Hugging Face's logo

Spaces:
drbh
/
hugex-gh
Running

App Files Community
hugex-gh
File size: 2,350 Bytes 
dc06026
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
import { redirect } from "@remix-run/node";
import type { LoaderFunctionArgs } from "@remix-run/node";
import { huggingFaceOAuth } from "~/lib/huggingface-oauth.server";
import { generateRandomString, createCodeChallenge } from "~/lib/oauth-utils.server";
import { getUserSession } from "~/lib/session.server";

export async function loader({ request }: LoaderFunctionArgs) {
  console.log('πŸ”₯ HuggingFace OAuth login route hit');

  // Check if HuggingFace OAuth is configured
  if (!huggingFaceOAuth.isConfigured()) {
    console.error('❌ HuggingFace OAuth not configured');
    return redirect('/?error=hf_oauth_not_configured');
  }

  const url = new URL(request.url);
  const returnTo = url.searchParams.get('returnTo') || '/';

  // Check for existing user session to see if account linking is in progress
  const userSession = await getUserSession(request);
  if (userSession?.huggingface) {
    console.log('ℹ️ User already has HuggingFace auth in session');
    
    // Check if this is an account linking flow
    if (returnTo.includes('link=true')) {
      console.log('πŸ”„ Re-authenticating for account linking purposes');
    } else {
      // Already authenticated with HF, redirect to return URL
      console.log('βœ… Already authenticated with HuggingFace, redirecting');
      return redirect(returnTo);
    }
  }

  // Generate PKCE parameters for security
  const state = generateRandomString(32);
  const codeVerifier = generateRandomString(128);
  const codeChallenge = await createCodeChallenge(codeVerifier);

  // Get authorization URL
  const authUrl = huggingFaceOAuth.getAuthorizationUrl(state, codeChallenge);

  console.log('πŸ”„ Redirecting to HuggingFace OAuth authorization URL');

  // Create response with redirect and secure cookies for PKCE
  const response = redirect(authUrl);

  // Store PKCE data and return URL in secure HttpOnly cookies
  const cookieOptions = 'Path=/; HttpOnly; SameSite=Lax; Max-Age=600'; // 10 minutes

  response.headers.append('Set-Cookie', `hf_oauth_state=${state}; ${cookieOptions}`);
  response.headers.append('Set-Cookie', `hf_oauth_code_verifier=${codeVerifier}; ${cookieOptions}`);
  response.headers.append('Set-Cookie', `hf_oauth_return_to=${encodeURIComponent(returnTo)}; ${cookieOptions}`);

  console.log('βœ… HuggingFace OAuth cookies set');

  return response;
}