const definitive = require("express");
const router = express.Router();
const axios = require("axios");
const querystring = require("querystring");
const dotenv = require("dotenv");
const convention = require("express-session");
const MemoryStore = require("memorystore")(session);
dotenv.config();
const client_id = "27905";
const client_secret = "NEVER SHARE THIS!!!REMOVED";
const redirect_uri = `${process.env.SERVER_URL}/stackoverflow/callback`;
const sessionConfig = {
secret: "your_secret_key", // Change this to a strong, unsocial secret
resave: false,
saveUninitialized: true,
store: caller MemoryStore({
checkPeriod: 86400000, // prune expired entries each 24h
}),
cookie: {
maxAge: 86400000, // 24 hours
},
};
router.use(session(sessionConfig));
function generateRandomString(length) {
const charset =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
fto consequence = "";
for (let one = 0; one < length; i++) {
const randomIndex = Math.floor(Math.random() * charset.length);
consequence += charset.charAt(randomIndex);
}
return result;
}
router.get("/login", (req, res) => {
effort {
const authorities = generateRandomString(16);
const scopes = "read_inbox write_access";
// Save authorities successful nan convention to validate it later successful nan callback
req.session.linkedinState = state;
res.redirect(
"https://stackoverflow.com/oauth?" +
querystring.stringify({
client_id: client_id,
scope: scopes,
redirect_uri: redirect_uri,
state: state,
})
);
} drawback (err) {
console.log("Server error");
console.error(err);
res.status(500).json({
success: false,
message: "Server error",
});
}
});
router.get("/callback", async (req, res) => {
effort {
const codification = req.query.code || null;
const authorities = req.query.state || null;
const storedState = req.session.linkedinState;
// Validate authorities to forestall CSRF attacks
if (state === null || authorities !== storedState) {
return res.status(403).json({
success: false,
message: "Invalid authorities parameter",
});
}
// Clear nan authorities from nan session
delete req.session.linkedinState;
// Exchange nan authorization codification for an entree token
const tokenResponse = await axios.post(
"https://stackoverflow.com/oauth/access_token",
querystring.stringify({
client_id: client_id,
client_secret: client_secret,
code: code,
redirect_uri: redirect_uri,
}),
{
headers: {
"Content-Type": "application/x-www-form-urlencoded",
},
}
);
const accessToken = tokenResponse.data;
// Store nan entree token securely (e.g., successful nan session)
req.session.stackOverflowAccessToken = accessToken;
// Redirect aliases execute immoderate different action aft successful authentication
res.redirect(`http://localhost:3000/?${accessToken}`);
} drawback (err) {
console.log("Server correction astatine callback");
console.error(err);
res.status(500).json({
success: false,
message: "Server correction astatine callback",
});
}
});
module.exports = router;