| | import { NextRequest, NextResponse } from "next/server"; |
| | import MY_TOKEN_KEY from "@/lib/get-cookie-name"; |
| |
|
| | export async function POST(req: NextRequest) { |
| | const body = await req.json(); |
| | const { code } = body; |
| |
|
| | if (!code) { |
| | return NextResponse.json( |
| | { error: "Code is required" }, |
| | { |
| | status: 400, |
| | headers: { |
| | "Content-Type": "application/json", |
| | }, |
| | } |
| | ); |
| | } |
| |
|
| | const Authorization = `Basic ${Buffer.from( |
| | `${process.env.OAUTH_CLIENT_ID}:${process.env.OAUTH_CLIENT_SECRET}` |
| | ).toString("base64")}`; |
| |
|
| | const host = |
| | req.headers.get("host") ?? req.headers.get("origin") ?? "localhost:3000"; |
| |
|
| | const url = host.includes("/spaces/enzostvs") |
| | ? "enzostvs-deepsite.hf.space" |
| | : host; |
| | const redirect_uri = |
| | `${host.includes("localhost") ? "http://" : "https://"}` + |
| | url + |
| | "/auth/callback"; |
| | const request_auth = await fetch("https://huggingface.co/oauth/token", { |
| | method: "POST", |
| | headers: { |
| | "Content-Type": "application/x-www-form-urlencoded", |
| | Authorization, |
| | }, |
| | body: new URLSearchParams({ |
| | grant_type: "authorization_code", |
| | code, |
| | redirect_uri, |
| | }), |
| | }); |
| |
|
| | const response = await request_auth.json(); |
| | if (!response.access_token) { |
| | return NextResponse.json( |
| | { error: "Failed to retrieve access token" }, |
| | { |
| | status: 400, |
| | headers: { |
| | "Content-Type": "application/json", |
| | }, |
| | } |
| | ); |
| | } |
| |
|
| | const userResponse = await fetch("https://huggingface.co/api/whoami-v2", { |
| | headers: { |
| | Authorization: `Bearer ${response.access_token}`, |
| | }, |
| | }); |
| |
|
| | if (!userResponse.ok) { |
| | return NextResponse.json( |
| | { user: null, errCode: userResponse.status }, |
| | { status: userResponse.status } |
| | ); |
| | } |
| | const user = await userResponse.json(); |
| |
|
| | const cookieName = MY_TOKEN_KEY(); |
| | const isProduction = process.env.NODE_ENV === "production"; |
| | |
| | |
| | const nextResponse = NextResponse.json( |
| | { |
| | access_token: response.access_token, |
| | expires_in: response.expires_in, |
| | user, |
| | |
| | useLocalStorageFallback: true, |
| | }, |
| | { |
| | status: 200, |
| | headers: { |
| | "Content-Type": "application/json", |
| | }, |
| | } |
| | ); |
| | |
| | |
| | const cookieOptions = [ |
| | `${cookieName}=${response.access_token}`, |
| | `Max-Age=${response.expires_in || 3600}`, |
| | "Path=/", |
| | "HttpOnly", |
| | ...(isProduction ? ["Secure", "SameSite=None"] : ["SameSite=Lax"]) |
| | ].join("; "); |
| | |
| | nextResponse.headers.set("Set-Cookie", cookieOptions); |
| | |
| | return nextResponse; |
| | } |
| |
|
