fragginwagon/memory-infrastructure-palace
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4769193ae49a81fe383e39865a651b965f55a200
memory-infrastructure-palace/code/websites/pokedex.online/server/oauth-proxy.js

157 lines
4.0 KiB
JavaScript
Raw Blame History

/**
* OAuth Proxy Server for Challonge API
*
* This server handles OAuth token exchange and refresh for the Challonge API.
* It keeps client_secret secure by running on the backend.
*
* Usage:
* Development: node server/oauth-proxy.js
* Production: Deploy as serverless function or Express app
*/
import 'dotenv/config';
import express from 'express';
import cors from 'cors';
import fetch from 'node-fetch';
import gamemasterRouter from './gamemaster-api.js';
const app = express();
const PORT = process.env.OAUTH_PROXY_PORT || 3001;
// Environment variables (set in .env file)
const CLIENT_ID = process.env.CHALLONGE_CLIENT_ID;
const CLIENT_SECRET = process.env.CHALLONGE_CLIENT_SECRET;
const REDIRECT_URI =
process.env.CHALLONGE_REDIRECT_URI || 'http://localhost:5173/oauth/callback';
// Validate required environment variables
const hasChallongeAuth = CLIENT_ID && CLIENT_SECRET;
if (!hasChallongeAuth) {
console.warn('⚠️ Challonge OAuth credentials not configured:');
console.warn(' CHALLONGE_CLIENT_ID');
console.warn(' CHALLONGE_CLIENT_SECRET');
console.warn('\nChallonge OAuth endpoints will be disabled.');
console.warn('Gamemaster API will still work.\n');
}
app.use(
cors({
origin:
process.env.NODE_ENV === 'production'
? process.env.FRONTEND_URL
: [
'http://localhost:5173',
'http://localhost:5174',
'http://localhost:5175'
]
})
);
app.use(express.json());
app.use('/api/gamemaster', gamemasterRouter);
/**
* Exchange authorization code for access token
* POST /oauth/token
*/
app.post('/oauth/token', async (req, res) => {
const { code } = req.body;
if (!code) {
return res.status(400).json({ error: 'Missing authorization code' });
}
try {
const response = await fetch('https://api.challonge.com/oauth/token', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: new URLSearchParams({
grant_type: 'authorization_code',
client_id: CLIENT_ID,
client_secret: CLIENT_SECRET,
code: code,
redirect_uri: REDIRECT_URI
})
});
const data = await response.json();
if (!response.ok) {
console.error('Token exchange failed:', data);
return res.status(response.status).json(data);
}
console.log('✅ Token exchange successful');
res.json(data);
} catch (error) {
console.error('Token exchange error:', error);
res.status(500).json({
error: 'Token exchange failed',
message: error.message
});
}
});
/**
* Refresh access token
* POST /oauth/refresh
*/
app.post('/oauth/refresh', async (req, res) => {
const { refresh_token } = req.body;
if (!refresh_token) {
return res.status(400).json({ error: 'Missing refresh token' });
}
try {
const response = await fetch('https://api.challonge.com/oauth/token', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: new URLSearchParams({
grant_type: 'refresh_token',
client_id: CLIENT_ID,
client_secret: CLIENT_SECRET,
refresh_token: refresh_token
})
});
const data = await response.json();
if (!response.ok) {
console.error('Token refresh failed:', data);
return res.status(response.status).json(data);
}
console.log('✅ Token refresh successful');
res.json(data);
} catch (error) {
console.error('Token refresh error:', error);
res.status(500).json({
error: 'Token refresh failed',
message: error.message
});
}
});
/**
* Health check endpoint
* GET /health
*/
app.get('/health', (req, res) => {
res.json({
status: 'ok',
service: 'oauth-proxy',
configured: !!(CLIENT_ID && CLIENT_SECRET)
});
});
app.listen(PORT, () => {
console.log(`🔐 OAuth Proxy Server running on http://localhost:${PORT}`);
console.log(`📝 Client ID: ${CLIENT_ID}`);
console.log(`🔗 Redirect URI: ${REDIRECT_URI}`);
console.log('\n✅ Ready to handle OAuth requests');
});
Reference in New Issue View Git Blame Copy Permalink