Removed hard dependency on discord ID for auth system

api/src/db.ts

@@ -12,7 +12,7 @@ const pool = mariadb.createPool({
     connectionLimit: 5,
     connectTimeout: 10000,        // give it more breathing room
     acquireTimeout: 15000,
-    database: process.env.DB_PASSWORD,
+    database: process.env.DB_DATABASE,
     ssl: false,
 });
 

api/src/routes/auth.ts

@@ -46,32 +46,35 @@ passport.use(new OpenIDConnectStrategy({
 
         //lookup existing user
         const existing = await con.query(`SELECT id FROM members WHERE authentik_issuer = ? AND authentik_sub = ? LIMIT 1;`, [issuer, sub]);
-        let memberId: number;
+        let memberId: number | null = null;
         //if member exists
         if (existing.length > 0) {
             memberId = existing[0].id;
         } else {
-            //otherwise: create account
+            //otherwise: create account mode
             const jwt = parseJwt(jwtClaims);
-            const discordID = jwt.discord.id as number;
+            const discordID = jwt.discord?.id as number;
 
             //check if account is available to claim
-            memberId = await mapDiscordtoID(discordID);
+            if (discordID)
+                memberId = await mapDiscordtoID(discordID);
 
-            if (memberId === null) {
-                // create new account
+            if (discordID && memberId) {
+                // claim account
+                console.log("Claiming account");
+                const result = await con.query(
+                    `UPDATE members SET authentik_sub = ?, authentik_issuer = ? WHERE id = ?;`,
+                    [sub, issuer, memberId]
+                )
+            } else {
+                console.log("New Account");
+                // new account
                 const username = sub.username;
                 const result = await con.query(
                     `INSERT INTO members (name, authentik_sub, authentik_issuer) VALUES (?, ?, ?)`,
                     [username, sub, issuer]
                 )
                 memberId = Number(result.insertId);
-            } else {
-                // claim existing account
-                const result = await con.query(
-                    `UPDATE members SET authentik_sub = ?, authentik_issuer = ? WHERE id = ?;`,
-                    [sub, issuer, memberId]
-                )
             }
         }
 
@@ -115,11 +118,24 @@ router.get('/callback', (req, res, next) => {
 router.get('/logout', [requireLogin], function (req, res, next) {
     req.logout(function (err) {
         if (err) { return next(err); }
-        var params = {
-            client_id: process.env.AUTH_CLIENT_ID,
-            returnTo: process.env.CLIENT_URL
-        };
-        res.redirect(process.env.AUTH_END_SESSION_URI + '?' + querystring.stringify(params));
+
+        req.session.destroy((err) => {
+            if (err) { return next(err); }
+
+            res.clearCookie('connect.sid', {
+                path: '/',
+                domain: process.env.CLIENT_DOMAIN,
+                httpOnly: true,
+                sameSite: 'lax'
+            });
+
+            var params = {
+                client_id: process.env.AUTH_CLIENT_ID,
+                returnTo: process.env.CLIENT_URL
+            };
+            res.redirect(process.env.AUTH_END_SESSION_URI + '?' + querystring.stringify(params));
+
+        })
     });
 });