nits

pages/repos/add.vue

@@ -15,6 +15,11 @@
   </div>
 
   <div v-else class="mx-auto flex flex-col items-center max-w-2xl">
+    <div v-if="selectedForge">
+      <span class="text-xl font-bold">{{ selectedForge?.name }} - {{ selectedForge.host }}</span>
+      <div @click="selectedForgeId = undefined">x</div>
+    </div>
+
     <TextInput
       :model-value="search"
       placeholder="Search for a repo ..."
@@ -40,7 +45,11 @@
 <script setup lang="ts">
 const loading = ref(false);
 const { user } = useAuth();
+const { data: forges } = await useFetch('/api/user/forges', {
+  server: false,
+});
 const selectedForgeId = ref<number>();
+const selectedForge = computed(() => forges.value?.find((f) => f.id === selectedForgeId.value));
 
 const search = ref(`user:${user.value?.login}`);
 const { data: repositories } = await useAsyncData(
@@ -57,10 +66,6 @@ const { data: repositories } = await useAsyncData(
   },
 );
 
-const { data: forges } = await useFetch('/api/user/forges', {
-  server: false,
-});
-
 function debounce<T extends Function>(cb: T, wait = 20) {
   let h = 0;
   let callable = (...args: any) => {

server/api/forges/[forge_id]/search.get.ts

@@ -19,6 +19,11 @@ export default defineEventHandler(async (event) => {
     });
   }
 
+  const user = await getUserFromCookie(event);
+  if (!user) {
+    throw new Error('User not found');
+  }
+
   const search = ((getQuery(event)?.search as string | undefined) || '').trim();
 
   const config = useRuntimeConfig();
@@ -31,11 +36,6 @@ export default defineEventHandler(async (event) => {
     .filter((dirent) => dirent.isDirectory())
     .map((dirent) => dirent.name);
 
-  const user = await getUserFromCookie(event);
-  if (!user) {
-    throw new Error('User not found');
-  }
-
   const forge = await getUserForgeAPI(user, parseInt(forgeId, 10));
 
   const userRepos = await forge.getRepos(search);

server/api/forges/index.get.ts

@@ -3,5 +3,7 @@ import { forgeSchema } from '../../schemas';
 
 export default defineEventHandler(async (event) => {
   const forges = await db.select().from(forgeSchema).where(eq(forgeSchema.allowLogin, true)).all();
-  return forges;
+
+  // use map to hide client id and secret
+  return forges.map((forge) => ({ id: forge.id, name: forge.name, host: forge.host, type: forge.type }));
 });

server/forges/index.ts

@@ -1,11 +1,10 @@
-import { H3Event } from 'h3';
 import { Gitlab } from './gitlab';
 import { Forge as ForgeModel } from '../schemas';
 import { Github } from './github';
 import { Credentials, Forge, ForgeUser, Repo, Tokens, UserWithTokens } from './types';
-import jwt from 'jsonwebtoken'; // TODO: fix type
+import jwtDecode from 'jwt-decode';
 
-const jwtSecret = '123'; // TODO: load from nuxt settings
+const jwtSecret = '123456789'; // TODO: move to nuxt settings
 
 class ForgeApi {
   private user: UserWithTokens;
@@ -16,23 +15,13 @@ class ForgeApi {
     this.forge = forge;
   }
 
-  private async verifyJWT<T>(token: string, secret: string): Promise<T> {
-    return new Promise<T>((resolve, reject) => {
-      jwt.verify(token, secret, (err, decoded) => {
-        if (err) {
-          reject(err);
-        } else {
-          resolve(decoded);
-        }
-      });
-    });
-  }
-
   private async refreshTokenIfNeeded(user: UserWithTokens): Promise<Tokens> {
-    const decoded = await this.verifyJWT<{ exp: number }>(user.tokens.accessToken, jwtSecret);
+    const decoded = await jwtDecode<{ exp: number }>(user.tokens.accessToken);
     if (decoded.exp * 1000 > Date.now()) {
       return user.tokens;
     }
+
+    // refresh token
     const newTokens = await this.forge.refreshToken(user.tokens.refreshToken);
     user.tokens = newTokens;
 

server/utils/auth.ts

@@ -51,5 +51,7 @@ export async function getUserForgeAPI(user: User, forgeId: number) {
     refreshToken: userForge.refreshToken,
   };
 
+  console.log('tokens', tokens); // TODO: check tokens
+
   return getForgeApiFromDB({ ...user, tokens }, forgeModel);
 }