8+nhX0yGrYmZUzbkdg8QbDevheDB8gd0//uPj4c1EQua8Q+MViT0/w=="
},
"es6-promisify": {
"version": "5.0.0",
"resolved": "https://registry.npmjs.org/es6-promisify/-/es6-promisify-5.0.0.tgz",
"integrity": "sha1-UQnWLz5W6pZ8S2NQWu8IKRyKUgM=",
"requires": {
"es6-promise": "4.2.8"
}
},
"escape-html": {
"version": "1.0.3",
"resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
@@ -1803,11 +1746,6 @@
"through": "2.3.8"
}
},
"event-target-shim": {
"version": "5.0.1",
"resolved": "https://registry.npmjs.org/event-target-shim/-/event-target-shim-5.0.1.tgz",
"integrity": "sha512-i/2XbnSz/uxRCU6+NdVJgKWDTM427+MqYbkQzD321DuCQJUqOuJKIA0IM2+W2xtYHdKOmZ4dR6fExsd4SXL+WQ=="
},
"execa": {
"version": "0.7.0",
"resolved": "https://registry.npmjs.org/execa/-/execa-0.7.0.tgz",
@@ -2137,11 +2075,6 @@
"resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.0.0.tgz",
"integrity": "sha1-1RQsDK7msRifh9OnYREGT4bIu/I="
},
"fast-text-encoding": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/fast-text-encoding/-/fast-text-encoding-1.0.0.tgz",
"integrity": "sha512-R9bHCvweUxxwkDwhjav5vxpFvdPGlVngtqmx4pIZfSUhM/Q4NiIUHB456BAf+Q1Nwu3HEZYONtu+Rya+af4jiQ=="
},
"fill-range": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/fill-range/-/fill-range-4.0.0.tgz",
@@ -2818,26 +2751,6 @@
"wide-align": "1.1.3"
}
},
"gaxios": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/gaxios/-/gaxios-2.0.1.tgz",
"integrity": "sha512-c1NXovTxkgRJTIgB2FrFmOFg4YIV6N/bAa4f/FZ4jIw13Ql9ya/82x69CswvotJhbV3DiGnlTZwoq2NVXk2Irg==",
"requires": {
"abort-controller": "3.0.0",
"extend": "3.0.2",
"https-proxy-agent": "2.2.1",
"node-fetch": "2.6.0"
}
},
"gcp-metadata": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/gcp-metadata/-/gcp-metadata-2.0.0.tgz",
"integrity": "sha512-BN6KUUWo6WLkDRst+Y7bqpXq1PYMrKUecNLRdZESp7oYtMjWcZdAM0UYvcip8wb0GXNO/j8Z8HTccK4iYtMvyQ==",
"requires": {
"gaxios": "2.0.1",
"json-bigint": "0.3.0"
}
},
"generate-function": {
"version": "2.3.1",
"resolved": "https://registry.npmjs.org/generate-function/-/generate-function-2.3.1.tgz",
@@ -2925,45 +2838,6 @@
"ini": "1.3.5"
}
},
"google-auth-library": {
"version": "4.2.2",
"resolved": "https://registry.npmjs.org/google-auth-library/-/google-auth-library-4.2.2.tgz",
"integrity": "sha512-PI8uGQMNIUgWL2upwsuDOjvJO1i9ON9MkvbZO44j7sIHeNmuUpwpP8YxKSGkmUh34L5V3xD9nS/0kgH0YY9qrQ==",
"requires": {
"arrify": "2.0.1",
"base64-js": "1.3.0",
"fast-text-encoding": "1.0.0",
"gaxios": "2.0.1",
"gcp-metadata": "2.0.0",
"gtoken": "3.0.1",
"jws": "3.2.2",
"lru-cache": "5.1.1",
"semver": "6.1.1"
},
"dependencies": {
"lru-cache": {
"version": "5.1.1",
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz",
"integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==",
"requires": {
"yallist": "3.0.3"
}
},
"semver": {
"version": "6.1.1",
"resolved": "https://registry.npmjs.org/semver/-/semver-6.1.1.tgz",
"integrity": "sha512-rWYq2e5iYW+fFe/oPPtYJxYgjBm8sC4rmoGdUOgBB7VnwKt6HrL793l2voH1UlsyYZpJ4g0wfjnTEO1s1NP2eQ=="
}
}
},
"google-p12-pem": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/google-p12-pem/-/google-p12-pem-2.0.0.tgz",
"integrity": "sha512-n8eGSKzWOb9/EmSBIh81sPvsQM939QlpHMXahTZDzuRIpCu09x3Oaqz+mXGjL4TeCvSbcnOC0YZRvjkJ9s9lnA==",
"requires": {
"node-forge": "0.8.5"
}
},
"got": {
"version": "6.7.1",
"resolved": "https://registry.npmjs.org/got/-/got-6.7.1.tgz",
@@ -2988,24 +2862,6 @@
"resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.1.11.tgz",
"integrity": "sha1-Dovf5NHduIVNZOBOp8AOKgJuVlg="
},
"gtoken": {
"version": "3.0.1",
"resolved": "https://registry.npmjs.org/gtoken/-/gtoken-3.0.1.tgz",
"integrity": "sha512-/bOZFfO6c+BC2IoOrvV+NKfEWQ1CCycrWG55Ix8ZfO/tTM0iGg9ojoQUWPbH5QS+vf+JoQYeTJ0zS+EDCP5M9w==",
"requires": {
"gaxios": "2.0.1",
"google-p12-pem": "2.0.0",
"jws": "3.2.2",
"mime": "2.4.4"
},
"dependencies": {
"mime": {
"version": "2.4.4",
"resolved": "https://registry.npmjs.org/mime/-/mime-2.4.4.tgz",
"integrity": "sha512-LRxmNwziLPT828z+4YkNzloCFC2YM4wrB99k+AV5ZbEyfGNWfG8SO1FUXLmLDBSo89NrJZ4DIWeLjy1CHGhMGA=="
}
}
},
"har-schema": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/har-schema/-/har-schema-2.0.0.tgz",
@@ -3198,15 +3054,6 @@
"sshpk": "1.14.2"
}
},
"https-proxy-agent": {
"version": "2.2.1",
"resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-2.2.1.tgz",
"integrity": "sha512-HPCTS1LW51bcyMYbxUIOO4HEOlQ1/1qRaFWcyxvwaqUS9TY88aoEuHUY33kuAh1YhVVaDQhLZsnPd+XNARWZlQ==",
"requires": {
"agent-base": "4.3.0",
"debug": "3.1.0"
}
},
"i18n": {
"version": "0.8.3",
"resolved": "https://registry.npmjs.org/i18n/-/i18n-0.8.3.tgz",
@@ -3619,14 +3466,6 @@
"integrity": "sha1-peZUwuWi3rXyAdls77yoDA7y9RM=",
"optional": true
},
"json-bigint": {
"version": "0.3.0",
"resolved": "https://registry.npmjs.org/json-bigint/-/json-bigint-0.3.0.tgz",
"integrity": "sha1-DM2RLEuCcNBfBW+9E4FLU9OCWx4=",
"requires": {
"bignumber.js": "7.2.1"
}
},
"json-schema": {
"version": "0.2.3",
"resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz",
@@ -3713,25 +3552,6 @@
}
}
},
"jwa": {
"version": "1.4.1",
"resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.1.tgz",
"integrity": "sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==",
"requires": {
"buffer-equal-constant-time": "1.0.1",
"ecdsa-sig-formatter": "1.0.11",
"safe-buffer": "5.1.2"
}
},
"jws": {
"version": "3.2.2",
"resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz",
"integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==",
"requires": {
"jwa": "1.4.1",
"safe-buffer": "5.1.2"
}
},
"kind-of": {
"version": "6.0.2",
"resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz",
@@ -4287,16 +4107,6 @@
"resolved": "https://registry.npmjs.org/nice-try/-/nice-try-1.0.5.tgz",
"integrity": "sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ=="
},
"node-fetch": {
"version": "2.6.0",
"resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.0.tgz",
"integrity": "sha512-8dG4H5ujfvFiqDmVu9fQ5bOHUC15JMjMY/Zumv26oOvvVJjM67KF8koCWIabKQ1GJIa9r2mMZscBq/TbdOcmNA=="
},
"node-forge": {
"version": "0.8.5",
"resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.8.5.tgz",
"integrity": "sha512-vFMQIWt+J/7FLNyKouZ9TazT74PRV3wgv9UT4cRjC8BffxFbKXkgIWR42URCPSnHm/QDz6BOlb2Q0U4+VQT67Q=="
},
"node-pre-gyp": {
"version": "0.11.0",
"resolved": "https://registry.npmjs.org/node-pre-gyp/-/node-pre-gyp-0.11.0.tgz",

+ 0
- 1
package.json View File

@@ -48,7 +48,6 @@
"email-templates": "^5.0.4",
"escape-html": "^1.0.3",
"express": "^4.16.3",
"google-auth-library": "^4.2.2",
"http-errors": "^1.7.0",
"iab_verifier": "^0.1.2",
"lodash": "^4.17.11",

+ 0
- 1
scripts/build-schemas.js View File

@@ -25,7 +25,6 @@ const randomString = 'WK9fxjlOcM'
const types = [
'ClientPushChangesRequest',
'ClientPullChangesRequest',
'SignInWithGoogleRequest',
'MailAuthTokenRequestBody',
'CreateFamilyByMailTokenRequest',
'SignIntoFamilyRequest',

+ 1
- 63
src/api/auth.ts View File

@@ -17,79 +17,17 @@

import { json } from 'body-parser'
import { Router } from 'express'
import { OAuth2Client } from 'google-auth-library'
import { BadRequest } from 'http-errors'
import { Database } from '../database'
import { createAuthTokenByMailAddress } from '../function/authentication'
import { sendLoginCode, signInByMailCode } from '../function/authentication/login-by-mail'
import {
isSendMailLoginCodeRequest,
isSignInByMailCodeRequest,
isSignInWithGoogleRequest
isSignInByMailCodeRequest
} from './validator'

const CLIENT_ID = process.env.GOOGLE_SIGN_IN_CLIENT_ID || ''
const client = new OAuth2Client(CLIENT_ID)

const getMailByGoogleAuthToken = async (idToken: string) => {
const ticket = await client.verifyIdToken({
idToken,
audience: CLIENT_ID
})

if (!ticket) {
throw new BadRequest()
}

const payload = ticket.getPayload()

if (!payload) {
throw new BadRequest()
}

if (!payload.email_verified) {
throw new BadRequest()
}

const mail = payload.email

if (!mail) {
throw new BadRequest()
}

if (!(
mail.endsWith('@gmail.com') ||
mail.endsWith('@googlemail.com')
)) {
throw new BadRequest()
}

return mail
}

export const createAuthRouter = (database: Database) => {
const router = Router()

router.post('/sign-in-with-google', json(), async (req, res, next) => {
try {
if (!isSignInWithGoogleRequest(req.body)) {
res.sendStatus(400)
return
}

const { googleAuthToken } = req.body

const mail = await getMailByGoogleAuthToken(googleAuthToken)
const mailAuthToken = await createAuthTokenByMailAddress({ mail, database })

res.json({
mailAuthToken
})
} catch (ex) {
next(ex)
}
})

router.post('/send-mail-login-code', json(), async (req, res, next) => {
try {
if (!isSendMailLoginCodeRequest(req.body)) {

+ 0
- 4
src/api/schema.ts View File

@@ -34,10 +34,6 @@ export interface ClientPullChangesRequest {
status: ClientDataStatus
}

export interface SignInWithGoogleRequest {
googleAuthToken: string
}

export interface MailAuthTokenRequestBody {
mailAuthToken: string
}

+ 1
- 15
src/api/validator.ts View File

@@ -1,5 +1,5 @@
// tslint:disable
import { ClientPushChangesRequest, ClientPullChangesRequest, SignInWithGoogleRequest, MailAuthTokenRequestBody, CreateFamilyByMailTokenRequest, SignIntoFamilyRequest, RecoverParentPasswordRequest, CanRecoverPasswordRequest, RegisterChildDeviceRequest, SerializedParentAction, SerializedAppLogicAction, SerializedChildAction, CreateRegisterDeviceTokenRequest, CanDoPurchaseRequest, FinishPurchaseByGooglePlayRequest, LinkParentMailAddressRequest, UpdatePrimaryDeviceRequest, RemoveDeviceRequest, RequestWithAuthToken, SendMailLoginCodeRequest, SignInByMailCodeRequest } from './schema'
import { ClientPushChangesRequest, ClientPullChangesRequest, MailAuthTokenRequestBody, CreateFamilyByMailTokenRequest, SignIntoFamilyRequest, RecoverParentPasswordRequest, CanRecoverPasswordRequest, RegisterChildDeviceRequest, SerializedParentAction, SerializedAppLogicAction, SerializedChildAction, CreateRegisterDeviceTokenRequest, CanDoPurchaseRequest, FinishPurchaseByGooglePlayRequest, LinkParentMailAddressRequest, UpdatePrimaryDeviceRequest, RemoveDeviceRequest, RequestWithAuthToken, SendMailLoginCodeRequest, SignInByMailCodeRequest } from './schema'
const Ajv = require('ajv')
const ajv = new Ajv()

@@ -1369,20 +1369,6 @@ export const isClientPullChangesRequest: (value: object) => value is ClientPullC
"definitions": definitions,
"$schema": "http://json-schema.org/draft-07/schema#"
})
export const isSignInWithGoogleRequest: (value: object) => value is SignInWithGoogleRequest = ajv.compile({
"type": "object",
"properties": {
"googleAuthToken": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"googleAuthToken"
],
"definitions": definitions,
"$schema": "http://json-schema.org/draft-07/schema#"
})
export const isMailAuthTokenRequestBody: (value: object) => value is MailAuthTokenRequestBody = ajv.compile({
"type": "object",
"properties": {

Loading…
Cancel
Save