feat: add Google authentication integration with new identity services

[Abdul-Hadi-Waseem]

• Implemented a new HTML page for Google authentication testing.
• Updated configuration service to include Google client ID and secret.
• Refactored auth controller to handle Google token verification.
• Modified auth router to support Google token verification endpoint.
• Enhanced auth schema to validate Google ID tokens.
• Updated auth service to verify Google tokens and create or update users.
• Improved utility functions for handling Google authentication.

[gemini-code-assist]

Hello @Abdul-Hadi-Waseem, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

Summary of Changes

Hello team,

gemini-code-assist here with a summary of this pull request from @Abdul-Hadi-Waseem. This PR introduces Google authentication integration using Google's newer Identity Services API. This approach leverages client-side token generation and backend verification of ID tokens, moving away from the older OAuth 2.0 redirect flow. The changes include adding a test HTML page, updating configuration, refactoring the authentication controller and service to handle ID token verification, modifying the auth router to include a new endpoint for this flow, and updating the authentication schema for validation. Dependency updates for Google authentication libraries are also included, along with minor adjustments to development environment configurations.

Highlights

• Google Identity Services Integration: Adds support for Google authentication using the modern Google Identity Services (GSI) flow, which relies on ID token verification on the backend.
• New Authentication Endpoint: Introduces a new POST endpoint (/auth/google/token) to receive and verify the Google ID token sent from the frontend.
• Frontend Test Page: Includes a dedicated HTML page (public/google-auth-test.html) to demonstrate and test the Google Identity Services integration from the client side.
• Backend Logic Updates: Refactors the authentication controller and service to remove the old OAuth 2.0 redirect/callback flow and implement the ID token verification logic using the google-auth-library.
• Configuration and Dependency Updates: Updates environment variables, Docker Compose ports for development databases, and adds the necessary google-auth-library dependency.
• Documentation: Adds a markdown file (GoogleAuth.md) explaining the new Google Identity Services implementation and its differences from the older OAuth 2.0 flow.

Changelog

Click here to see the changelog

• .env.development
  • Updated REDIS_URL port from 6380 to 6388.
  • Updated MONGO_DATABASE_URL port from 27017 to 27028.
• .env.sample
  • Removed GOOGLE_CLIENT_SECRET and GOOGLE_REDIRECT_URI as they are not required for the new GSI ID token flow.
• GoogleAuth.md
  • Added a new file providing a guide for implementing Google Authentication using Google Identity Services, including overview, prerequisites, environment variables, implementation steps, security considerations, troubleshooting, and references.
• docker-compose.yml
  • Mapped Mongo container port 27017 to host port 27028.
  • Mapped Redis container port 6379 to host port 6388.
• package.json
  • Added google-auth-library dependency (v9.15.1).
• pnpm-lock.yaml
  • Updated lock file to include google-auth-library and its transitive dependencies (agent-base, bignumber.js, extend, gaxios, gcp-metadata, google-logging-utils, gtoken, https-proxy-agent, is-stream, json-bigint, [email protected], [email protected]).
• public/google-auth-test.html
  • Added a new HTML file with basic styling and JavaScript to test the Google Identity Services sign-in flow and send the ID token to the backend.
• src/config/config.service.ts
  • Removed GOOGLE_CLIENT_SECRET and GOOGLE_REDIRECT_URI from the Zod schema validation.
• src/modules/auth/auth.controller.ts
  • Removed handleGoogleLogin and handleGoogleCallback functions (old OAuth flow).
  • Added handleGoogleTokenVerification function to process the ID token received from the frontend.
• src/modules/auth/auth.router.ts
  • Removed GET routes for /google and /google/callback.
  • Added a POST route /google/token for the new ID token verification endpoint, using the googleTokenVerificationSchema for validation and handleGoogleTokenVerification controller.
• src/modules/auth/auth.schema.ts
  • Added googleTokenVerificationSchema to validate the incoming Google ID token string.
  • Exported GoogleTokenVerificationSchemaType.
• src/modules/auth/auth.service.ts
  • Removed fetchGoogleTokens and getUserInfo functions (old OAuth flow).
  • Added verifyGoogleIdToken function using google-auth-library to validate the ID token and extract user information.
  • Updated verifyGoogleToken (formerly googleLogin) to use verifyGoogleIdToken, handle user creation/update based on email, and generate a JWT for the authenticated user.
• src/utils/auth.utils.ts
  • Imported OAuth2Client from google-auth-library.
  • Initialized OAuth2Client with config.GOOGLE_CLIENT_ID.
  • Removed fetchGoogleTokens and getUserInfo functions.
  • Added verifyGoogleIdToken function to verify the Google ID token against the configured client ID and return relevant payload information.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

A token arrives,
Backend checks if it's true,
User is signed in.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

The pull request introduces Google authentication integration using Google Identity Services. The implementation includes frontend changes, backend logic, and database modifications. Overall, the changes seem well-structured and follow best practices. However, there are a few areas that could be improved for better security, maintainability, and clarity.

Summary of Findings

• Security: Sensitive Data Logging: The ID token is logged in src/utils/auth.utils.ts. Ensure this is disabled or masked in production environments to prevent security breaches.
• Error Handling: Google Token Verification: Add error handling around the verifyGoogleToken function call in src/modules/auth/auth.controller.ts to prevent application crashes.
• Configuration: Password Length: Make the password length configurable via an environment variable in src/modules/auth/auth.service.ts for better flexibility.

Merge Readiness

The pull request introduces Google authentication integration, which is a valuable addition. However, there are a few security and error handling concerns that should be addressed before merging. Specifically, ensure that sensitive data logging is disabled in production and that proper error handling is implemented for Google token verification. I am unable to approve this pull request, and recommend that others review and approve this code before merging.

[gemini-code-assist]

The GOOGLE_CLIENT_SECRET and GOOGLE_REDIRECT_URI variables have been removed. Ensure that the application logic no longer relies on these variables. If they are still needed, consider alternative methods for securely storing and accessing them.

[gemini-code-assist]

Logging the ID token directly can be a security risk. Ensure that this log is only enabled in development environments and that sensitive information is properly masked or removed in production.

[gemini-code-assist]

It's good to include a note about the endpoint path. To make it more robust, consider using a configuration variable for the endpoint URL instead of hardcoding it. This would allow easier changes in the future. Also, the comment should be updated to reflect the actual endpoint /auth/google/token.

[gemini-code-assist]

Consider adding error handling around the verifyGoogleToken function call. This will prevent the application from crashing if the Google token verification fails.

[gemini-code-assist]

Throwing an error if the email is not verified is a good security practice. Consider adding more details to the error message to help with debugging and user support.