41 lines
1.5 KiB
TypeScript
41 lines
1.5 KiB
TypeScript
// pages/api/auth/apple.js
|
|
import jwt from 'jsonwebtoken';
|
|
import axios from 'axios';
|
|
import fs from 'fs';
|
|
import path from 'path';
|
|
|
|
export default async function handler(req, res) {
|
|
if (req.method === 'GET') {
|
|
// Generate the client secret
|
|
const clientSecret = generateClientSecret();
|
|
const redirectUri = `${req.headers.origin}/api/auth/apple/callback`;
|
|
|
|
// Redirect to Apple's authorization page
|
|
res.redirect(`https://appleid.apple.com/auth/authorize?response_type=code&client_id=${process.env.APPLE_CLIENT_ID}&redirect_uri=${encodeURIComponent(redirectUri)}&scope=name+email&response_mode=form_post&state=STATE&client_secret=${encodeURIComponent(clientSecret)}`);
|
|
} else {
|
|
res.status(405).json({ error: 'Method not allowed' });
|
|
}
|
|
}
|
|
|
|
function generateClientSecret() {
|
|
const appleKey = fs.readFileSync(path.resolve('./_deploy/appleKey.p8'), 'utf8');
|
|
const teamID = process.env.APPLE_TEAM_ID || "XC57P9SXDK";
|
|
const keyID = process.env.APPLE_KEY_ID || "TB3V355G5Y";
|
|
const appleAppID = process.env.APPLE_APP_ID || "com.mwitnessing.mwitnessing";
|
|
|
|
// Token expiration
|
|
const now = Math.floor(Date.now() / 1000);
|
|
const exp = now + 86400 * 180; // 6 months
|
|
|
|
const claims = {
|
|
iss: teamID,
|
|
iat: now,
|
|
exp: exp,
|
|
aud: 'https://appleid.apple.com',
|
|
sub: appleAppID,
|
|
};
|
|
|
|
const token = jwt.sign(claims, privateKey, { algorithm: 'ES256', header: { alg: 'ES256', kid: keyId } });
|
|
return token;
|
|
}
|