feature: login

website/.env.example

@@ -18,7 +18,15 @@ [email protected]
 SMTP_HOST=localhost
 SMTP_PORT=1025
 
+# Ally
+GITHUB_CLIENT_ID=********
+GITHUB_CLIENT_SECRET=********
+GOOGLE_CLIENT_ID=********
+GOOGLE_CLIENT_SECRET=********
+LINKEDIN_CLIENT_ID=********
+LINKEDIN_CLIENT_SECRET=********
+
 # Frontend
 INERTIA_PUBLIC_TZ=Europe/Lisbon
 INERTIA_PUBLIC_EVENT_COUNTDOWN_DATE=2025-04-11
-INERTIA_PUBLIC_APP_URL=http://127.0.0.1:3333
+INERTIA_PUBLIC_APP_URL=http://127.0.0.1:3333

website/adonisrc.ts

@@ -45,6 +45,7 @@ export default defineConfig({
     () => import('@adonisjs/inertia/inertia_provider'),
     () => import('@adonisjs/mail/mail_provider'),
     () => import('@tuyau/core/tuyau_provider'),
+    () => import('@adonisjs/ally/ally_provider'),
   ],
 
   /*

website/app/controllers/authentication_controller.ts

@@ -0,0 +1,111 @@
+import Account from '#models/account'
+import { socialAccountLoginValidator } from '#validators/account'
+import User from '#models/user'
+import type { HttpContext } from '@adonisjs/core/http'
+import { createUserValidator, createUserValidatorErrorMessage } from '#validators/authentication'
+
+async function getOrCreate(search: Pick<Account, 'provider' | 'providerId'>) {
+  const account = await Account.firstOrCreate({
+    provider: search.provider,
+    providerId: search.providerId,
+  })
+
+  return account
+}
+
+export default class AuthenticationController {
+  async login({ request, auth, response, session }: HttpContext) {
+    const { email, password } = request.only(['email', 'password'])
+
+    try {
+      const account = await Account.verifyCredentials(email, password)
+
+      const user = await User.query().where('id', account.user_id).first()
+      if (user) await auth.use('web').login(user)
+
+      response.redirect('/')
+    } catch (error) {
+      session.flash('errors', { oauth: 'Email ou palavra-passe incorretos' })
+      return response.redirect().back()
+    }
+  }
+
+  async register({ request, auth, response, session }: HttpContext) {
+    try {
+      await request.validateUsing(createUserValidator)
+    } catch (error) {
+      session.flash('errors', { oauth: createUserValidatorErrorMessage(error) })
+      return response.redirect().toRoute('view.register')
+    }
+
+    const { email, password } = request.only(['email', 'password'])
+
+    if (await User.query().where('email', email).first()) {
+      session.flash('errors', { oauth: 'Este e-mail já está em uso' })
+      return response.redirect().toRoute('view.register')
+    }
+
+    try {
+      const user = await User.create({ email })
+
+      await Account.create({
+        provider: 'credentials',
+        providerId: email,
+        password: password,
+        user_id: user.id,
+      })
+
+      await auth.use('web').login(user)
+
+      response.redirect('/')
+    } catch (error) {
+      session.flash('errors', { oauth: 'Ocorreu um erro no registo' })
+      return response.redirect().toRoute('view.register')
+    }
+  }
+
+  async initiateGithubLogin({ ally, inertia }: HttpContext) {
+    const url = await ally.use('github').redirectUrl()
+    console.log(url)
+    return inertia.location(url)
+  }
+
+  async callbackForGithubLogin({ response, ally }: HttpContext) {
+    const github = ally.use('github')
+    const user = await github.user()
+
+    const data = await socialAccountLoginValidator.validate(user)
+    console.log(data)
+
+    const account = await getOrCreate({
+      provider: 'github',
+      providerId: data.id,
+    })
+
+    return response.json({ user, account: account.serialize() })
+  }
+
+  async initiateGoogleLogin({ ally, inertia }: HttpContext) {
+    const url = await ally.use('google').redirectUrl()
+    return inertia.location(url)
+  }
+
+  async callbackForGoogleLogin({ response, ally }: HttpContext) {
+    const google = ally.use('google')
+    const user = await google.user()
+
+    return response.json({ user })
+  }
+
+  async initiateLinkedinLogin({ ally, inertia }: HttpContext) {
+    const url = await ally.use('linkedin').redirectUrl()
+    return inertia.location(url)
+  }
+
+  async callbackForLinkedinLogin({ response, ally }: HttpContext) {
+    const linkedin = ally.use('linkedin')
+    const user = await linkedin.user()
+
+    return response.json({ user })
+  }
+}

website/app/exceptions/handler.ts

@@ -1,6 +1,7 @@
 import app from '@adonisjs/core/services/app'
 import { HttpContext, ExceptionHandler } from '@adonisjs/core/http'
 import type { StatusPageRange, StatusPageRenderer } from '@adonisjs/core/types/http'
+import { errors } from '@vinejs/vine'
 
 export default class HttpExceptionHandler extends ExceptionHandler {
   /**
@@ -30,6 +31,11 @@ export default class HttpExceptionHandler extends ExceptionHandler {
    * response to the client
    */
   async handle(error: unknown, ctx: HttpContext) {
+    if (error instanceof errors.E_VALIDATION_ERROR) {
+      ctx.response.status(422).send(error.messages)
+      return
+    }
+
     return super.handle(error, ctx)
   }
 

website/app/messages.ts

@@ -0,0 +1,8 @@
+export const messages = {
+  auth: {
+    oauth: {
+      accessDenied: 'O pedido de início de sessão foi rejeitado.',
+      stateMismatch: 'Ocorreu um erro ao iniciar sessão. Por favor, tenta novamente.',
+    },
+  },
+} as const

website/app/middleware/redirect_if_authenticated_middleware.ts

@@ -0,0 +1,14 @@
+import type { HttpContext } from '@adonisjs/core/http'
+import type { NextFn } from '@adonisjs/core/types/http'
+
+export default class RedirectIfAuthenticatedMiddleware {
+  async handle({ auth, response }: HttpContext, next: NextFn) {
+    if (await auth.check()) response.redirect().back()
+
+    /**
+     * Call next method in the pipeline and return its output
+     */
+    const output = await next()
+    return output
+  }
+}

website/app/middleware/verify_social_callback_middleware.ts

@@ -0,0 +1,34 @@
+import { SocialProviders } from '@adonisjs/ally/types'
+import type { HttpContext } from '@adonisjs/core/http'
+import type { NextFn } from '@adonisjs/core/types/http'
+import { messages } from '../messages.js'
+
+export default class VerifySocialCallbackMiddleware {
+  async handle(
+    { response, session, ally }: HttpContext,
+    next: NextFn,
+    options: { provider: keyof SocialProviders }
+  ) {
+    const oauth = ally.use(options.provider)
+
+    if (oauth.accessDenied()) {
+      session.flashErrors({ oauth: messages.auth.oauth.accessDenied })
+      return response.redirect('/login')
+    }
+
+    if (oauth.stateMisMatch()) {
+      session.flashErrors({ oauth: messages.auth.oauth.stateMismatch })
+      return response.redirect('/login')
+    }
+
+    const postRedirectError = oauth.getError()
+    if (postRedirectError) {
+      session.flashErrors({ oauth: postRedirectError })
+      return response.redirect('/login')
+    }
+
+    const output = await next()
+
+    return output
+  }
+}

website/app/models/account.ts

@@ -0,0 +1,36 @@
+import { DateTime } from 'luxon'
+import { BaseModel, column, hasOne } from '@adonisjs/lucid/orm'
+import type { HasOne } from '@adonisjs/lucid/types/relations'
+import { SocialProviders } from '@adonisjs/ally/types'
+import { compose } from '@adonisjs/core/helpers'
+import hash from '@adonisjs/core/services/hash'
+import { withAuthFinder } from '@adonisjs/auth/mixins/lucid'
+import User from './user.js'
+
+const AuthFinder = withAuthFinder(() => hash.use('scrypt'), {
+  uids: ['provider', 'providerId'],
+  passwordColumnName: 'password',
+})
+
+export default class Account extends compose(BaseModel, AuthFinder) {
+  @column.dateTime({ autoCreate: true })
+  declare createdAt: DateTime
+
+  @column.dateTime({ autoCreate: true, autoUpdate: true })
+  declare updatedAt: DateTime
+
+  @column()
+  declare provider: 'credentials' | keyof SocialProviders
+
+  @column()
+  declare providerId: string
+
+  @column({ serializeAs: null })
+  declare password: string
+
+  @column()
+  declare user_id: number
+
+  @hasOne(() => User)
+  declare user: HasOne<typeof User>
+}

website/app/models/user.ts

@@ -1,15 +1,7 @@
 import { DateTime } from 'luxon'
-import hash from '@adonisjs/core/services/hash'
-import { compose } from '@adonisjs/core/helpers'
 import { BaseModel, column } from '@adonisjs/lucid/orm'
-import { withAuthFinder } from '@adonisjs/auth/mixins/lucid'
 
-const AuthFinder = withAuthFinder(() => hash.use('scrypt'), {
-  uids: ['email'],
-  passwordColumnName: 'password',
-})
-
-export default class User extends compose(BaseModel, AuthFinder) {
+export default class User extends BaseModel {
   @column({ isPrimary: true })
   declare id: number
 
@@ -19,9 +11,6 @@ export default class User extends compose(BaseModel, AuthFinder) {
   @column()
   declare email: string
 
-  @column({ serializeAs: null })
-  declare password: string
-
   @column.dateTime({ autoCreate: true })
   declare createdAt: DateTime
 

website/app/validators/account.ts

@@ -0,0 +1,13 @@
+import vine from '@vinejs/vine'
+
+vine.convertEmptyStringsToNull = true
+
+export const socialAccountLoginValidator = vine.compile(
+  vine.object({
+    id: vine
+      .string()
+      .parse((value) =>
+        typeof value === 'string' ? value : typeof value === 'number' ? value.toString() : null
+      ),
+  })
+)

website/app/validators/authentication.ts

@@ -0,0 +1,22 @@
+import vine from '@vinejs/vine'
+import { VineValidationError } from '../../types/validation.js'
+
+export const createUserValidator = vine.compile(
+  vine.object({
+    email: vine.string().email(),
+    password: vine.string().minLength(8).confirmed(),
+  })
+)
+
+export const createUserValidatorErrorMessage = (error: VineValidationError) => {
+  const rule = error.messages[0].rule
+
+  switch (rule) {
+    case 'email':
+      return 'E-mail inválido'
+    case 'minLength':
+      return 'Palavra-passe tem de ter no mínimo 8 caratéres'
+    case 'confirmed':
+      return 'Palavras-passe não coincidem'
+  }
+}

website/config/ally.ts

@@ -0,0 +1,28 @@
+import env from '#start/env'
+import { defineConfig, services } from '@adonisjs/ally'
+
+const allyConfig = defineConfig({
+  github: services.github({
+    clientId: env.get('GITHUB_CLIENT_ID'),
+    clientSecret: env.get('GITHUB_CLIENT_SECRET'),
+    callbackUrl: '',
+    scopes: ['user:email'],
+    allowSignup: false,
+  }),
+  google: services.google({
+    clientId: env.get('GOOGLE_CLIENT_ID'),
+    clientSecret: env.get('GOOGLE_CLIENT_SECRET'),
+    callbackUrl: '',
+  }),
+  linkedin: services.linkedin({
+    clientId: env.get('LINKEDIN_CLIENT_ID'),
+    clientSecret: env.get('LINKEDIN_CLIENT_SECRET'),
+    callbackUrl: '',
+  }),
+})
+
+export default allyConfig
+
+declare module '@adonisjs/ally/types' {
+  interface SocialProviders extends InferSocialProviders<typeof allyConfig> {}
+}

website/database/migrations/1734342326224_create_users_table.ts

@@ -8,7 +8,6 @@ export default class extends BaseSchema {
       table.increments('id').notNullable()
       table.string('full_name').nullable()
       table.string('email', 254).notNullable().unique()
-      table.string('password').notNullable()
 
       table.timestamp('created_at').notNullable()
       table.timestamp('updated_at').nullable()

website/database/migrations/1736362099709_create_accounts_table.ts

@@ -0,0 +1,24 @@
+import { BaseSchema } from '@adonisjs/lucid/schema'
+
+export default class extends BaseSchema {
+  protected tableName = 'accounts'
+
+  async up() {
+    this.schema.createTable(this.tableName, (table) => {
+      table.timestamp('created_at')
+      table.timestamp('updated_at')
+
+      table.string('provider').notNullable()
+      table.string('provider_id').notNullable()
+      table.primary(['provider', 'provider_id'])
+
+      table.string('password')
+
+      table.integer('user_id').references('id').inTable('users')
+    })
+  }
+
+  async down() {
+    this.schema.dropTable(this.tableName)
+  }
+}

website/eslint.config.js

@@ -1,2 +1,9 @@
-import { configApp } from '@adonisjs/eslint-config'
-export default configApp()
+import { configApp, RULES_LIST, INCLUDE_LIST, IGNORE_LIST } from '@adonisjs/eslint-config'
+export default configApp({
+    files: [...INCLUDE_LIST, '**/*.tsx'],
+    ignores: [
+        ...IGNORE_LIST.filter(ignore => !ignore.startsWith('resources/')),
+        "inertia/components/ui/**/*"
+    ],
+    rules: RULES_LIST
+})