feat: implement external identity management with connected accounts feature

NoOne7135 · NoOne7135 · commit 233b930b4aa2 · 2026-05-25T14:24:14.000+03:00
diff --git a/custom/OAuthCallback.vue b/custom/OAuthCallback.vue
@@ -23,6 +23,7 @@
 <script setup>
 import { onMounted, ref } from 'vue';
 import { useUserStore } from '@/stores/user';
+import { useCoreStore } from '@/stores/core';
 import { useRouter, useRoute } from 'vue-router';
 import { callAdminForthApi } from '@/utils';
 import { Spinner, LinkButton } from '@/afcl';
@@ -32,6 +33,7 @@ const { t } = useI18n();
 
 const router = useRouter();
 const userStore = useUserStore();
+const coreStore = useCoreStore();
 const route = useRoute();
 const error = ref(null);
 
@@ -47,14 +49,16 @@ onMounted(async () => {
   if (code && state && redirectUri) {
     const encodedCode = encodeURIComponent(code);
     const encodedState = encodeURIComponent(state);
+    const encodedRedirectUri = encodeURIComponent(redirectUri);
     const response = await callAdminForthApi({
-      path: `/oauth/callback?code=${encodedCode}&state=${encodedState}&redirect_uri=${redirectUri}`,
+      path: `/oauth/callback?code=${encodedCode}&state=${encodedState}&redirect_uri=${encodedRedirectUri}`,
       method: 'POST',
     });
     
     if (response.allowedLogin) {
       await userStore.finishLogin();
     } else if (response.redirectTo) {
+      await coreStore.fetchMenuAndResource();
       router.push(response.redirectTo);
     } else if (response.error) {
       error.value = response.error;
diff --git a/custom/OAuthConnectedAccounts.vue b/custom/OAuthConnectedAccounts.vue
@@ -0,0 +1,201 @@
+<template>
+  <div class="flex flex-col justify-center mr-6 md:mr-12">
+    <h2 class="flex items-start justify-start leading-none text-gray-800 dark:text-gray-50 text-3xl font-semibold">
+      {{ $t('Connected Accounts') }}
+    </h2>
+    <p class="text-sm mt-3">
+      {{ $t('Connect external accounts to your AdminForth user') }}
+    </p>
+
+    <div class="mt-6 flex flex-wrap gap-4">
+      <div
+        v-for="provider in providers"
+        :key="provider.provider"
+        class="flex flex-col w-full lg:w-72 bg-white dark:bg-gray-800 border border-gray-200 dark:border-gray-700 rounded-lg p-4 shadow-sm"
+      >
+        <div class="flex items-center justify-between gap-3 mb-4">
+          <div class="min-w-0 flex items-center gap-3">
+            <div v-html="provider.icon" class="w-6 h-6 shrink-0 dark:text-white" />
+            <div class="min-w-0">
+              <p class="font-semibold text-gray-900 dark:text-white truncate">
+                {{ provider.name }}
+              </p>
+              <p class="text-xs text-gray-500 dark:text-gray-400">
+                {{ provider.connected ? $t('Connected') : $t('Not connected') }}
+              </p>
+            </div>
+          </div>
+          <span
+            class="shrink-0 inline-flex items-center px-2 py-0.5 rounded-full text-xs font-medium"
+            :class="provider.connected
+              ? 'bg-green-100 text-green-800 dark:bg-green-900 dark:text-green-200'
+              : 'bg-gray-100 text-gray-700 dark:bg-gray-700 dark:text-gray-300'"
+          >
+            {{ provider.connected ? $t('Active') : $t('Inactive') }}
+          </span>
+        </div>
+
+        <Button
+          class="w-full mt-auto"
+          :disabled="connectingProvider === provider.provider"
+          :loader="connectingProvider === provider.provider"
+          @click="connectProvider(provider.provider)"
+        >
+          {{ provider.connected ? $t('Connect another') : $t('Connect') }}
+        </Button>
+      </div>
+    </div>
+
+    <div v-if="identities.length" class="mt-6 overflow-hidden border border-gray-200 dark:border-gray-700 rounded-lg">
+      <table class="min-w-full divide-y divide-gray-200 dark:divide-gray-700">
+        <thead class="bg-gray-50 dark:bg-gray-800">
+          <tr>
+            <th class="px-4 py-3 text-left text-xs font-medium uppercase text-gray-500 dark:text-gray-400">
+              {{ $t('Account') }}
+            </th>
+            <th class="px-4 py-3 text-left text-xs font-medium uppercase text-gray-500 dark:text-gray-400">
+              {{ $t('Provider') }}
+            </th>
+            <th class="px-4 py-3 text-left text-xs font-medium uppercase text-gray-500 dark:text-gray-400">
+              {{ $t('Identifier') }}
+            </th>
+            <th class="px-4 py-3 text-right text-xs font-medium uppercase text-gray-500 dark:text-gray-400">
+              {{ $t('Actions') }}
+            </th>
+          </tr>
+        </thead>
+        <tbody class="divide-y divide-gray-200 bg-white dark:divide-gray-700 dark:bg-gray-900">
+          <tr v-for="identity in identities" :key="`${identity.provider}:${identity.subject}`">
+            <td class="px-4 py-3">
+              <div class="flex items-center gap-3">
+                <img
+                  v-if="identity.avatarUrl"
+                  :src="identity.avatarUrl"
+                  class="h-9 w-9 rounded-full object-cover"
+                  alt=""
+                />
+                <div v-else class="h-9 w-9 rounded-full bg-gray-200 dark:bg-gray-700" />
+                <div class="min-w-0">
+                  <p class="truncate font-medium text-gray-900 dark:text-white">
+                    {{ identity.fullName || identity.email || identity.phone || identity.subject }}
+                  </p>
+                  <p v-if="identity.email || identity.phone" class="truncate text-xs text-gray-500 dark:text-gray-400">
+                    {{ identity.email || identity.phone }}
+                  </p>
+                </div>
+              </div>
+            </td>
+            <td class="px-4 py-3">
+              <div class="flex items-center gap-2">
+                <div v-if="identity.providerIcon" v-html="identity.providerIcon" class="h-5 w-5 shrink-0" />
+                <span class="text-sm text-gray-700 dark:text-gray-200">{{ identity.providerName }}</span>
+              </div>
+            </td>
+            <td class="px-4 py-3 text-sm text-gray-500 dark:text-gray-400">
+              {{ identity.subject }}
+            </td>
+            <td class="px-4 py-3 text-right">
+              <button
+                type="button"
+                class="rounded-md border border-red-300 px-3 py-1.5 text-sm font-medium text-red-700 hover:bg-red-50 disabled:pointer-events-none disabled:opacity-50 dark:border-red-700 dark:text-red-300 dark:hover:bg-red-950"
+                :disabled="disconnectingIdentity === identity.id"
+                @click="disconnectIdentity(identity.id)"
+              >
+                {{ disconnectingIdentity === identity.id ? $t('Disconnecting') : $t('Disconnect') }}
+              </button>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+    </div>
+  </div>
+</template>
+
+<script setup lang="ts">
+import { onMounted, ref } from 'vue';
+import { Button } from '@/afcl';
+import { callAdminForthApi } from '@/utils';
+import { useCoreStore } from '@/stores/core';
+
+type OAuthProvider = {
+  provider: string;
+  name: string;
+  icon: string;
+  connected: boolean;
+};
+
+type OAuthIdentity = {
+  id: string;
+  provider: string;
+  providerName: string;
+  providerIcon?: string;
+  subject: string;
+  email?: string | null;
+  phone?: string | null;
+  fullName?: string | null;
+  avatarUrl?: string | null;
+};
+
+const providers = ref<OAuthProvider[]>([]);
+const identities = ref<OAuthIdentity[]>([]);
+const connectingProvider = ref<string | null>(null);
+const disconnectingIdentity = ref<string | null>(null);
+const coreStore = useCoreStore();
+
+onMounted(async () => {
+  await loadProviders();
+});
+
+async function loadProviders() {
+  const response = await callAdminForthApi({
+    method: 'POST',
+    path: '/oauth/external-identities',
+    body: {},
+  });
+
+  providers.value = response.providers;
+  identities.value = response.identities || [];
+}
+
+async function connectProvider(provider: string) {
+  connectingProvider.value = provider;
+
+  try {
+    const response = await callAdminForthApi({
+      method: 'POST',
+      path: '/oauth/external-identity/connect-action',
+      body: {
+        provider,
+        redirectUri: getRedirectUri(),
+      },
+    });
+
+    if (response.action.type === 'url') {
+      window.location.href = response.action.url;
+    }
+  } finally {
+    connectingProvider.value = null;
+  }
+}
+
+async function disconnectIdentity(identityId: string) {
+  disconnectingIdentity.value = identityId;
+
+  try {
+    await callAdminForthApi({
+      method: 'POST',
+      path: '/oauth/external-identity/disconnect',
+      body: { identityId },
+    });
+    await loadProviders();
+  } finally {
+    disconnectingIdentity.value = null;
+  }
+}
+
+function getRedirectUri() {
+  const baseUrl = coreStore.config?.baseUrl || '';
+  const baseUrlSlashed = baseUrl.endsWith('/') ? baseUrl : `${baseUrl}/`;
+  return `${window.location.origin}${baseUrlSlashed}oauth/callback`;
+}
+</script>
diff --git a/externalIdentityStore.ts b/externalIdentityStore.ts
@@ -0,0 +1,163 @@
+import { Filters } from "adminforth";
+import type { IAdminForth } from "adminforth";
+
+export interface ExternalIdentityResourceOptions {
+  resourceId: string;
+  adminUserIdField?: string;
+  providerField?: string;
+  subjectField?: string;
+  emailField?: string;
+  phoneField?: string;
+  fullNameField?: string;
+  avatarUrlField?: string;
+  externalUserIdField?: string;
+  metaField?: string;
+}
+
+export interface OAuthIdentity {
+  provider: string;
+  subject: string;
+  email?: string;
+  phone?: string;
+  meta?: Record<string, any>;
+  fullName?: string;
+  profilePictureUrl?: string | null;
+  externalUserId?: string | number | null;
+}
+
+type OAuthAdapterDisplay = {
+  constructor: { name: string };
+  getName?: () => string;
+  getIcon: () => string;
+};
+
+export class ExternalIdentityStore {
+  private primaryKeyField: string;
+  private adminUserIdField: string;
+  private providerField: string;
+  private subjectField: string;
+  private externalUserIdField: string;
+
+  constructor(
+    private adminforth: IAdminForth,
+    private config: ExternalIdentityResourceOptions,
+  ) {
+    this.primaryKeyField = this.resolvePrimaryKey();
+    this.adminUserIdField = config.adminUserIdField ?? 'adminUserId';
+    this.providerField = config.providerField ?? 'provider';
+    this.subjectField = config.subjectField ?? 'subject';
+    this.externalUserIdField = config.externalUserIdField ?? 'externalUserId';
+  }
+
+  private resource() {
+    return this.adminforth.resource(this.config.resourceId);
+  }
+
+  private resolvePrimaryKey() {
+    const primaryKey = this.adminforth.config.resources
+      .find(resource => resource.resourceId === this.config.resourceId)
+      ?.columns.find(column => column.primaryKey)?.name;
+
+    if (!primaryKey) {
+      throw new Error(`External identity resource "${this.config.resourceId}" has no primary key`);
+    }
+
+    return primaryKey;
+  }
+
+  private identityRecord(adminUserPk: any, identity: OAuthIdentity) {
+    const record: Record<string, any> = {
+      [this.adminUserIdField]: adminUserPk,
+      [this.providerField]: identity.provider,
+      [this.subjectField]: identity.subject,
+    };
+    const fields = [
+      [this.config.emailField, identity.email],
+      [this.config.phoneField, identity.phone],
+      [this.config.fullNameField, identity.fullName],
+      [this.config.avatarUrlField, identity.profilePictureUrl],
+      [this.externalUserIdField, identity.externalUserId],
+      [this.config.metaField, identity.meta],
+    ] as const;
+
+    for (const [field, value] of fields) {
+      if (field && value !== undefined) {
+        record[field] = value;
+      }
+    }
+
+    return record;
+  }
+
+  findByIdentity(identityPayload: OAuthIdentity) {
+    return this.resource().get([
+      Filters.EQ(this.providerField, identityPayload.provider),
+      Filters.EQ(this.subjectField, identityPayload.subject),
+    ]);
+  }
+
+  linkedAdminUserPk(identity: any) {
+    return identity[this.adminUserIdField];
+  }
+
+  async createOrUpdate(adminUserPk: any, identityPayload: OAuthIdentity) {
+    const existingIdentity = await this.findByIdentity(identityPayload);
+    const identityRecord = this.identityRecord(adminUserPk, identityPayload);
+
+    if (existingIdentity) {
+      if (existingIdentity[this.adminUserIdField] !== adminUserPk) {
+        throw new Error('This external account is already connected to another user');
+      }
+      await this.resource().update(
+        existingIdentity[this.primaryKeyField],
+        identityRecord,
+      );
+      return;
+    }
+
+    await this.resource().create(identityRecord);
+  }
+
+  async disconnect(identityId: string, adminUserPk: any) {
+    const identity = await this.resource().get([
+      Filters.EQ(this.primaryKeyField, identityId),
+      Filters.EQ(this.adminUserIdField, adminUserPk),
+    ]);
+
+    if (!identity) {
+      return { error: 'Connected account not found' };
+    }
+
+    await this.resource().delete(identityId);
+    return { ok: true };
+  }
+
+  async connectedAccounts(adminUserPk: any, adapters: OAuthAdapterDisplay[]) {
+    const identities = await this.resource().list(
+      Filters.EQ(this.adminUserIdField, adminUserPk)
+    );
+
+    return {
+      providers: adapters.map((adapter) => ({
+        provider: adapter.constructor.name,
+        name: adapter.getName ? adapter.getName() : adapter.constructor.name,
+        icon: adapter.getIcon(),
+        connected: identities.some((identity) => identity[this.providerField] === adapter.constructor.name),
+      })),
+      identities: identities.map((identity) => {
+        const adapter = adapters.find((adapter) => adapter.constructor.name === identity[this.providerField]);
+        return {
+          id: identity[this.primaryKeyField],
+          provider: identity[this.providerField],
+          providerName: adapter?.getName ? adapter.getName() : identity[this.providerField],
+          providerIcon: adapter?.getIcon(),
+          subject: identity[this.subjectField],
+          email: this.config.emailField ? identity[this.config.emailField] : null,
+          phone: this.config.phoneField ? identity[this.config.phoneField] : null,
+          fullName: this.config.fullNameField ? identity[this.config.fullNameField] : null,
+          avatarUrl: this.config.avatarUrlField ? identity[this.config.avatarUrlField] : null,
+        };
+      }),
+    };
+  }
+}
diff --git a/index.ts b/index.ts
