Merge pull request #905 from Timothyw0/developer/timothywang/undo-rev…

…erts

chore: Reapply Pull Requests Prior to Release v2.0.2

docs/www/docs/cli/swa.md

@@ -19,7 +19,7 @@ This is the commandline utility for streamlining local development for Azure Sta
 - start emulator or bind to dev server
 - deploy project to Azure Static Web Apps
 
-If you don't enter any command and run `swa`, it will act as a macro command shorcut for `swa init`, `swa build`, `swa login` and `swa deploy`. The `swa init` command will only be executed if the `swa-cli.config.json` does not exist in the current folder.
+If you don't enter any command and run `swa`, it will act as a macro command shortcut for `swa init`, `swa build`, `swa login` and `swa deploy`. The `swa init` command will only be executed if the `swa-cli.config.json` does not exist in the current folder.
 
 The best way to get started is to use the `swa` command and follow the interactive prompts.
 

package.json

@@ -49,6 +49,7 @@
     "internal-ip": "^6.2.0",
     "json-schema-library": "^9.3.5",
     "json-source-map": "^0.6.1",
+    "jwt-decode": "^4.0.0",
     "keytar": "^7.9.0",
     "node-fetch": "^2.7.0",
     "open": "^8.4.2",

src/cli/commands/login/login.ts

@@ -56,7 +56,7 @@ async function setupProjectCredentials(options: SWACLIConfig, credentialChain: T
     const tenants = await listTenants(credentialChain);
     if (tenants.length === 0) {
       throw new Error(
-        `No Azure tenants found in your account.\n  Please read https://docs.microsoft.com/azure/cost-management-billing/manage/troubleshoot-sign-in-issue`
+        `No Azure tenants found in your account.\n  Please read https://docs.microsoft.com/azure/cost-management-billing/manage/troubleshoot-sign-in-issue`,
       );
     } else if (tenants.length === 1) {
       logger.silly(`Found 1 tenant: ${tenants[0].tenantId}`);
@@ -81,7 +81,7 @@ async function setupProjectCredentials(options: SWACLIConfig, credentialChain: T
     const subscriptions = await listSubscriptions(credentialChain);
     if (subscriptions.length === 0) {
       throw new Error(
-        `No valid subscription found for tenant ${tenantId}.\n  Please read https://docs.microsoft.com/azure/cost-management-billing/manage/no-subscriptions-found`
+        `No valid subscription found for tenant ${tenantId}.\n  Please read https://docs.microsoft.com/azure/cost-management-billing/manage/no-subscriptions-found`,
       );
     } else if (subscriptions.length === 1) {
       logger.silly(`Found 1 subscription: ${subscriptions[0].subscriptionId}`);
@@ -109,7 +109,7 @@ async function storeProjectCredentialsInEnvFile(
   subscriptionId: string | undefined,
   tenantId: string | undefined,
   clientId: string | undefined,
-  clientSecret: string | undefined
+  clientSecret: string | undefined,
 ) {
   const envFile = path.join(process.cwd(), ENV_FILENAME);
   const envFileExists = existsSync(envFile);
@@ -162,10 +162,12 @@ async function tryGetAzTenantAndSubscription(options: SWACLIConfig) {
     const azureProfile = await safeReadJson(AZURE_LOGIN_CONFIG);
     if (azureProfile) {
       const allSubscriptions = (azureProfile as AzureProfile).subscriptions;
-      const defaultAzureInfo = allSubscriptions.find((subscription) => subscription.isDefault == true);
-      if (defaultAzureInfo) {
-        options.tenantId = defaultAzureInfo.tenantId;
-        options.subscriptionId = defaultAzureInfo.id;
+      if (allSubscriptions) {
+        const defaultAzureInfo = allSubscriptions.find((subscription) => subscription.isDefault == true);
+        if (defaultAzureInfo) {
+          options.tenantId = defaultAzureInfo.tenantId;
+          options.subscriptionId = defaultAzureInfo.id;
+        }
       }
     }
 

src/core/constants.ts

@@ -49,6 +49,68 @@ export const SWA_AUTH_CONTEXT_COOKIE = `StaticWebAppsAuthContextCookie`;
 export const SWA_AUTH_COOKIE = `StaticWebAppsAuthCookie`;
 export const ALLOWED_HTTP_METHODS_FOR_STATIC_CONTENT = ["GET", "HEAD", "OPTIONS"];
 
+// Custom Auth constants
+export const SUPPORTED_CUSTOM_AUTH_PROVIDERS = ["google", "github", "aad", "facebook", "twitter", "dummy"];
+/*
+  The full name is required in staticwebapp.config.json's schema that will be normalized to aad
+  https://learn.microsoft.com/en-us/azure/static-web-apps/authentication-custom?tabs=aad%2Cinvitations
+*/
+export const ENTRAID_FULL_NAME = "azureActiveDirectory";
+export const CUSTOM_AUTH_TOKEN_ENDPOINT_MAPPING: AuthIdentityTokenEndpoints = {
+  google: {
+    host: "oauth2.googleapis.com",
+    path: "/token",
+  },
+  github: {
+    host: "github.com",
+    path: "/login/oauth/access_token",
+  },
+  aad: {
+    host: "login.microsoftonline.com",
+    path: "/tenantId/oauth2/v2.0/token",
+  },
+  facebook: {
+    host: "graph.facebook.com",
+    path: "/v11.0/oauth/access_token",
+  },
+  twitter: {
+    host: "api.twitter.com",
+    path: "/2/oauth2/token",
+  },
+};
+export const CUSTOM_AUTH_USER_ENDPOINT_MAPPING: AuthIdentityTokenEndpoints = {
+  google: {
+    host: "www.googleapis.com",
+    path: "/oauth2/v2/userinfo",
+  },
+  github: {
+    host: "api.github.com",
+    path: "/user",
+  },
+  aad: {
+    host: "graph.microsoft.com",
+    path: "/oidc/userinfo",
+  },
+  twitter: {
+    host: "api.twitter.com",
+    path: "/2/users/me",
+  },
+};
+export const CUSTOM_AUTH_ISS_MAPPING: AuthIdentityIssHosts = {
+  google: "https://account.google.com",
+  github: "",
+  aad: "https://graph.microsoft.com",
+  facebook: "https://www.facebook.com",
+  twitter: "https://www.x.com",
+};
+export const CUSTOM_AUTH_REQUIRED_FIELDS: AuthIdentityRequiredFields = {
+  google: ["clientIdSettingName", "clientSecretSettingName"],
+  github: ["clientIdSettingName", "clientSecretSettingName"],
+  aad: ["clientIdSettingName", "clientSecretSettingName", "openIdIssuer"],
+  facebook: ["appIdSettingName", "appSecretSettingName"],
+  twitter: ["consumerKeySettingName", "consumerSecretSettingName"],
+};
+
 export const AUTH_STATUS = {
   NoAuth: 0,
   HostNameAuthLogin: 1,

src/msha/auth/index.ts

@@ -2,27 +2,30 @@ import type http from "node:http";
 import { serializeCookie } from "../../core/utils/cookie.js";
 import { logger } from "../../core/utils/logger.js";
 import { response as newResponse } from "../../core/utils/net.js";
+import { SUPPORTED_CUSTOM_AUTH_PROVIDERS } from "../../core/constants.js";
 
 function getAuthPaths(isCustomAuth: boolean): Path[] {
   const paths: Path[] = [];
 
   if (isCustomAuth) {
+    const supportedAuthsRegex = SUPPORTED_CUSTOM_AUTH_PROVIDERS.join("|");
+
     paths.push({
       method: "GET",
-      // only match for providers with custom auth support implemented (github, google)
-      route: /^\/\.auth\/login\/(?<provider>github|google|dummy)\/callback(\?.*)?$/i,
+      // only match for providers with custom auth support implemented (github, google, aad, facebook, twitter)
+      route: new RegExp(`^/\\.auth/login/(?<provider>${supportedAuthsRegex})/callback(\\?.*)?$`, "i"),
       function: "auth-login-provider-callback",
     });
     paths.push({
       method: "GET",
-      // only match for providers with custom auth support implemented (github, google)
-      route: /^\/\.auth\/login\/(?<provider>github|google|dummy)(\?.*)?$/i,
+      // only match for providers with custom auth support implemented (github, google, aad, facebook, twitter)
+      route: new RegExp(`^/\\.auth/login/(?<provider>${supportedAuthsRegex})(\\?.*)?$`, "i"),
       function: "auth-login-provider-custom",
     });
     paths.push({
       method: "GET",
       // For providers with custom auth support not implemented, revert to old behavior
-      route: /^\/\.auth\/login\/(?<provider>aad|twitter|facebook|[a-z]+)(\?.*)?$/i,
+      route: /^\/\.auth\/login\/(?<provider>twitter|[a-z]+)(\?.*)?$/i,
       function: "auth-login-provider",
     });
     paths.push({
@@ -33,7 +36,7 @@ function getAuthPaths(isCustomAuth: boolean): Path[] {
   } else {
     paths.push({
       method: "GET",
-      route: /^\/\.auth\/login\/(?<provider>aad|github|twitter|google|facebook|[a-z]+)(\?.*)?$/i,
+      route: /^\/\.auth\/login\/(?<provider>github|twitter|google|facebook|[a-z0-9]+)(\?.*)?$/i,
       function: "auth-login-provider",
     });
   }
@@ -51,7 +54,7 @@ function getAuthPaths(isCustomAuth: boolean): Path[] {
     },
     {
       method: "GET",
-      route: /^\/\.auth\/purge\/(?<provider>aad|github|twitter|google|facebook|[a-z]+)(\?.*)?$/i,
+      route: /^\/\.auth\/purge\/(?<provider>aad|github|twitter|google|facebook|[a-z0-9]+)(\?.*)?$/i,
       // locally, all purge requests are processed as logout requests
       function: "auth-logout",
     },