e115934061
Publish `@librechat/data-schemas` to NPM / pack (push) Failing after 8s
Publish `@librechat/client` to NPM / pack (push) Failing after 0s
GitNexus Index / index (push) Failing after 1s
Sync Locize Translations & Create Translation PR / Create Translation PR on Version Published (push) Has been skipped
Sync Helm Chart Tags / Sync chart tags (push) Failing after 2s
Publish `librechat-data-provider` to NPM / pack (push) Failing after 1s
Docker Dev Images Build / build (Dockerfile, librechat-dev, node) (push) Failing after 1s
Docker Dev Images Build / build (Dockerfile.multi, librechat-dev-api, api-build) (push) Failing after 0s
Sync Helm Chart Tags / Ignore non-main push (push) Has been skipped
Sync Locize Translations & Create Translation PR / Sync Translation Keys with Locize (push) Failing after 1s
Publish `@librechat/client` to NPM / publish-npm (push) Has been cancelled
Publish `librechat-data-provider` to NPM / publish-npm (push) Has been cancelled
GitNexus Index / post-index (push) Has been cancelled
Publish `@librechat/data-schemas` to NPM / publish-npm (push) Has been cancelled
62 lines
2.0 KiB
JavaScript
62 lines
2.0 KiB
JavaScript
const jwt = require('jsonwebtoken');
|
|
const { logger } = require('@librechat/data-schemas');
|
|
const { Strategy: AppleStrategy } = require('passport-apple');
|
|
const socialLogin = require('./socialLogin');
|
|
|
|
/**
|
|
* Extract profile details from the decoded idToken
|
|
* @param {Object} params - Parameters from the verify callback
|
|
* @param {string} params.idToken - The ID token received from Apple
|
|
* @param {Object} params.profile - The profile object (may contain partial info)
|
|
* @returns {Object} - The extracted user profile details
|
|
*/
|
|
const getProfileDetails = ({ idToken, profile }) => {
|
|
if (!idToken) {
|
|
logger.error('idToken is missing');
|
|
throw new Error('idToken is missing');
|
|
}
|
|
|
|
const decoded = jwt.decode(idToken);
|
|
|
|
logger.debug(`Decoded Apple JWT: ${JSON.stringify(decoded, null, 2)}`);
|
|
|
|
return {
|
|
email: decoded.email,
|
|
id: decoded.sub,
|
|
avatarUrl: null, // Apple does not provide an avatar URL
|
|
username: decoded.email ? decoded.email.split('@')[0].toLowerCase() : `user_${decoded.sub}`,
|
|
name: decoded.name
|
|
? `${decoded.name.firstName} ${decoded.name.lastName}`
|
|
: profile.displayName || null,
|
|
emailVerified: true, // Apple verifies the email
|
|
};
|
|
};
|
|
|
|
// Initialize the social login handler for Apple
|
|
const appleLogin = socialLogin('apple', getProfileDetails);
|
|
const appleAdminLogin = socialLogin('apple', getProfileDetails, { existingUsersOnly: true });
|
|
|
|
const getAppleConfig = (callbackURL) => ({
|
|
clientID: process.env.APPLE_CLIENT_ID,
|
|
teamID: process.env.APPLE_TEAM_ID,
|
|
callbackURL,
|
|
keyID: process.env.APPLE_KEY_ID,
|
|
privateKeyLocation: process.env.APPLE_PRIVATE_KEY_PATH,
|
|
passReqToCallback: false,
|
|
});
|
|
|
|
const appleStrategy = () =>
|
|
new AppleStrategy(
|
|
getAppleConfig(`${process.env.DOMAIN_SERVER}${process.env.APPLE_CALLBACK_URL}`),
|
|
appleLogin,
|
|
);
|
|
|
|
const appleAdminStrategy = () =>
|
|
new AppleStrategy(
|
|
getAppleConfig(`${process.env.DOMAIN_SERVER}/api/admin/oauth/apple/callback`),
|
|
appleAdminLogin,
|
|
);
|
|
|
|
module.exports = appleStrategy;
|
|
module.exports.appleAdminLogin = appleAdminStrategy;
|