Separate environment configs (#6597)

* Separate environment configs * wip * wip * test * plugins * test * test * .sequelizerc, unfortunately can't go through /utils/environment due to not supporting TS * docker-compose -> docker compose * fix: .local wipes .development * Add custom validation message for invalid SECRET_KEY (often confused)
2024-02-27 09:24:23 -08:00
parent 415383a1c9
commit 60e52d0423
45 changed files with 489 additions and 409 deletions
--- a/plugins/azure/server/azure.ts
+++ b/plugins/azure/server/azure.ts
@@ -0,0 +1,44 @@
+import invariant from "invariant";
+import JWT from "jsonwebtoken";
+import OAuthClient from "@server/utils/oauth";
+import env from "./env";
+
+type AzurePayload = {
+  /** A GUID that represents the Azure AD tenant that the user is from */
+  tid: string;
+};
+
+export default class AzureClient extends OAuthClient {
+  endpoints = {
+    authorize: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
+    token: "https://login.microsoftonline.com/common/oauth2/v2.0/token",
+    userinfo: "https://graph.microsoft.com/v1.0/me",
+  };
+
+  constructor() {
+    invariant(env.AZURE_CLIENT_ID, "AZURE_CLIENT_ID is required");
+    invariant(env.AZURE_CLIENT_SECRET, "AZURE_CLIENT_SECRET is required");
+
+    super(env.AZURE_CLIENT_ID, env.AZURE_CLIENT_SECRET);
+  }
+
+  async rotateToken(
+    accessToken: string,
+    refreshToken: string
+  ): Promise<{
+    accessToken: string;
+    refreshToken?: string;
+    expiresAt: Date;
+  }> {
+    if (env.isCloudHosted) {
+      return super.rotateToken(accessToken, refreshToken);
+    }
+
+    const payload = JWT.decode(accessToken) as AzurePayload;
+    return super.rotateToken(
+      accessToken,
+      refreshToken,
+      `https://login.microsoftonline.com/${payload.tid}/oauth2/v2.0/token`
+    );
+  }
+}