pocketbase/apis/record_auth.go

package apis

import (
	"github.com/pocketbase/pocketbase/core"
	"github.com/pocketbase/pocketbase/tools/router"
)

// bindRecordAuthApi registers the auth record api endpoints and
// the corresponding handlers.
func bindRecordAuthApi(app core.App, rg *router.RouterGroup[*core.RequestEvent]) {
	// global oauth2 subscription redirect handler
	rg.GET("/oauth2-redirect", oauth2SubscriptionRedirect).Bind(
		SkipSuccessActivityLog(), // skip success log as it could contain sensitive information in the url
	)
	// add again as POST in case of response_mode=form_post
	rg.POST("/oauth2-redirect", oauth2SubscriptionRedirect).Bind(
		SkipSuccessActivityLog(), // skip success log as it could contain sensitive information in the url
	)

	sub := rg.Group("/collections/{collection}")

	sub.GET("/auth-methods", recordAuthMethods).Bind(
		collectionPathRateLimit("", "listAuthMethods"),
	)

	sub.POST("/auth-refresh", recordAuthRefresh).Bind(
		collectionPathRateLimit("", "authRefresh"),
		RequireSameCollectionContextAuth(""),
	)

	sub.POST("/auth-with-password", recordAuthWithPassword).Bind(
		collectionPathRateLimit("", "authWithPassword", "auth"),
	)

	sub.POST("/auth-with-oauth2", recordAuthWithOAuth2).Bind(
		collectionPathRateLimit("", "authWithOAuth2", "auth"),
	)

	sub.POST("/request-otp", recordRequestOTP).Bind(
		collectionPathRateLimit("", "requestOTP"),
	)
	sub.POST("/auth-with-otp", recordAuthWithOTP).Bind(
		collectionPathRateLimit("", "authWithOTP", "auth"),
	)

	sub.POST("/request-password-reset", recordRequestPasswordReset).Bind(
		collectionPathRateLimit("", "requestPasswordReset"),
	)
	sub.POST("/confirm-password-reset", recordConfirmPasswordReset).Bind(
		collectionPathRateLimit("", "confirmPasswordReset"),
	)

	sub.POST("/request-verification", recordRequestVerification).Bind(
		collectionPathRateLimit("", "requestVerification"),
	)
	sub.POST("/confirm-verification", recordConfirmVerification).Bind(
		collectionPathRateLimit("", "confirmVerification"),
	)

	sub.POST("/request-email-change", recordRequestEmailChange).Bind(
		collectionPathRateLimit("", "requestEmailChange"),
		RequireSameCollectionContextAuth(""),
	)
	sub.POST("/confirm-email-change", recordConfirmEmailChange).Bind(
		collectionPathRateLimit("", "confirmEmailChange"),
	)

	sub.POST("/impersonate/{id}", recordAuthImpersonate).Bind(RequireSuperuserAuth())
}

func findAuthCollection(e *core.RequestEvent) (*core.Collection, error) {
	collection, err := e.App.FindCachedCollectionByNameOrId(e.Request.PathValue("collection"))

	if err != nil || !collection.IsAuth() {
		return nil, e.NotFoundError("Missing or invalid auth collection context.", err)
	}

	return collection, nil
}
initial v0.8 pre-release 2022-10-30 10:28:14 +02:00			`package apis`

			`import (`
			`"github.com/pocketbase/pocketbase/core"`
merge v0.23.0-rc changes 2024-09-29 19:23:19 +03:00			`"github.com/pocketbase/pocketbase/tools/router"`
initial v0.8 pre-release 2022-10-30 10:28:14 +02:00			`)`

			`// bindRecordAuthApi registers the auth record api endpoints and`
			`// the corresponding handlers.`
merge v0.23.0-rc changes 2024-09-29 19:23:19 +03:00			`func bindRecordAuthApi(app core.App, rg router.RouterGroup[core.RequestEvent]) {`
[#55] added OAuth2 subscription redirect handler 2023-04-10 22:27:00 +03:00			`// global oauth2 subscription redirect handler`
[#4999] added Notion OAuth2 provider Co-authored-by: s-li1 <stevenli8892@hotmail.com.au> 2024-10-10 14:46:22 +03:00			`rg.GET("/oauth2-redirect", oauth2SubscriptionRedirect).Bind(`
			`SkipSuccessActivityLog(), // skip success log as it could contain sensitive information in the url`
			`)`
merge v0.23.0-rc changes 2024-09-29 19:23:19 +03:00			`// add again as POST in case of response_mode=form_post`
[#4999] added Notion OAuth2 provider Co-authored-by: s-li1 <stevenli8892@hotmail.com.au> 2024-10-10 14:46:22 +03:00			`rg.POST("/oauth2-redirect", oauth2SubscriptionRedirect).Bind(`
			`SkipSuccessActivityLog(), // skip success log as it could contain sensitive information in the url`
			`)`
initial v0.8 pre-release 2022-10-30 10:28:14 +02:00
merge v0.23.0-rc changes 2024-09-29 19:23:19 +03:00			`sub := rg.Group("/collections/{collection}")`
initial v0.8 pre-release 2022-10-30 10:28:14 +02:00
merge v0.23.0-rc changes 2024-09-29 19:23:19 +03:00			`sub.GET("/auth-methods", recordAuthMethods).Bind(`
			`collectionPathRateLimit("", "listAuthMethods"),`
			`)`
initial v0.8 pre-release 2022-10-30 10:28:14 +02:00
merge v0.23.0-rc changes 2024-09-29 19:23:19 +03:00			`sub.POST("/auth-refresh", recordAuthRefresh).Bind(`
			`collectionPathRateLimit("", "authRefresh"),`
			`RequireSameCollectionContextAuth(""),`
			`)`
initial v0.8 pre-release 2022-10-30 10:28:14 +02:00
merge v0.23.0-rc changes 2024-09-29 19:23:19 +03:00			`sub.POST("/auth-with-password", recordAuthWithPassword).Bind(`
			`collectionPathRateLimit("", "authWithPassword", "auth"),`
			`)`
initial v0.8 pre-release 2022-10-30 10:28:14 +02:00
merge v0.23.0-rc changes 2024-09-29 19:23:19 +03:00			`sub.POST("/auth-with-oauth2", recordAuthWithOAuth2).Bind(`
			`collectionPathRateLimit("", "authWithOAuth2", "auth"),`
			`)`
initial v0.8 pre-release 2022-10-30 10:28:14 +02:00
merge v0.23.0-rc changes 2024-09-29 19:23:19 +03:00			`sub.POST("/request-otp", recordRequestOTP).Bind(`
			`collectionPathRateLimit("", "requestOTP"),`
			`)`
			`sub.POST("/auth-with-otp", recordAuthWithOTP).Bind(`
			`collectionPathRateLimit("", "authWithOTP", "auth"),`
			`)`
added Response.Committed checks 2023-07-20 10:40:03 +03:00
merge v0.23.0-rc changes 2024-09-29 19:23:19 +03:00			`sub.POST("/request-password-reset", recordRequestPasswordReset).Bind(`
			`collectionPathRateLimit("", "requestPasswordReset"),`
			`)`
			`sub.POST("/confirm-password-reset", recordConfirmPasswordReset).Bind(`
			`collectionPathRateLimit("", "confirmPasswordReset"),`
			`)`
[#55] added OAuth2 subscription redirect handler 2023-04-10 22:27:00 +03:00
merge v0.23.0-rc changes 2024-09-29 19:23:19 +03:00			`sub.POST("/request-verification", recordRequestVerification).Bind(`
			`collectionPathRateLimit("", "requestVerification"),`
			`)`
			`sub.POST("/confirm-verification", recordConfirmVerification).Bind(`
			`collectionPathRateLimit("", "confirmVerification"),`
			`)`
[#55] added OAuth2 subscription redirect handler 2023-04-10 22:27:00 +03:00
merge v0.23.0-rc changes 2024-09-29 19:23:19 +03:00			`sub.POST("/request-email-change", recordRequestEmailChange).Bind(`
			`collectionPathRateLimit("", "requestEmailChange"),`
			`RequireSameCollectionContextAuth(""),`
			`)`
			`sub.POST("/confirm-email-change", recordConfirmEmailChange).Bind(`
			`collectionPathRateLimit("", "confirmEmailChange"),`
			`)`
[#4177] added graceful OAuth2 redirect error handling 2024-01-19 19:14:52 +02:00
merge v0.23.0-rc changes 2024-09-29 19:23:19 +03:00			`sub.POST("/impersonate/{id}", recordAuthImpersonate).Bind(RequireSuperuserAuth())`
[#4177] added graceful OAuth2 redirect error handling 2024-01-19 19:14:52 +02:00			`}`
[#55] added OAuth2 subscription redirect handler 2023-04-10 22:27:00 +03:00
merge v0.23.0-rc changes 2024-09-29 19:23:19 +03:00			`func findAuthCollection(e core.RequestEvent) (core.Collection, error) {`
			`collection, err := e.App.FindCachedCollectionByNameOrId(e.Request.PathValue("collection"))`
[#55] added OAuth2 subscription redirect handler 2023-04-10 22:27:00 +03:00
merge v0.23.0-rc changes 2024-09-29 19:23:19 +03:00			`if err != nil \|\| !collection.IsAuth() {`
			`return nil, e.NotFoundError("Missing or invalid auth collection context.", err)`
[#4177] added graceful OAuth2 redirect error handling 2024-01-19 19:14:52 +02:00			`}`

merge v0.23.0-rc changes 2024-09-29 19:23:19 +03:00			`return collection, nil`
[#55] added OAuth2 subscription redirect handler 2023-04-10 22:27:00 +03:00			`}`