memory-infrastructure-palace/code/websites/pokedex.online/server/oauth-proxy.js

/**
 * OAuth Proxy Server for Challonge API
 *
 * This server handles OAuth token exchange and refresh for the Challonge API.
 * It keeps client_secret secure by running on the backend.
 *
 * Usage:
 *   Development: node server/oauth-proxy.js
 *   Production: Deploy with Docker (see docker-compose.production.yml)
 */

import 'dotenv/config';
import express from 'express';
import cors from 'cors';
import fetch from 'node-fetch';
import gamemasterRouter from './gamemaster-api.js';
import { validateOrExit, getConfig } from './utils/env-validator.js';
import logger, { requestLogger, errorLogger } from './utils/logger.js';
import {
  setupGracefulShutdown,
  createHealthCheckMiddleware
} from './utils/graceful-shutdown.js';

// Validate environment variables
validateOrExit();

// Get validated configuration
const config = getConfig();

const app = express();

// Middleware
app.use(cors({ origin: config.cors.origin }));
app.use(express.json());
app.use(requestLogger);

// Mount API routes (nginx strips /api/ prefix before forwarding)
app.use('/gamemaster', gamemasterRouter);

/**
 * Exchange authorization code for access token
 * POST /oauth/token
 */
app.post('/oauth/token', async (req, res) => {
  if (!config.challonge.configured) {
    logger.warn('OAuth token request received but Challonge not configured');
    return res.status(503).json({
      error: 'Challonge OAuth not configured',
      message:
        'Set CHALLONGE_CLIENT_ID and CHALLONGE_CLIENT_SECRET environment variables'
    });
  }

  const { code } = req.body;

  if (!code) {
    logger.warn('OAuth token request missing authorization code');
    return res.status(400).json({ error: 'Missing authorization code' });
  }

  try {
    logger.debug('Exchanging authorization code for access token');
    const response = await fetch('https://api.challonge.com/oauth/token', {
      method: 'POST',
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded'
      },
      body: new URLSearchParams({
        grant_type: 'authorization_code',
        client_id: config.challonge.clientId,
        client_secret: config.challonge.clientSecret,
        code: code,
        redirect_uri: config.challonge.redirectUri
      })
    });

    const data = await response.json();

    if (!response.ok) {
      logger.error('Token exchange failed', { status: response.status, data });
      return res.status(response.status).json(data);
    }

    logger.info('Token exchange successful');
    res.json(data);
  } catch (error) {
    logger.error('Token exchange error', { error: error.message });
    res.status(500).json({
      error: 'Token exchange failed',
      message: error.message
    });
  }
});

/**
 * Refresh access token
 * POST /oauth/refresh
 */
app.post('/oauth/refresh', async (req, res) => {
  if (!config.challonge.configured) {
    logger.warn('OAuth refresh request received but Challonge not configured');
    return res.status(503).json({
      error: 'Challonge OAuth not configured',
      message:
        'Set CHALLONGE_CLIENT_ID and CHALLONGE_CLIENT_SECRET environment variables'
    });
  }

  const { refresh_token } = req.body;

  if (!refresh_token) {
    logger.warn('OAuth refresh request missing refresh token');
    return res.status(400).json({ error: 'Missing refresh token' });
  }

  try {
    logger.debug('Refreshing access token');
    const response = await fetch('https://api.challonge.com/oauth/token', {
      method: 'POST',
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded'
      },
      body: new URLSearchParams({
        grant_type: 'refresh_token',
        client_id: config.challonge.clientId,
        client_secret: config.challonge.clientSecret,
        refresh_token: refresh_token
      })
    });

    const data = await response.json();

    if (!response.ok) {
      logger.error('Token refresh failed', { status: response.status, data });
      return res.status(response.status).json(data);
    }

    logger.info('Token refresh successful');
    res.json(data);
  } catch (error) {
    logger.error('Token refresh error', { error: error.message });
    res.status(500).json({
      error: 'Token refresh failed',
      message: error.message
    });
  }
});

/**
 * Health check endpoint (with graceful shutdown support)
 * GET /health
 */
app.get('/health', createHealthCheckMiddleware());

// Error logging middleware (must be after routes)
app.use(errorLogger);

// Start server
const server = app.listen(config.port, () => {
  logger.info('🔐 OAuth Proxy Server started', {
    port: config.port,
    nodeEnv: config.nodeEnv,
    challongeConfigured: config.challonge.configured
  });

  if (!config.challonge.configured) {
    logger.warn(
      '⚠️  Challonge OAuth not configured - OAuth endpoints disabled'
    );
    logger.warn(
      '   Set CHALLONGE_CLIENT_ID and CHALLONGE_CLIENT_SECRET to enable'
    );
  }

  logger.info('✅ Ready to handle requests');
});

// Setup graceful shutdown
setupGracefulShutdown(server, {
  timeout: 30000,
  onShutdown: async () => {
    logger.info('Running cleanup tasks...');
    // Add any cleanup tasks here (close DB connections, etc.)
  }
});