From d8a650bdd3febd702184aaa52cf0a1b4daaeba0b Mon Sep 17 00:00:00 2001
From: "Gu://em_" <guillem.george@epita.fr>
Date: Fri, 15 May 2026 14:08:38 +0200
Subject: [PATCH] auth and redirect utilities

---
 src/utils/auth.js     | 84 ++++++++++++++++++++++++++++++++++++++++---
 src/utils/redirect.js | 32 ++++++++++++++---
 2 files changed, 107 insertions(+), 9 deletions(-)

diff --git a/src/utils/auth.js b/src/utils/auth.js
index 186f41b..55dd72c 100644
--- a/src/utils/auth.js
+++ b/src/utils/auth.js
@@ -1,6 +1,80 @@
-// FIXME: This file should handle the authentication
-// Functions may include:
-// - getToken (exchanges the code for a token)
-// - refreshToken (refreshes the token using the refresh_token)
-// - authenticate (checks if the user is authenticated)
+import * as redirect from "./redirect";
+
+/**
+* @param {string} code the authorization code received from the OIDC
+* provider
+* @returns {boolean} true if the token was fetched, false otherwise
+*/
+async function getToken(code) {
+
+  const endpoint = `${VITE_AUTH_URL}/...`;
+  const formData = {
+    "grant_type": "authorization_code",
+    "code": code,
+    "redirect_uri": redirect.createLink(),
+    "client_id": process.env.VITE_CLIENT_ID
+  }
+  const request = {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded",
+    },
+
+    body: new URLSearchParams(formData)
+  };
+
+  const response = await fetch(endpoint, request)
+  if (!response.ok) {
+    console.error("Failed to retrieve OIDC token")
+    console.debug(response)
+
+    localStorage.clear();
+    redirect.redirectToLoginPage()
+    return false
+  }
+
+  const {
+    // access_token,
+    // token_type,
+    refresh_token,
+    // expires_in,
+    id_token
+  } = response.body
+
+  localStorage.setItem("token", id_token);
+  localStorage.setItem("refresh_token", refresh_token);
+  
+  return true
+}
+
+
+/**
+* @param {string} refreshToken the refresh token (optional)
+* @returns {boolean} whether the token has been refreshed or not
+* @warn NOT IMPLEMENTED
+*/
+// TODO
+// async function refreshToken(refreshToken) {}
+
+/**
+* @returns {boolean} true if the user is authenticated, false otherwise
+*/
+async function authenticate() {
+  const token = localStorage.getItem("token");
+  if (token !== null)
+    return true;
+  const refresh_token = localStorage.getItem("refresh_token");
+  if (refresh_token !== null)
+    return true;
+
+  redirect.redirectToLoginPage();
+  return false;
+}
+
+// FIXME
+// missing functions:
 // - authedAPIRequest (makes an authenticated request to the API)
+
+module.exports = {
+
+}
diff --git a/src/utils/redirect.js b/src/utils/redirect.js
index 1022c49..81dce43 100644
--- a/src/utils/redirect.js
+++ b/src/utils/redirect.js
@@ -1,4 +1,28 @@
-// FIXME: This file should handle the redirection to the AUTH URL
-// Functions may include:
-// - createLink (construct and return the URL to redirect the user to the login page)
-// - redirectToLoginPage (redirect the user to the Forge ID login page)
+/**
+* @returns {URL} the URL to redirect the user to the login page.
+*/
+function createLink() {
+  const params = new URLSearchParams({
+    client_id: process.env.VITE_CLIENT_ID,
+    response_type: "code",
+    redirect_uri: process.env.VITE_URL,
+    scope: "epita profile picture"
+  });
+
+  const base_url = process.env.VITE_AUTH_URL
+  return `${base_url}/authorize?${params}`
+
+}
+
+/**
+* @returns {void}
+*/
+function redirectToLoginPage() {
+  const redirectUrl = createLink();
+  window.location.href = redirectUrl;
+}
+
+export {
+  createLink,
+  redirectToLoginPage
+}