overseerr/server/routes/auth.ts

import { Router } from 'express';
import { getRepository } from 'typeorm';
import { User } from '../entity/User';
import PlexTvAPI from '../api/plextv';
import { isAuthenticated } from '../middleware/auth';
import { Permission } from '../lib/permissions';
import logger from '../logger';

const authRoutes = Router();

authRoutes.get('/me', isAuthenticated(), async (req, res) => {
  const userRepository = getRepository(User);
  if (!req.user) {
    return res.status(500).json({
      status: 500,
      error:
        'Requsted user endpoint withuot valid authenticated user in session',
    });
  }
  const user = await userRepository.findOneOrFail({
    where: { id: req.user.id },
  });

  return res.status(200).json(user.filter());
});

authRoutes.post('/login', async (req, res) => {
  const userRepository = getRepository(User);
  const body = req.body as { authToken?: string };

  if (!body.authToken) {
    return res.status(500).json({ error: 'You must provide an auth token' });
  }
  try {
    // First we need to use this auth token to get the users email from plex tv
    const plextv = new PlexTvAPI(body.authToken);
    const account = await plextv.getUser();

    // Next let's see if the user already exists
    let user = await userRepository.findOne({
      where: { plexId: account.id },
    });

    if (user) {
      // Let's check if their plex token is up to date
      if (user.plexToken !== body.authToken) {
        user.plexToken = body.authToken;
        await userRepository.save(user);
      }

      // Update the users avatar with their plex thumbnail (incase it changed)
      user.avatar = account.thumb;
      user.email = account.email;
      user.username = account.username;
    } else {
      // Here we check if it's the first user. If it is, we create the user with no check
      // and give them admin permissions
      const totalUsers = await userRepository.count();

      if (totalUsers === 0) {
        user = new User({
          email: account.email,
          username: account.username,
          plexId: account.id,
          plexToken: account.authToken,
          permissions: Permission.ADMIN,
          avatar: account.thumb,
        });
        await userRepository.save(user);
      }

      // If we get to this point, the user does not already exist so we need to create the
      // user _assuming_ they have access to the plex server
      const mainUser = await userRepository.findOneOrFail({
        select: ['id', 'plexToken'],
        order: { id: 'ASC' },
      });
      const mainPlexTv = new PlexTvAPI(mainUser.plexToken ?? '');
      if (await mainPlexTv.checkUserAccess(account)) {
        user = new User({
          email: account.email,
          username: account.username,
          plexId: account.id,
          plexToken: account.authToken,
          permissions: Permission.REQUEST,
          avatar: account.thumb,
        });
        await userRepository.save(user);
      }
    }

    // Set logged in session
    if (req.session && user) {
      req.session.userId = user.id;
    }

    return res.status(200).json(user?.filter() ?? {});
  } catch (e) {
    logger.error(e.message, { label: 'Auth' });
    res
      .status(500)
      .json({ error: 'Something went wrong. Is your auth token valid?' });
  }
});

authRoutes.get('/logout', (req, res, next) => {
  req.session?.destroy((err) => {
    if (err) {
      return next({
        status: 500,
        message: 'Something went wrong while attempting to logout',
      });
    }

    return res.status(200).json({ status: 'ok' });
  });
});

export default authRoutes;
feat(api): initial implementation of the auth system (#30) Adds the auth system but does not add all required features. They will be handled in other tickets 4 years ago			`import { Router } from 'express';`
			`import { getRepository } from 'typeorm';`
			`import { User } from '../entity/User';`
			`import PlexTvAPI from '../api/plextv';`
Settings System (#46) * feat(api): settings system Also includes /auth/me endpoint for ticket ch76 and OpenAPI 3.0 compatibility for ch77 * refactor(api): remove unused imports 4 years ago			`import { isAuthenticated } from '../middleware/auth';`
Permission System (#47) * feat(api): permissions system Adds a permission system for isAuthenticated middleware. Also adds user CRUD. 4 years ago			`import { Permission } from '../lib/permissions';`
feat(api): plex Sync (Movies) Also adds winston logging 4 years ago			`import logger from '../logger';`
feat(api): initial implementation of the auth system (#30) Adds the auth system but does not add all required features. They will be handled in other tickets 4 years ago
			`const authRoutes = Router();`

Permission System (#47) * feat(api): permissions system Adds a permission system for isAuthenticated middleware. Also adds user CRUD. 4 years ago			`authRoutes.get('/me', isAuthenticated(), async (req, res) => {`
Settings System (#46) * feat(api): settings system Also includes /auth/me endpoint for ticket ch76 and OpenAPI 3.0 compatibility for ch77 * refactor(api): remove unused imports 4 years ago			`const userRepository = getRepository(User);`
			`if (!req.user) {`
			`return res.status(500).json({`
			`status: 500,`
			`error:`
			`'Requsted user endpoint withuot valid authenticated user in session',`
			`});`
			`}`
			`const user = await userRepository.findOneOrFail({`
			`where: { id: req.user.id },`
			`});`

			`return res.status(200).json(user.filter());`
			`});`

feat(api): initial implementation of the auth system (#30) Adds the auth system but does not add all required features. They will be handled in other tickets 4 years ago			`authRoutes.post('/login', async (req, res) => {`
			`const userRepository = getRepository(User);`
			`const body = req.body as { authToken?: string };`

			`if (!body.authToken) {`
			`return res.status(500).json({ error: 'You must provide an auth token' });`
			`}`
			`try {`
			`// First we need to use this auth token to get the users email from plex tv`
			`const plextv = new PlexTvAPI(body.authToken);`
			`const account = await plextv.getUser();`

			`// Next let's see if the user already exists`
			`let user = await userRepository.findOne({`
Request Model (#79) * feat(api): request model Also adds request binding to search/discover results * fix(api): rename Request to MediaRequest and update nextjs tsconfig * refactor(api): move related request fetching code into MediaRequest entity 4 years ago			`where: { plexId: account.id },`
feat(api): initial implementation of the auth system (#30) Adds the auth system but does not add all required features. They will be handled in other tickets 4 years ago			`});`

			`if (user) {`
			`// Let's check if their plex token is up to date`
			`if (user.plexToken !== body.authToken) {`
			`user.plexToken = body.authToken;`
			`await userRepository.save(user);`
			`}`
feat: user avatars from plex (#53) 4 years ago
			`// Update the users avatar with their plex thumbnail (incase it changed)`
			`user.avatar = account.thumb;`
Request Model (#79) * feat(api): request model Also adds request binding to search/discover results * fix(api): rename Request to MediaRequest and update nextjs tsconfig * refactor(api): move related request fetching code into MediaRequest entity 4 years ago			`user.email = account.email;`
			`user.username = account.username;`
feat(api): initial implementation of the auth system (#30) Adds the auth system but does not add all required features. They will be handled in other tickets 4 years ago			`} else {`
			`// Here we check if it's the first user. If it is, we create the user with no check`
			`// and give them admin permissions`
			`const totalUsers = await userRepository.count();`

			`if (totalUsers === 0) {`
			`user = new User({`
			`email: account.email,`
Request Model (#79) * feat(api): request model Also adds request binding to search/discover results * fix(api): rename Request to MediaRequest and update nextjs tsconfig * refactor(api): move related request fetching code into MediaRequest entity 4 years ago			`username: account.username,`
			`plexId: account.id,`
feat(api): initial implementation of the auth system (#30) Adds the auth system but does not add all required features. They will be handled in other tickets 4 years ago			`plexToken: account.authToken,`
Permission System (#47) * feat(api): permissions system Adds a permission system for isAuthenticated middleware. Also adds user CRUD. 4 years ago			`permissions: Permission.ADMIN,`
feat: user avatars from plex (#53) 4 years ago			`avatar: account.thumb,`
feat(api): initial implementation of the auth system (#30) Adds the auth system but does not add all required features. They will be handled in other tickets 4 years ago			`});`
			`await userRepository.save(user);`
			`}`

			`// If we get to this point, the user does not already exist so we need to create the`
			`// user _assuming_ they have access to the plex server`
feat(api): allow plex logins from users who have access to the server 4 years ago			`const mainUser = await userRepository.findOneOrFail({`
			`select: ['id', 'plexToken'],`
			`order: { id: 'ASC' },`
			`});`
			`const mainPlexTv = new PlexTvAPI(mainUser.plexToken ?? '');`
			`if (await mainPlexTv.checkUserAccess(account)) {`
			`user = new User({`
			`email: account.email,`
			`username: account.username,`
			`plexId: account.id,`
			`plexToken: account.authToken,`
			`permissions: Permission.REQUEST,`
			`avatar: account.thumb,`
			`});`
			`await userRepository.save(user);`
			`}`
feat(api): initial implementation of the auth system (#30) Adds the auth system but does not add all required features. They will be handled in other tickets 4 years ago			`}`

			`// Set logged in session`
			`if (req.session && user) {`
			`req.session.userId = user.id;`
			`}`

feat: logout route/sign out button (#54) 4 years ago			`return res.status(200).json(user?.filter() ?? {});`
feat(api): initial implementation of the auth system (#30) Adds the auth system but does not add all required features. They will be handled in other tickets 4 years ago			`} catch (e) {`
feat(api): plex Sync (Movies) Also adds winston logging 4 years ago			`logger.error(e.message, { label: 'Auth' });`
feat(api): initial implementation of the auth system (#30) Adds the auth system but does not add all required features. They will be handled in other tickets 4 years ago			`res`
			`.status(500)`
			`.json({ error: 'Something went wrong. Is your auth token valid?' });`
			`}`
			`});`

feat: logout route/sign out button (#54) 4 years ago			`authRoutes.get('/logout', (req, res, next) => {`
			`req.session?.destroy((err) => {`
			`if (err) {`
			`return next({`
			`status: 500,`
			`message: 'Something went wrong while attempting to logout',`
			`});`
			`}`

			`return res.status(200).json({ status: 'ok' });`
			`});`
			`});`

feat(api): initial implementation of the auth system (#30) Adds the auth system but does not add all required features. They will be handled in other tickets 4 years ago			`export default authRoutes;`