initial setup

.github/workflows/deploy.yml

@@ -0,0 +1,17 @@
+name: Deploy to cloudflare worker
+"on":
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    name: Deploy
+    steps:
+      - uses: actions/checkout@v3
+      - name: Publish
+        uses: cloudflare/wrangler-action@v3
+        with:
+          apiToken: ${{ secrets.CF_API_TOKEN }}

.gitignore

@@ -0,0 +1,4 @@
+.dev.vars
+.wrangler
+
+/node_modules

README.md

@@ -0,0 +1,3 @@
+# decap-cms-github-oauth-api-cloudflare-worker
+
+A github oauth authentication gateway for Decap CMS login, runnable as a cloudflare worker

decap-cms-login-script.js

@@ -0,0 +1,23 @@
+// Original version – https://github.com/vencax/netlify-cms-github-oauth-provider/blob/master/login_script.js
+export default function (token) {
+  return `<script>
+(function() {
+  function receiveMessage(e) {
+    console.log("receiveMessage %o", e)
+
+    // send message to the main window
+    window.opener.postMessage(
+      'authorization:github:success:${JSON.stringify({
+        provider: 'github',
+        token,
+      })}',
+      e.origin
+    )
+  }
+  window.addEventListener("message", receiveMessage, false)
+  // Start handshake with parent
+  console.log("Sending message: %o", "github")
+  window.opener.postMessage("authorizing:github", "*")
+})()
+</script>`;
+}

index.ts

@@ -0,0 +1,53 @@
+import decapCMSLoginScript from './decap-cms-login-script';
+
+addEventListener('fetch', (event: any) => {
+  event.respondWith(handle(event.request));
+});
+
+// Inserted as secrets to the worker
+// @ts-ignore
+const client_id = CLIENT_ID;
+// @ts-ignore
+const client_secret = CLIENT_SECRET;
+
+async function handle(request: Request) {
+  const { pathname, searchParams: params } = new URL(request.url);
+
+  switch (pathname) {
+    case '/auth':
+      return redirectToAuthFlow();
+
+    case '/callback':
+      return await fetchAccessToken(params);
+  }
+}
+
+async function fetchAccessToken(requestParams: URLSearchParams) {
+  const code = requestParams.get('code');
+
+  const response = await fetch('https://github.com/login/oauth/access_token', {
+    method: 'POST',
+    headers: {
+      'content-type': 'application/json',
+      'user-agent': 'decap-cms-github-oauth-api-cloudflare',
+      accept: 'application/json',
+    },
+    body: JSON.stringify({ client_id, client_secret, code }),
+  }).then((res) => res.json());
+
+  const loginResponse = decapCMSLoginScript(response.access_token);
+
+  return new Response(loginResponse, {
+    status: 201,
+    headers: {
+      'Content-Type': 'text/html;charset=UTF-8',
+    },
+  });
+}
+
+function redirectToAuthFlow() {
+  return Response.redirect(
+    `https://github.com/login/oauth/authorize?client_id=${client_id}`,
+    302
+  );
+}

package.json

@@ -0,0 +1,9 @@
+{
+  "name": "decap-cms-github-oauth-api-cloudflare-worker",
+  "version": "1.0.0",
+  "private": true,
+  "description": "Github login gateway for use with Decap CMS, configured for Cloudflare Worker environment",
+  "main": "index.ts",
+  "author": "Ott Martens",
+  "repository": "github:ottmartens/decap-cms-github-oauth-api-cloudflare"
+}

wrangler.toml

@@ -0,0 +1,7 @@
+name = "decap-cms-github-oauth-api"
+main = "index.ts"
+
+compatibility_date = "2023-11-11"
+
+account_id = "c192ee4c911d964935f8f53ac8399ae9"
+workers_dev = true