/** * OAuth Proxy Server for Challonge API * * This server handles OAuth token exchange and refresh for the Challonge API. * It keeps client_secret secure by running on the backend. * * Usage: * Development: node server/oauth-proxy.js * Production: Deploy as serverless function or Express app */ import 'dotenv/config'; import express from 'express'; import cors from 'cors'; import fetch from 'node-fetch'; const app = express(); const PORT = process.env.OAUTH_PROXY_PORT || 3001; // Environment variables (set in .env file) const CLIENT_ID = process.env.CHALLONGE_CLIENT_ID; const CLIENT_SECRET = process.env.CHALLONGE_CLIENT_SECRET; const REDIRECT_URI = process.env.CHALLONGE_REDIRECT_URI || 'http://localhost:5173/oauth/callback'; // Validate required environment variables if (!CLIENT_ID || !CLIENT_SECRET) { console.error('āŒ Missing required environment variables:'); console.error(' CHALLONGE_CLIENT_ID'); console.error(' CHALLONGE_CLIENT_SECRET'); console.error('\nSet these in your .env file or environment.'); process.exit(1); } app.use( cors({ origin: process.env.NODE_ENV === 'production' ? process.env.FRONTEND_URL : [ 'http://localhost:5173', 'http://localhost:5174', 'http://localhost:5175' ] }) ); app.use(express.json()); /** * Exchange authorization code for access token * POST /oauth/token */ app.post('/oauth/token', async (req, res) => { const { code } = req.body; if (!code) { return res.status(400).json({ error: 'Missing authorization code' }); } try { const response = await fetch('https://api.challonge.com/oauth/token', { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: new URLSearchParams({ grant_type: 'authorization_code', client_id: CLIENT_ID, client_secret: CLIENT_SECRET, code: code, redirect_uri: REDIRECT_URI }) }); const data = await response.json(); if (!response.ok) { console.error('Token exchange failed:', data); return res.status(response.status).json(data); } console.log('āœ… Token exchange successful'); res.json(data); } catch (error) { console.error('Token exchange error:', error); res.status(500).json({ error: 'Token exchange failed', message: error.message }); } }); /** * Refresh access token * POST /oauth/refresh */ app.post('/oauth/refresh', async (req, res) => { const { refresh_token } = req.body; if (!refresh_token) { return res.status(400).json({ error: 'Missing refresh token' }); } try { const response = await fetch('https://api.challonge.com/oauth/token', { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: new URLSearchParams({ grant_type: 'refresh_token', client_id: CLIENT_ID, client_secret: CLIENT_SECRET, refresh_token: refresh_token }) }); const data = await response.json(); if (!response.ok) { console.error('Token refresh failed:', data); return res.status(response.status).json(data); } console.log('āœ… Token refresh successful'); res.json(data); } catch (error) { console.error('Token refresh error:', error); res.status(500).json({ error: 'Token refresh failed', message: error.message }); } }); /** * Health check endpoint * GET /health */ app.get('/health', (req, res) => { res.json({ status: 'ok', service: 'oauth-proxy', configured: !!(CLIENT_ID && CLIENT_SECRET) }); }); app.listen(PORT, () => { console.log(`šŸ” OAuth Proxy Server running on http://localhost:${PORT}`); console.log(`šŸ“ Client ID: ${CLIENT_ID}`); console.log(`šŸ”— Redirect URI: ${REDIRECT_URI}`); console.log('\nāœ… Ready to handle OAuth requests'); });