seperate Cognito auth logic

SwiftPackageIndex · Nov 27, 2024 · dfc3ebd · dfc3ebd
1 parent 9e75369
commit dfc3ebd
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 11 deletions.
diff --git a/Sources/App/Controllers/Manage/Cognito.swift b/Sources/App/Controllers/Manage/Cognito.swift
@@ -0,0 +1,28 @@
+import Vapor
+import SotoCognitoAuthentication
+import SotoCognitoIdentityProvider
+import SotoCognitoIdentity
+
+struct Cognito {
+    @Sendable
+    static func authenticate(req: Request, username: String, password: String) async throws {
+        let awsClient = AWSClient(httpClientProvider: .shared(req.application.http.client.shared))
+        let awsCognitoConfiguration = CognitoConfiguration(
+            userPoolId: Environment.get("POOL_ID")!,
+            clientId: Environment.get("CLIENT_ID")!,
+            clientSecret: Environment.get("CLIENT_SECRET")!,
+            cognitoIDP: CognitoIdentityProvider(client: awsClient, region: .useast2),
+            adminClient: true
+        )
+        req.application.cognito.authenticatable = CognitoAuthenticatable(configuration: awsCognitoConfiguration)
+        let response = try await req.application.cognito.authenticatable.authenticate(username: username, password: password)
+        switch response {
+        case .authenticated(let authenticatedResponse):
+            let user = AuthenticatedUser(accessToken: authenticatedResponse.accessToken!, refreshToken: authenticatedResponse.refreshToken!)
+            req.auth.login(user)
+        case .challenged(let challengedResponse): // TODO: handle challenge
+            break
+        }
+        try awsClient.syncShutdown()
+    }
+}
diff --git a/Sources/App/Controllers/Manage/LoginController.swift b/Sources/App/Controllers/Manage/LoginController.swift
@@ -18,21 +18,12 @@ enum LoginController {
             var email: String
             var password: String
         }
-        let user = try req.content.decode(UserCreds.self)
-
         do {
-            let response = try await req.application.cognito.authenticatable.authenticate(username: user.email, password: user.password, context: req)
-            switch response {
-            case .authenticated(let authenticatedResponse):
-                let user = AuthenticatedUser(accessToken: authenticatedResponse.accessToken!, refreshToken: authenticatedResponse.refreshToken!)
-                req.auth.login(user)
-            case .challenged(let challengedResponse): // TODO: handle challenge
-                break
-            }
+            let user = try req.content.decode(UserCreds.self)
+            try await Cognito.authenticate(req: req, username: user.email, password: user.password)
             return req.redirect(to: SiteURL.portal.relativeURL(), redirectType: .normal)
         } catch let error as SotoCognitoError {
             var model = Login.Model(errorMessage: "There was an error. Please try again.")
-
             switch error {
             case .unauthorized(let reason):
                 model = Login.Model(errorMessage: reason ?? "There was an error. Please try again.")