fix login provider logic in electron apps (#2958)

### Fixes #
<!-- Mention the issues this PR addresses -->
#2955 

### Checks

- [ ] Ran `yarn test-build`
- [ ] Updated relevant documentations
- [ ] Updated matching config options in altair-static

### Changes proposed in this pull request:
<!-- Describe the changes being introduced in this PR -->

## Summary by Sourcery

Unify login provider handling across web and Electron flows by
centralizing identity provider constants and popup URL generation, and
wiring the selected provider through the Electron IPC authentication
path.

New Features:
- Introduce a shared identity provider module with helpers to construct
login popup URLs.

Bug Fixes:
- Ensure Electron authentication passes the selected identity provider
through IPC and uses the correct login popup URL format.

Enhancements:
- Refactor login redirect and API client code to use the shared identity
provider utilities instead of local implementations.
- Loosen the Electron IPC handler argument typing to support provider
parameters.

Build:
- Add api-utils as a dependency of the altair-electron package.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added support for multiple identity providers (Google, GitHub) for
user authentication.

* **Chores**
  * Updated dependencies to support identity provider functionality.

<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Author: imolorhe

packages/altair-api-utils/src/client.ts

@@ -30,6 +30,7 @@ import { ConfigEnvironment } from 'altair-graphql-core/build/config/environment'
 import { UrlConfig } from 'altair-graphql-core/build/config/urls';
 import { IRateMessageDto, ISendMessageDto } from './ai';
 import { IAvailableCredits } from 'altair-graphql-core/build/types/state/account.interfaces';
+import { getPopupUrl } from 'altair-graphql-core/build/identity/providers';
 export type FullQueryCollection = QueryCollection & {
   queries: QueryItem[];
 };
@@ -130,12 +131,7 @@ export class APIClient {
     nonce: string,
     provider: IdentityProvider = IdentityProvider.GOOGLE
   ) {
-    const url = new URL(this.urlConfig.loginClient);
-    url.searchParams.append('nonce', nonce);
-    url.searchParams.append('sc', location.origin);
-    url.searchParams.append('provider', provider);
-
-    return url.href;
+    return getPopupUrl(this.urlConfig.loginClient, nonce, location.origin, provider);
   }
 
   observeUser() {

packages/altair-app/src/app/modules/altair/services/account/account.service.ts

@@ -13,10 +13,9 @@ import { IdentityProvider } from '@altairgraphql/db';
 export class AccountService {
   private electronApp = inject(ElectronAppService);
 
-
   private async signin(provider: IdentityProvider = IdentityProvider.GOOGLE) {
     if (isElectronApp()) {
-      const authToken = await this.electronApp.getAuthToken();
+      const authToken = await this.electronApp.getAuthToken(provider);
       return apiClient.signInWithCustomToken(authToken);
     }
 

packages/altair-app/src/app/modules/altair/services/electron-app/electron-app.service.ts

@@ -28,6 +28,7 @@ import {
 } from '@altairgraphql/electron-interop/build/renderer';
 import { environment } from 'environments/environment';
 import { SettingsState } from 'altair-graphql-core/build/types/state/settings.interfaces';
+import { IdentityProvider } from '@altairgraphql/db';
 
 interface ConnectOptions {
   importFileContent: (content: string) => void;
@@ -225,8 +226,8 @@ export class ElectronAppService {
       });
   }
 
-  getAuthToken() {
-    return this.api?.actions.getAuthToken();
+  getAuthToken(provider: IdentityProvider) {
+    return this.api?.actions.getAuthToken(provider);
   }
 
   getAutobackupData() {

packages/altair-core/src/identity/providers.ts

@@ -0,0 +1,24 @@
+// TODO: For some reason, importing from altair-db in login-redirect package causes issues. Strangely this only seems to affect login-redirect package.
+// Getting src/login-redirect.ts (4:2): "IDENTITY_PROVIDERS" is not exported by "../altair-db/build/client.js", imported by "src/login-redirect.ts".
+// Will investigate later.
+const IDENTITY_PROVIDERS = {
+  GOOGLE: 'GOOGLE',
+  GITHUB: 'GITHUB',
+} as const;
+type IdentityProvider = (typeof IDENTITY_PROVIDERS)[keyof typeof IDENTITY_PROVIDERS];
+
+export { IDENTITY_PROVIDERS, IdentityProvider };
+
+export function getPopupUrl(
+  url: string,
+  nonce: string,
+  source: string,
+  provider: IdentityProvider
+) {
+  const urlObj = new URL(url);
+  urlObj.searchParams.append('nonce', nonce);
+  urlObj.searchParams.append('sc', source);
+  urlObj.searchParams.append('provider', provider);
+
+  return urlObj.href;
+}

packages/altair-electron-interop/src/api.ts

@@ -1,4 +1,5 @@
 import { SettingsState } from 'altair-graphql-core/build/types/state/settings.interfaces';
+import { IdentityProvider } from 'altair-graphql-core/build/identity/providers';
 import { ipcRenderer } from 'electron';
 import { IPC_EVENT_NAMES, STORE_EVENTS } from './constants';
 import { SETTINGS_STORE_EVENTS } from './settings';
@@ -117,8 +118,11 @@ export const electronApi = {
     restartApp() {
       return ipcRenderer.send(IPC_EVENT_NAMES.RENDERER_RESTART_APP);
     },
-    getAuthToken() {
-      return invokeWithCustomErrors(IPC_EVENT_NAMES.RENDERER_GET_AUTH_TOKEN);
+    getAuthToken(provider: IdentityProvider) {
+      return invokeWithCustomErrors(
+        IPC_EVENT_NAMES.RENDERER_GET_AUTH_TOKEN,
+        provider
+      );
     },
     getAutobackupData() {
       return invokeWithCustomErrors(IPC_EVENT_NAMES.RENDERER_GET_AUTOBACKUP_DATA);

packages/altair-electron/src/app/window.ts

@@ -11,6 +11,7 @@ import {
   renderAltair,
   renderInitSnippet,
 } from 'altair-static';
+import { IdentityProvider } from 'altair-graphql-core/build/identity/providers';
 
 import { checkMultipleDataVersions } from '../utils/check-multi-data-versions';
 import { createSha256CspHash } from '../utils/csp-hash';
@@ -185,14 +186,17 @@ export class WindowManager {
       }
     );
 
-    handleWithCustomErrors(IPC_EVENT_NAMES.RENDERER_GET_AUTH_TOKEN, async (e) => {
-      if (!e.sender || e.sender !== this.instance?.webContents) {
-        throw new Error('untrusted source trying to get auth token');
-      }
+    handleWithCustomErrors(
+      IPC_EVENT_NAMES.RENDERER_GET_AUTH_TOKEN,
+      async (e, provider: IdentityProvider) => {
+        if (!e.sender || e.sender !== this.instance?.webContents) {
+          throw new Error('untrusted source trying to get auth token');
+        }
 
-      const authServer = new AuthServer();
-      return authServer.getCustomToken();
-    });
+        const authServer = new AuthServer();
+        return authServer.getCustomToken(provider);
+      }
+    );
 
     handleWithCustomErrors(
       IPC_EVENT_NAMES.RENDERER_GET_AUTOBACKUP_DATA,

packages/altair-electron/src/auth/server/index.ts

@@ -4,17 +4,20 @@ import bodyParser from 'body-parser';
 import { EventEmitter } from 'events';
 import path from 'path';
 import { randomBytes } from 'crypto';
-import { getStaticDirectory } from '../../utils';
 import { session, shell } from 'electron';
 import { getCSP, INLINE, SELF } from 'csp-header';
 import getPort from 'get-port';
+import {
+  IdentityProvider,
+  getPopupUrl,
+} from 'altair-graphql-core/build/identity/providers';
 
 export const IPC_SET_CUSTOM_TOKEN_EVENT = 'auth:set-custom-token';
 
 const newNonce = () => {
   const validChars =
     'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
-  const array = randomBytes(40).map(x =>
+  const array = randomBytes(40).map((x) =>
     validChars.charCodeAt(x % validChars.length)
   );
   return String.fromCharCode(...array);
@@ -36,16 +39,12 @@ export class AuthServer {
     app.use(bodyParser.json());
 
     app.use('/login', (req, res) => {
-      return res.sendFile(
-        path.resolve(authClientStaticDirectory(), 'index.html')
-      );
+      return res.sendFile(path.resolve(authClientStaticDirectory(), 'index.html'));
     });
     app.use('/callback', (req, res) => {
       // TODO: Verify ttl
       if (req.body.nonce !== this.nonce) {
-        return res
-          .status(400)
-          .send({ status: 'error', message: 'invalid request' });
+        return res.status(400).send({ status: 'error', message: 'invalid request' });
       }
 
       this.emitter.emit('token', req.body.token);
@@ -65,13 +64,13 @@ export class AuthServer {
     }
   }
 
-  async getCustomToken() {
+  async getCustomToken(provider: IdentityProvider) {
     if (!this.server) {
       await this.start();
     }
     // TODO: Use a hosted domain instead
     await shell.openExternal(
-      `http://localhost:${this.port}/login?nonce=${this.nonce}`
+      getPopupUrl(`http://localhost:${this.port}/login`, this.nonce, '', provider)
     );
 
     const token = await this.listenForToken();

packages/altair-electron/src/utils/index.ts

@@ -1,6 +1,5 @@
 /* eslint-disable no-sync */
-import { readdir } from 'fs';
-import fs from 'fs';
+import fs, { readdir } from 'fs';
 import { join } from 'path';
 import { App, ipcMain } from 'electron';
 import { ALTAIR_CUSTOM_PROTOCOL } from '@altairgraphql/electron-interop';
@@ -45,7 +44,7 @@ const encodeError = (e: Error) => {
 
 export const handleWithCustomErrors = (
   channel: string,
-  handler: (event: Electron.IpcMainInvokeEvent, ...args: unknown[]) => unknown
+  handler: (event: Electron.IpcMainInvokeEvent, ...args: any[]) => unknown
 ) => {
   ipcMain.handle(channel, async (...args) => {
     try {

packages/login-redirect/src/login-redirect.ts

@@ -1,15 +1,11 @@
 import { OAUTH_POPUP_CALLBACK_MESSAGE_TYPE } from '@altairgraphql/api-utils/build/constants';
 import { closeWindow, getValidSource, isValidOpener } from './helpers';
 import { getAltairConfig } from 'altair-graphql-core/build/config';
+import {
+  IdentityProvider,
+  IDENTITY_PROVIDERS,
+} from 'altair-graphql-core/build/identity/providers';
 
-// TODO: For some reason, importing from altair-db causes issues. Strangely this only seems to affect login-redirect package.
-// Getting src/login-redirect.ts (4:2): "IDENTITY_PROVIDERS" is not exported by "../altair-db/build/client.js", imported by "src/login-redirect.ts".
-// Will investigate later.
-const IDENTITY_PROVIDERS = {
-  GOOGLE: 'GOOGLE',
-  GITHUB: 'GITHUB',
-} as const;
-type IdentityProvider = (typeof IDENTITY_PROVIDERS)[keyof typeof IDENTITY_PROVIDERS];
 const OAUTH_NONCE_KEY = 'altairgql:oauth:nonce:key';
 
 const getNonce = () => {