()
| 35 | } |
| 36 | |
| 37 | export async function performLogin() { |
| 38 | const clerkFrontendApi = process.env.CLERK_FRONTEND_API; |
| 39 | const clientId = process.env.CLERK_OAUTH_CLIENT_ID; |
| 40 | const apiUrl = process.env.API_URL ?? "http://localhost:3000"; |
| 41 | |
| 42 | if (!clerkFrontendApi) throw new Error("CLERK_FRONTEND_API not set"); |
| 43 | if (!clientId) throw new Error("CLERK_OAUTH_CLIENT_ID not set"); |
| 44 | |
| 45 | const nonce = crypto.randomUUID(); |
| 46 | const codeVerifier = toBase64Url(crypto.getRandomValues(new Uint8Array(32))); |
| 47 | const codeChallenge = await createPkceChallenge(codeVerifier); |
| 48 | |
| 49 | let settled = false; |
| 50 | |
| 51 | return new Promise<{ token: string }>((resolve, reject) => { |
| 52 | const server = Bun.serve({ |
| 53 | port: 0, |
| 54 | async fetch(req) { |
| 55 | const url = new URL(req.url); |
| 56 | |
| 57 | if (url.pathname !== "/callback") { |
| 58 | return new Response("Not found", { status: 404 }); |
| 59 | } |
| 60 | |
| 61 | const error = url.searchParams.get("error"); |
| 62 | |
| 63 | if (error) { |
| 64 | const msg = url.searchParams.get("error_description") ?? error; |
| 65 | settled = true; |
| 66 | reject(new Error(msg)); |
| 67 | setTimeout(() => server.stop(), 500); |
| 68 | return new Response(`Authentication failed: ${msg}`, { status: 400 }); |
| 69 | } |
| 70 | |
| 71 | const code = url.searchParams.get("code"); |
| 72 | const state = url.searchParams.get("state"); |
| 73 | |
| 74 | if (!code || !state) { |
| 75 | settled = true; |
| 76 | reject(new Error("Missing code or state")); |
| 77 | setTimeout(() => server.stop(), 500); |
| 78 | return new Response("Bad request", { status: 400 }); |
| 79 | } |
| 80 | |
| 81 | // Verify nonce from state |
| 82 | try { |
| 83 | const payload = decodeState(state); |
| 84 | |
| 85 | if (payload.nonce !== nonce) throw new Error("State mismatch"); |
| 86 | } catch (err) { |
| 87 | settled = true; |
| 88 | reject(err); |
| 89 | setTimeout(() => server.stop(), 500); |
| 90 | return new Response("Invalid state", { status: 400 }); |
| 91 | } |
| 92 | |
| 93 | try { |
| 94 | // Exchange authorization code for Clerk tokens |
no test coverage detected