SolarAgent/lib/auth.dart

import 'dart:convert';
import 'dart:io';

import 'package:flutter/material.dart';
import 'package:flutter_secure_storage/flutter_secure_storage.dart';
import 'package:solaragent/screens/auth.dart';
import 'package:oauth2/oauth2.dart' as oauth2;

final authClient = AuthGuard();

class AuthGuard {
  AuthGuard();

  final deviceEndpoint =
      Uri.parse('https://id.solsynth.dev/api/notifications/subscribe');
  final authorizationEndpoint =
      Uri.parse('https://id.solsynth.dev/auth/o/connect');
  final tokenEndpoint = Uri.parse('https://id.solsynth.dev/api/auth/token');
  final userinfoEndpoint = Uri.parse('https://id.solsynth.dev/api/users/me');
  final redirectUrl = Uri.parse('solaragent://auth');

  static const clientId = "solaragent";
  static const clientSecret = "_F4%q2Eea3";

  static const storage = FlutterSecureStorage();
  static const storageKey = "identity";
  static const profileKey = "profiles";

  oauth2.Client? client;
  DateTime? lastRefreshedAt;

  Future<bool> pickClient() async {
    if (await storage.containsKey(key: storageKey)) {
      try {
        var credentials =
            oauth2.Credentials.fromJson((await storage.read(key: storageKey))!);
        client = oauth2.Client(credentials,
            identifier: clientId, secret: clientSecret);
        await pullProfiles();
        return true;
      } catch (e) {
        signoff();
        return false;
      }
    } else {
      return false;
    }
  }

  Future<oauth2.Client> createClient(BuildContext context) async {
    // If logged in
    if (await pickClient()) {
      return client!;
    }

    var grant = oauth2.AuthorizationCodeGrant(
      clientId,
      authorizationEndpoint,
      tokenEndpoint,
      secret: clientSecret,
      basicAuth: false,
    );

    var authorizationUrl = grant.getAuthorizationUrl(redirectUrl);

    if (Platform.isAndroid || Platform.isIOS) {
      // Use WebView to get authorization url
      var responseUrl = await Navigator.of(context, rootNavigator: true).push(
        MaterialPageRoute(
          builder: (context) => AuthorizationScreen(authorizationUrl),
        ),
      );

      var responseUri = Uri.parse(responseUrl);
      return await grant
          .handleAuthorizationResponse(responseUri.queryParameters);
    } else {
      throw UnimplementedError("unsupported platform");
    }
  }

  Future<void> pullProfiles() async {
    if (client != null) {
      var userinfo = await client!.get(userinfoEndpoint);
      storage.write(key: profileKey, value: utf8.decode(userinfo.bodyBytes));
    }
  }

  Future<void> refreshToken() async {
    if (client != null) {
      var credentials = await client?.credentials.refresh(
          identifier: clientId, secret: clientSecret, basicAuth: false);

      storage.write(key: storageKey, value: credentials!.toJson());
    }
  }

  Future<void> signin(BuildContext context) async {
    client = await createClient(context);
    storage.write(key: storageKey, value: client!.credentials.toJson());

    await pullProfiles();
  }

  void signoff() {
    storage.delete(key: profileKey);
    storage.delete(key: storageKey);
  }

  Future<bool> isAuthorized() async {
    const storage = FlutterSecureStorage();
    if (await storage.containsKey(key: storageKey)) {
      if (client != null) {
        if (lastRefreshedAt == null ||
            lastRefreshedAt!
                .add(const Duration(minutes: 3))
                .isAfter(DateTime.now())) {
          await refreshToken();
          lastRefreshedAt = DateTime.now();
        }
      }
      return true;
    } else {
      return false;
    }
  }

  Future<dynamic> getProfiles() async {
    const storage = FlutterSecureStorage();
    return jsonDecode(await storage.read(key: profileKey) ?? "{}");
  }
}