feat: implement OAuth login with Google and Discord\n\nImplements OAuth 2.0 authentication with Discord and Google to simplify and speed up user access to Puter. This feature provides a seamless alternative to traditional registration, improving both user experience and security.\n\nChanges include:\n- Added OAuth configuration to backend config\n- Created OAuth service and router endpoints\n- Updated database schema to store OAuth user data\n- Added OAuth buttons to login and signup UI\n- Added OAuth provider icons\n\nResolves #1220\n\nai: true

Author: KernelDeimos

package.json

@@ -51,6 +51,9 @@
     "javascript-time-ago": "^2.5.11",
     "json-colorizer": "^3.0.1",
     "open": "^10.1.0",
+    "passport": "^0.7.0",
+    "passport-discord": "^0.1.4",
+    "passport-google-oauth20": "^2.0.0",
     "sharp": "^0.33.5",
     "sharp-bmp": "^0.1.5",
     "sharp-ico": "^0.1.5",

src/backend/src/boot/default_config.js

@@ -26,6 +26,30 @@ module.exports = {
     protocol: 'http',
     contact_email: '[email protected]',
 
+    // OAuth configuration
+    oauth: {
+        // Enable/disable OAuth providers
+        enabled: true,
+        
+        // Google OAuth configuration
+        google: {
+            enabled: false, // Set to true to enable Google OAuth
+            clientID: 'YOUR_GOOGLE_CLIENT_ID',
+            clientSecret: 'YOUR_GOOGLE_CLIENT_SECRET',
+            callbackURL: '/auth/google/callback',
+            scope: ['profile', 'email']
+        },
+        
+        // Discord OAuth configuration
+        discord: {
+            enabled: false, // Set to true to enable Discord OAuth
+            clientID: 'YOUR_DISCORD_CLIENT_ID',
+            clientSecret: 'YOUR_DISCORD_CLIENT_SECRET',
+            callbackURL: '/auth/discord/callback',
+            scope: ['identify', 'email']
+        }
+    },
+
     services: {
         database: {
             engine: 'sqlite',

src/backend/src/migrations/oauth_users.js

@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2024-present Puter Technologies Inc.
+ *
+ * This file is part of Puter.
+ *
+ * Puter is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published
+ * by the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+/**
+ * Migration to add OAuth-related fields to the user table
+ */
+module.exports = {
+    /**
+     * Apply the migration
+     * @param {Object} db - Database connection
+     */
+    async up(db) {
+        await db.write(`
+            ALTER TABLE user
+            ADD COLUMN oauth_provider VARCHAR(50) NULL,
+            ADD COLUMN oauth_id VARCHAR(255) NULL,
+            ADD COLUMN oauth_data TEXT NULL,
+            ADD INDEX idx_oauth_provider_id (oauth_provider, oauth_id)
+        `);
+    },
+
+    /**
+     * Undo the migration
+     * @param {Object} db - Database connection
+     */
+    async down(db) {
+        await db.write(`
+            ALTER TABLE user
+            DROP COLUMN oauth_provider,
+            DROP COLUMN oauth_id,
+            DROP COLUMN oauth_data,
+            DROP INDEX idx_oauth_provider_id
+        `);
+    }
+};

src/backend/src/routers/auth/oauth.js

@@ -0,0 +1,105 @@
+/*
+ * Copyright (C) 2024-present Puter Technologies Inc.
+ *
+ * This file is part of Puter.
+ *
+ * Puter is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published
+ * by the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+"use strict";
+
+const express = require('express');
+const router = new express.Router();
+const passport = require('passport');
+const config = require('../../config');
+const { get_taskbar_items } = require('../../helpers');
+const { Context } = require('../../util/context');
+
+// Helper function to handle OAuth callback
+const handleOAuthCallback = async (req, res) => {
+    if (!req.user) {
+        return res.redirect('/login?error=oauth_failed');
+    }
+
+    try {
+        const svc_oauth = req.services.get('oauth');
+        const { token, user } = await svc_oauth.createOAuthSession(req.user, { req });
+
+        // Set cookie
+        res.cookie(config.cookie_name, token, {
+            sameSite: 'none',
+            secure: true,
+            httpOnly: true,
+        });
+
+        // Redirect to success page or main app
+        return res.redirect('/');
+    } catch (error) {
+        console.error('OAuth callback error:', error);
+        return res.redirect('/login?error=oauth_session_failed');
+    }
+};
+
+// Only enable OAuth routes if OAuth is enabled in config
+if (config.oauth?.enabled) {
+    // Google OAuth routes
+    if (config.oauth?.google?.enabled) {
+        router.get('/auth/google', passport.authenticate('google', {
+            scope: config.oauth.google.scope
+        }));
+
+        router.get('/auth/google/callback', 
+            passport.authenticate('google', { 
+                failureRedirect: '/login?error=google_auth_failed',
+                session: false
+            }),
+            handleOAuthCallback
+        );
+    }
+
+    // Discord OAuth routes
+    if (config.oauth?.discord?.enabled) {
+        router.get('/auth/discord', passport.authenticate('discord', {
+            scope: config.oauth.discord.scope
+        }));
+
+        router.get('/auth/discord/callback',
+            passport.authenticate('discord', {
+                failureRedirect: '/login?error=discord_auth_failed',
+                session: false
+            }),
+            handleOAuthCallback
+        );
+    }
+
+    // Route to get current OAuth providers status
+    router.get('/oauth/providers', (req, res) => {
+        const providers = {};
+
+        if (config.oauth?.google?.enabled) {
+            providers.google = true;
+        }
+
+        if (config.oauth?.discord?.enabled) {
+            providers.discord = true;
+        }
+
+        if (config.oauth?.github?.enabled) {
+            providers.github = true;
+        }
+
+        return res.json({ providers });
+    });
+}
+
+module.exports = router;

src/backend/src/services/OAuthAPIService.js

@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2024-present Puter Technologies Inc.
+ *
+ * This file is part of Puter.
+ *
+ * Puter is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published
+ * by the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+"use strict";
+const BaseService = require("./BaseService");
+const passport = require('passport');
+
+/**
+ * @class OAuthAPIService
+ * @extends BaseService
+ * 
+ * The OAuthAPIService class is responsible for integrating OAuth authentication routes
+ * into the web server for the Puter application. It registers the necessary middleware
+ * and routes for OAuth authentication with various providers.
+ */
+class OAuthAPIService extends BaseService {
+    /**
+     * Sets up the routes for OAuth authentication.
+     * This method registers various OAuth endpoints with the web server.
+     */
+    async ['__on_install.routes'] () {
+        const { app } = this.services.get('web-server');
+        
+        // Only register OAuth routes if OAuth is enabled
+        if (this.global_config.oauth?.enabled) {
+            // Initialize Passport middleware
+            app.use(passport.initialize());
+            
+            // Register OAuth router
+            app.use(require('../routers/auth/oauth'));
+            
+            this.log.info('OAuth API routes registered');
+        }
+    }
+
+    /**
+     * Initialize the OAuth API service
+     */
+    async _init() {
+        if (this.global_config.oauth?.enabled) {
+            this.log.info('OAuth API service initialized');
+        }
+    }
+}
+
+module.exports = OAuthAPIService;

src/backend/src/services/PuterAPIService.js

@@ -54,6 +54,13 @@ class PuterAPIService extends BaseService {
         app.use(require('../routers/auth/create-access-token'))
         app.use(require('../routers/auth/delete-own-user'))
         app.use(require('../routers/auth/configure-2fa'))
+        
+        // OAuth routes (only active if OAuth is enabled in config)
+        if (this.global_config.oauth?.enabled) {
+            const passport = require('passport');
+            app.use(passport.initialize());
+            app.use(require('../routers/auth/oauth'))
+        }
         app.use(require('../routers/drivers/call'))
         app.use(require('../routers/drivers/list-interfaces'))
         app.use(require('../routers/drivers/usage'))