feat(oauth): limited discord server sign-in (#346)

* feat(oauth): limited discord server sign-in * fix: typo * style: change undefined to optional * style: remove conditional operator
2026-04-17 04:33:15 +02:00 · 2023-12-01 05:41:06 +08:00
parent d9a9523c9a
commit 5f94c7295a
7 changed files with 89 additions and 21 deletions
--- a/backend/src/oauth/provider/genericOidc.provider.ts
+++ b/backend/src/oauth/provider/genericOidc.provider.ts
@@ -1,4 +1,4 @@
-import { BadRequestException } from "@nestjs/common";
+import { Logger } from "@nestjs/common";
 import fetch from "node-fetch";
 import { ConfigService } from "../../config/config.service";
 import { JwtService } from "@nestjs/jwt";
@@ -7,11 +7,15 @@ import { nanoid } from "nanoid";
 import { OAuthCallbackDto } from "../dto/oauthCallback.dto";
 import { OAuthProvider, OAuthToken } from "./oauthProvider.interface";
 import { OAuthSignInDto } from "../dto/oauthSignIn.dto";
+import { ErrorPageException } from "../exceptions/errorPage.exception";

 export abstract class GenericOidcProvider implements OAuthProvider<OidcToken> {
  protected discoveryUri: string;
  private configuration: OidcConfigurationCache;
  private jwk: OidcJwkCache;
+  private logger: Logger = new Logger(
+    Object.getPrototypeOf(this).constructor.name,
+  );

  protected constructor(
    protected name: string,
@@ -112,7 +116,10 @@ export abstract class GenericOidcProvider implements OAuthProvider<OidcToken> {
    const nonce = await this.cache.get(key);
    await this.cache.del(key);
    if (nonce !== idTokenData.nonce) {
-      throw new BadRequestException("Invalid token");
+      this.logger.error(
+        `Invalid nonce. Expected ${nonce}, but got ${idTokenData.nonce}`,
+      );
+      throw new ErrorPageException("invalid_token");
    }

    return {