From f0a83bd333d358f17afb246489bbaf248e7a20eb Mon Sep 17 00:00:00 2001
From: Seth Atwood <seth@strangewindstudio.com>
Date: Thu, 28 Apr 2016 22:51:15 -0400
Subject: [PATCH] feat(auth): handle facebook auth server-side

- install es6-request package
- fix env var names in config
- validate token and get user name and email
- hand name and email to server for JWT generation
---
 package.json          |  1 +
 src/api/auth/index.js | 36 ++++++++++++++++++++++++++++++++++++
 src/config.js         |  4 ++--
 3 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/package.json b/package.json
index e483a79..7ebadcc 100644
--- a/package.json
+++ b/package.json
@@ -40,6 +40,7 @@
     "body-parser": "^1.15.0",
     "cors": "^2.7.1",
     "debug": "^2.2.0",
+    "es6-request": "^1.2.2",
     "express": "^4.13.4",
     "falcor-express": "^0.1.2",
     "falcor-http-datasource": "^0.1.3",
diff --git a/src/api/auth/index.js b/src/api/auth/index.js
index a0340d9..e891a3f 100644
--- a/src/api/auth/index.js
+++ b/src/api/auth/index.js
@@ -44,6 +44,42 @@ export default db => {
           });
         });
         break;
+      case 'facebook':
+        let http = require("es6-request");
+        let access_token = config.oauth.facebook.clientId + "|" + config.oauth.facebook.clientSecret
+
+        http.get( "https://graph.facebook.com/debug_token" )
+        .query({
+          "input_token": token,
+          "access_token": access_token,
+        })
+        .done((response, body) => {
+          let object = JSON.parse(body.toString());
+          if ( object.data.is_valid ) {
+            http.get( "https://graph.facebook.com/v2.5/" + object.data.user_id )
+            .query({
+              "access_token": token,
+              "fields": "email,name",
+            })
+            .done((reply, stuff) => {
+              let me = JSON.parse(stuff.toString());
+              const email = me.email;
+              const name = me.name;
+              findOrCreateUser( db, email, "", "", name )
+              .subscribe( user => {
+                const body = ({
+                  provider,
+                  token: jwt.sign({ provider: 'facebook', email }, jwtSecret, { subject: user._id } ),
+                });
+
+                res.json( body );
+              }, err => {
+                res.status(500).json({ status: 500, message: err })
+              });
+            })
+          }
+        });
+        break;
       default:
         res.status(400).json({ status: 400, message: `Unknown OAuth provider '${provider}'` });
     }
diff --git a/src/config.js b/src/config.js
index dd55010..9bc786c 100644
--- a/src/config.js
+++ b/src/config.js
@@ -15,8 +15,8 @@ export default {
     },
 
     facebook: {
-      clientId: process.env.GOOGLE_CLIENT_ID,
-      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
+      clientId: process.env.FACEBOOK_CLIENT_ID,
+      clientSecret: process.env.FACEBOOK_CLIENT_SECRET,
     },
 
     google: {