butterfly/moxie-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix Auth0 authentication: update auth routes with better logging and config handling

Browse Source
This commit is contained in:
Z User 2026-03-27 23:25:13 +00:00
parent e0f37c1e52
commit 67edb02b1f
2 changed files with 73 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
.env.example
View File

@ -1,32 +1,27 @@
# Server Configuration
PORT=9991
NODE_ENV=development
# App URL (your frontend URL)
APP_URL=https://moxiegen.client.guacamolebox.net
# CORS
CORS_ORIGIN=https://moxiegen.client.guacamolebox.net
# Auth0 Configuration # Auth0 Configuration
AUTH0_DOMAIN=dev-t13zhs74oltgqtfx.us.auth0.com AUTH0_DOMAIN=dev-t13zhs74oltgqtfx.us.auth0.com
AUTH0_CLIENT_ID=your-client-id-here AUTH0_CLIENT_ID=AWRYU8EBnKaHvRQOMXXADxgGEoBN45oN
AUTH0_CLIENT_SECRET=your-client-secret-here AUTH0_CLIENT_SECRET=your-client-secret-here
AUTH0_AUDIENCE=https://dev-t13zhs74oltgqtfx.us.auth0.com/api/v2/ AUTH0_AUDIENCE=https://dev-t13zhs74oltgqtfx.us.auth0.com/api/v2/
# Stripe Configuration (for future use) # Application URL
STRIPE_SECRET_KEY=sk_test_xxx APP_URL=https://moxiegen.client.guacamolebox.net
STRIPE_WEBHOOK_SECRET=whsec_xxx
STRIPE_PUBLISHABLE_KEY=pk_test_xxx
# PayPal Configuration (for future use) # Server Configuration
PAYPAL_CLIENT_ID=xxx PORT=9991
PAYPAL_CLIENT_SECRET=xxx NODE_ENV=production
PAYPAL_WEBHOOK_ID=xxx
PAYPAL_MODE=sandbox
# JWT Secret (optional, for additional security) # CORS Origin
JWT_SECRET=your-super-secret-key-change-in-production CORS_ORIGIN=https://moxiegen.client.guacamolebox.net
# First Admin User (will be promoted to admin on first login if email matches) # JWT Secret for signing (optional, for additional security)
ADMIN_EMAIL=admin@example.com JWT_SECRET=your-jwt-secret-change-this-in-production
# Stripe (for future use)
STRIPE_SECRET_KEY=
STRIPE_WEBHOOK_SECRET=
# PayPal (for future use)
PAYPAL_CLIENT_ID=
PAYPAL_CLIENT_SECRET=
PAYPAL_WEBHOOK_ID=

70
src/routes/auth.js
View File

@ -7,6 +7,7 @@ const router = express.Router();
const AUTH0_DOMAIN = process.env.AUTH0_DOMAIN || 'dev-t13zhs74oltgqtfx.us.auth0.com'; const AUTH0_DOMAIN = process.env.AUTH0_DOMAIN || 'dev-t13zhs74oltgqtfx.us.auth0.com';
const AUTH0_CLIENT_ID = process.env.AUTH0_CLIENT_ID; const AUTH0_CLIENT_ID = process.env.AUTH0_CLIENT_ID;
const AUTH0_CLIENT_SECRET = process.env.AUTH0_CLIENT_SECRET; const AUTH0_CLIENT_SECRET = process.env.AUTH0_CLIENT_SECRET;
const AUTH0_AUDIENCE = process.env.AUTH0_AUDIENCE || '';
/** /**
* @route GET /api/auth/callback * @route GET /api/auth/callback
@ -26,26 +27,44 @@ router.get('/callback', asyncHandler(async (req, res) => {
} }
try { try {
// Build token request body
const tokenRequestBody = {
grant_type: 'authorization_code',
client_id: AUTH0_CLIENT_ID,
client_secret: AUTH0_CLIENT_SECRET,
code,
redirect_uri: `${process.env.APP_URL || 'https://moxiegen.client.guacamolebox.net'}/dashboard.html`
};
// Only add audience if configured
if (AUTH0_AUDIENCE && AUTH0_AUDIENCE.trim() !== '') {
tokenRequestBody.audience = AUTH0_AUDIENCE;
}
console.log('Token exchange request:', {
domain: AUTH0_DOMAIN,
client_id: AUTH0_CLIENT_ID ? 'configured' : 'missing',
client_secret: AUTH0_CLIENT_SECRET ? 'configured' : 'missing',
redirect_uri: tokenRequestBody.redirect_uri,
audience: tokenRequestBody.audience || 'not set'
});
// Exchange code for tokens // Exchange code for tokens
const tokenResponse = await fetch(`https://${AUTH0_DOMAIN}/oauth/token`, { const tokenResponse = await fetch(`https://${AUTH0_DOMAIN}/oauth/token`, {
method: 'POST', method: 'POST',
headers: { 'Content-Type': 'application/json' }, headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ body: JSON.stringify(tokenRequestBody)
grant_type: 'authorization_code',
client_id: AUTH0_CLIENT_ID,
client_secret: AUTH0_CLIENT_SECRET,
code,
redirect_uri: `${process.env.APP_URL || 'https://moxiegen.client.guacamolebox.net'}/dashboard.html`
})
}); });
const tokens = await tokenResponse.json(); const tokens = await tokenResponse.json();
if (tokens.error) { if (tokens.error) {
console.error('Token exchange error:', tokens.error); console.error('Token exchange error:', tokens.error, tokens.error_description);
throw new Error(tokens.error_description || tokens.error); throw new Error(tokens.error_description || tokens.error);
} }
console.log('Token exchange successful');
// Redirect to frontend with tokens // Redirect to frontend with tokens
const frontendUrl = process.env.APP_URL || 'https://moxiegen.client.guacamolebox.net'; const frontendUrl = process.env.APP_URL || 'https://moxiegen.client.guacamolebox.net';
res.redirect(`${frontendUrl}/dashboard.html?access_token=${tokens.access_token}&id_token=${tokens.id_token}&expires_in=${tokens.expires_in}`); res.redirect(`${frontendUrl}/dashboard.html?access_token=${tokens.access_token}&id_token=${tokens.id_token}&expires_in=${tokens.expires_in}`);
@ -69,24 +88,43 @@ router.post('/token', asyncHandler(async (req, res) => {
} }
try { try {
// Build token request body
const tokenRequestBody = {
grant_type: 'authorization_code',
client_id: AUTH0_CLIENT_ID,
client_secret: AUTH0_CLIENT_SECRET,
code,
redirect_uri: redirect_uri || `${process.env.APP_URL || 'https://moxiegen.client.guacamolebox.net'}/dashboard.html`
};
// Only add audience if configured
if (AUTH0_AUDIENCE && AUTH0_AUDIENCE.trim() !== '') {
tokenRequestBody.audience = AUTH0_AUDIENCE;
}
console.log('POST Token exchange request:', {
domain: AUTH0_DOMAIN,
client_id: AUTH0_CLIENT_ID ? 'configured' : 'missing',
client_secret: AUTH0_CLIENT_SECRET ? 'configured' : 'missing',
redirect_uri: tokenRequestBody.redirect_uri,
audience: tokenRequestBody.audience || 'not set'
});
const tokenResponse = await fetch(`https://${AUTH0_DOMAIN}/oauth/token`, { const tokenResponse = await fetch(`https://${AUTH0_DOMAIN}/oauth/token`, {
method: 'POST', method: 'POST',
headers: { 'Content-Type': 'application/json' }, headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ body: JSON.stringify(tokenRequestBody)
grant_type: 'authorization_code',
client_id: AUTH0_CLIENT_ID,
client_secret: AUTH0_CLIENT_SECRET,
code,
redirect_uri: redirect_uri || `${process.env.APP_URL || 'https://moxiegen.client.guacamolebox.net'}/dashboard.html`
})
}); });
const tokens = await tokenResponse.json(); const tokens = await tokenResponse.json();
if (tokens.error) { if (tokens.error) {
console.error('POST Token exchange error:', tokens.error, tokens.error_description);
return res.status(400).json(ApiResponse(false, null, tokens.error_description || tokens.error)); return res.status(400).json(ApiResponse(false, null, tokens.error_description || tokens.error));
} }
console.log('POST Token exchange successful');
res.json(ApiResponse(true, { res.json(ApiResponse(true, {
access_token: tokens.access_token, access_token: tokens.access_token,
id_token: tokens.id_token, id_token: tokens.id_token,
@ -132,7 +170,7 @@ router.get('/config', (req, res) => {
res.json(ApiResponse(true, { res.json(ApiResponse(true, {
domain: AUTH0_DOMAIN, domain: AUTH0_DOMAIN,
clientId: AUTH0_CLIENT_ID, clientId: AUTH0_CLIENT_ID,
audience: process.env.AUTH0_AUDIENCE || `https://${AUTH0_DOMAIN}/api/v2/` audience: AUTH0_AUDIENCE || ''
})); }));
}); });