add zod checks to social auth user field getters (#185)

* add zod checks to social auth * Update setUsername.ts
2025-11-23 19:36:50 +01:00 · 2024-06-21 11:33:25 +02:00
parent 486f851390
commit 3067b5e90a
1 changed files with 45 additions and 9 deletions
--- a/template/app/src/server/auth/setUsername.ts
+++ b/template/app/src/server/auth/setUsername.ts
@@ -1,4 +1,5 @@
 import { defineUserSignupFields } from 'wasp/auth/providers/types';
+import { z } from 'zod';

 const adminEmails = process.env.ADMIN_EMAILS?.split(',') || [];

@@ -8,24 +9,59 @@ export const getEmailUserFields = defineUserSignupFields({
  email: (data: any) => data.email,
 });

-export const getGitHubUserFields = defineUserSignupFields({
-  // NOTE: if we don't want to access users' emails, we can use scope ["user:read"]
-  // instead of ["user"] and access args.profile.username instead
-  email: (data: any) => data.profile.emails[0].email,
-  username: (data: any) => data.profile.login,
-  isAdmin: (data: any) => adminEmails.includes(data.profile.emails[0].email),
+const githubDataSchema = z.object({
+  profile: z.object({
+    emails: z.array(
+      z.object({
+        email: z.string(),
+      })
+    ),
+    login: z.string(),
+  }),
 });

+export const getGitHubUserFields = defineUserSignupFields({
+  email: (data) => {
+    const githubData = githubDataSchema.parse(data);
+    return githubData.profile.emails[0].email;
+  },
+  username: (data) => {
+    const githubData = githubDataSchema.parse(data);
+    return githubData.profile.login;
+  },
+  isAdmin: (data) => {
+    const githubData = githubDataSchema.parse(data);
+    return adminEmails.includes(githubData.profile.emails[0].email);
+  },
+});
+
+// NOTE: if we don't want to access users' emails, we can use scope ["user:read"]
+// instead of ["user"] and access args.profile.username instead
 export function getGitHubAuthConfig() {
  return {
    scopes: ['user'],
  };
 }

+const googleDataSchema = z.object({
+  profile: z.object({
+    email: z.string(),
+  }),
+});
+
 export const getGoogleUserFields = defineUserSignupFields({
-  email: (data: any) => data.profile.email,
-  username: (data: any) => data.profile.name,
-  isAdmin: (data: any) => adminEmails.includes(data.profile.email),
+  email: (data) => {
+    const googleData = googleDataSchema.parse(data);
+    return googleData.profile.email;
+  },
+  username: (data) => {
+    const googleData = googleDataSchema.parse(data);
+    return googleData.profile.email;
+  },
+  isAdmin: (data) => {
+    const googleData = googleDataSchema.parse(data);
+    return adminEmails.includes(googleData.profile.email);
+  },
 });

 export function getGoogleAuthConfig() {