Spaces:
Running
on
CPU Upgrade
Running
on
CPU Upgrade
File size: 3,801 Bytes
f555806 896bebc f555806 56abe7f f555806 b65933f f555806 896bebc b65933f f555806 b65933f 896bebc b65933f f555806 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 |
import { NextRequest, NextResponse } from 'next/server';
import { cookies } from 'next/headers';
const TOKEN_ENDPOINT = 'https://huggingface.co/oauth/token';
const USERINFO_ENDPOINT = 'https://huggingface.co/oauth/userinfo';
const STATE_COOKIE = 'hf_oauth_state';
function htmlResponse(script: string) {
return new NextResponse(
`<!DOCTYPE html><html><body><script>${script}</script></body></html>`,
{
headers: { 'Content-Type': 'text/html; charset=utf-8' },
},
);
}
export async function GET(request: NextRequest) {
const clientId = process.env.HF_OAUTH_CLIENT_ID || process.env.NEXT_PUBLIC_HF_OAUTH_CLIENT_ID;
const clientSecret = process.env.HF_OAUTH_CLIENT_SECRET;
if (!clientId || !clientSecret) {
return NextResponse.json({ error: 'OAuth application is not configured' }, { status: 500 });
}
const { searchParams } = new URL(request.url);
const code = searchParams.get('code');
const incomingState = searchParams.get('state');
const cookieStore = cookies();
const storedState = cookieStore.get(STATE_COOKIE)?.value;
cookieStore.delete(STATE_COOKIE);
const origin = request.nextUrl.origin;
if (!code || !incomingState || !storedState || incomingState !== storedState) {
const script = `
window.opener && window.opener.postMessage({
type: 'HF_OAUTH_ERROR',
payload: { message: 'Invalid or expired OAuth state.' }
}, '${origin}');
setTimeout(function() { window.close(); }, 100);
`;
return htmlResponse(script.trim());
}
const redirectUri = process.env.HF_OAUTH_REDIRECT_URI || process.env.NEXT_PUBLIC_HF_OAUTH_REDIRECT_URI || `${origin}/api/auth/hf/callback`;
try {
const tokenResponse = await fetch(TOKEN_ENDPOINT, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: new URLSearchParams({
grant_type: 'authorization_code',
code,
redirect_uri: redirectUri,
client_id: clientId,
client_secret: clientSecret,
}),
});
if (!tokenResponse.ok) {
const errorPayload = await tokenResponse.json().catch(() => ({}));
throw new Error(errorPayload?.error_description || 'Failed to exchange code for token');
}
const tokenData = await tokenResponse.json();
const accessToken = tokenData?.access_token;
if (!accessToken) {
throw new Error('Access token missing in response');
}
const userResponse = await fetch(USERINFO_ENDPOINT, {
headers: {
Authorization: `Bearer ${accessToken}`,
},
});
if (!userResponse.ok) {
throw new Error('Failed to fetch user info');
}
const profile = await userResponse.json();
const namespace = profile?.preferred_username || profile?.name || 'user';
const script = `
(function() {
const target = window.opener || window.parent || window;
if (target) {
target.postMessage({
type: 'HF_OAUTH_SUCCESS',
payload: {
token: ${JSON.stringify(accessToken)},
namespace: ${JSON.stringify(namespace)},
}
}, '${origin}');
}
setTimeout(function() { window.close(); }, 100);
})();
`;
return htmlResponse(script.trim());
} catch (error: any) {
const message = error?.message || 'OAuth flow failed';
const script = `
(function() {
const target = window.opener || window.parent || window;
if (target) {
target.postMessage({
type: 'HF_OAUTH_ERROR',
payload: { message: ${JSON.stringify(message)} }
}, '${origin}');
}
setTimeout(function() { window.close(); }, 100);
})();
`;
return htmlResponse(script.trim());
}
}
|