onedrive/utils/oAuthHandler.ts

import axios from 'axios'
import CryptoJS from 'crypto-js'

import apiConfig from '../config/api.json'

// Just a disguise to obfuscate required tokens (including but not limited to client secret,
// access tokens, and refresh tokens), used along with the following two functions
const AES_SECRET_KEY = 'onedrive-vercel-index'
export function obfuscateToken(token: string): string {
  // Encrypt token with AES
  const encrypted = CryptoJS.AES.encrypt(token, AES_SECRET_KEY)
  return encrypted.toString()
}
export function revealObfuscatedToken(obfuscated: string): string {
  // Decrypt SHA256 obfuscated token
  const decrypted = CryptoJS.AES.decrypt(obfuscated, AES_SECRET_KEY)
  return decrypted.toString(CryptoJS.enc.Utf8)
}

// Generate the Microsoft OAuth 2.0 authorization URL, used for requesting the authorisation code
export function generateAuthorisationUrl(): string {
  const { clientId, redirectUri, authApi } = apiConfig
  const authUrl = authApi.replace('/token', '/authorize')

  // Construct URL parameters for OAuth2
  const params = new URLSearchParams()
  params.append('client_id', clientId)
  params.append('redirect_uri', redirectUri)
  params.append('response_type', 'code')
  params.append('scope', 'files.readwrite offline_access')
  params.append('response_mode', 'query')

  return `${authUrl}?${params.toString()}`
}

// The code returned from the Microsoft OAuth 2.0 authorization URL is a request URL with hostname
// http://localhost and URL parameter code. This function extracts the code from the request URL
export function extractAuthCodeFromRedirected(url: string): string {
  // Return empty string if the url is not the defined redirect uri
  if (!url.startsWith(apiConfig.redirectUri)) {
    return ''
  }

  // New URL search parameter
  const params = new URLSearchParams(url.split('?')[1])
  return params.get('code') || ''
}

// After a successful authorisation, the code returned from the Microsoft OAuth 2.0 authorization URL
// will be used to request an access token. This function requests the access token with the authorisation code
// and returns the access token and refresh token on success.
export async function requestTokenWithAuthCode(
  code: string
): Promise<
  | { expiryTime: string; accessToken: string; refreshToken: string }
  | { error: string; errorDescription: string; errorUri: string }
> {
  const { clientId, redirectUri, authApi } = apiConfig
  const clientSecret = revealObfuscatedToken(apiConfig.obfuscatedClientSecret)

  // Construct URL parameters for OAuth2
  const params = new URLSearchParams()
  params.append('client_id', clientId)
  params.append('redirect_uri', redirectUri)
  params.append('client_secret', clientSecret)
  params.append('code', code)
  params.append('grant_type', 'authorization_code')

  // Request access token
  return axios
    .post(authApi, params, {
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
      },
    })
    .then(resp => {
      const { expires_in, access_token, refresh_token } = resp.data
      return { expiryTime: expires_in, accessToken: access_token, refreshToken: refresh_token }
    })
    .catch(err => {
      const { error, error_description, error_uri } = err.response.data
      return { error, errorDescription: error_description, errorUri: error_uri }
    })
}
oauth inside main project, with public client id and secret 2021-12-30 19:44:03 +00:00			`import axios from 'axios'`
			`import CryptoJS from 'crypto-js'`

			`import apiConfig from '../config/api.json'`

store access token and refresh token in serverless mem 2021-12-31 07:17:39 +00:00			`// Just a disguise to obfuscate required tokens (including but not limited to client secret,`
			`// access tokens, and refresh tokens), used along with the following two functions`
oauth inside main project, with public client id and secret 2021-12-30 19:44:03 +00:00			`const AES_SECRET_KEY = 'onedrive-vercel-index'`
store access token and refresh token in serverless mem 2021-12-31 07:17:39 +00:00			`export function obfuscateToken(token: string): string {`
oauth inside main project, with public client id and secret 2021-12-30 19:44:03 +00:00			`// Encrypt token with AES`
			`const encrypted = CryptoJS.AES.encrypt(token, AES_SECRET_KEY)`
			`return encrypted.toString()`
			`}`
			`export function revealObfuscatedToken(obfuscated: string): string {`
			`// Decrypt SHA256 obfuscated token`
			`const decrypted = CryptoJS.AES.decrypt(obfuscated, AES_SECRET_KEY)`
			`return decrypted.toString(CryptoJS.enc.Utf8)`
			`}`

store access token and refresh token in the file system /tmp 2021-12-31 04:17:00 +00:00			`// Generate the Microsoft OAuth 2.0 authorization URL, used for requesting the authorisation code`
oauth inside main project, with public client id and secret 2021-12-30 19:44:03 +00:00			`export function generateAuthorisationUrl(): string {`
			`const { clientId, redirectUri, authApi } = apiConfig`
			`const authUrl = authApi.replace('/token', '/authorize')`

			`// Construct URL parameters for OAuth2`
			`const params = new URLSearchParams()`
			`params.append('client_id', clientId)`
			`params.append('redirect_uri', redirectUri)`
			`params.append('response_type', 'code')`
			`params.append('scope', 'files.readwrite offline_access')`
			`params.append('response_mode', 'query')`

			return `${authUrl}?${params.toString()}`
			`}`

store access token and refresh token in the file system /tmp 2021-12-31 04:17:00 +00:00			`// The code returned from the Microsoft OAuth 2.0 authorization URL is a request URL with hostname`
			`// http://localhost and URL parameter code. This function extracts the code from the request URL`
oauth inside main project, with public client id and secret 2021-12-30 19:44:03 +00:00			`export function extractAuthCodeFromRedirected(url: string): string {`
			`// Return empty string if the url is not the defined redirect uri`
			`if (!url.startsWith(apiConfig.redirectUri)) {`
			`return ''`
			`}`

			`// New URL search parameter`
			`const params = new URLSearchParams(url.split('?')[1])`
			`return params.get('code') \|\| ''`
			`}`

store access token and refresh token in the file system /tmp 2021-12-31 04:17:00 +00:00			`// After a successful authorisation, the code returned from the Microsoft OAuth 2.0 authorization URL`
			`// will be used to request an access token. This function requests the access token with the authorisation code`
			`// and returns the access token and refresh token on success.`
oauth inside main project, with public client id and secret 2021-12-30 19:44:03 +00:00			`export async function requestTokenWithAuthCode(`
			`code: string`
			`): Promise<`
			`\| { expiryTime: string; accessToken: string; refreshToken: string }`
			`\| { error: string; errorDescription: string; errorUri: string }`
			`> {`
			`const { clientId, redirectUri, authApi } = apiConfig`
			`const clientSecret = revealObfuscatedToken(apiConfig.obfuscatedClientSecret)`

			`// Construct URL parameters for OAuth2`
			`const params = new URLSearchParams()`
			`params.append('client_id', clientId)`
			`params.append('redirect_uri', redirectUri)`
			`params.append('client_secret', clientSecret)`
			`params.append('code', code)`
			`params.append('grant_type', 'authorization_code')`

			`// Request access token`
			`return axios`
			`.post(authApi, params, {`
			`headers: {`
			`'Content-Type': 'application/x-www-form-urlencoded',`
			`},`
			`})`
			`.then(resp => {`
			`const { expires_in, access_token, refresh_token } = resp.data`
			`return { expiryTime: expires_in, accessToken: access_token, refreshToken: refresh_token }`
			`})`
			`.catch(err => {`
			`const { error, error_description, error_uri } = err.response.data`
			`return { error, errorDescription: error_description, errorUri: error_uri }`
			`})`
			`}`