]>
Commit | Line | Data |
---|---|---|
41fb13c3 | 1 | import express from 'express' |
cef534ed | 2 | import { Socket } from 'socket.io' |
f43db2f4 | 3 | import { getAccessToken } from '@server/lib/auth/oauth-model' |
0c9668f7 | 4 | import { RunnerModel } from '@server/models/runner/runner' |
c0e8b12e | 5 | import { HttpStatusCode } from '../../shared/models/http/http-error-codes' |
f43db2f4 C |
6 | import { logger } from '../helpers/logger' |
7 | import { handleOAuthAuthenticate } from '../lib/auth/oauth' | |
9457bf88 | 8 | |
3545e72c C |
9 | function authenticate (req: express.Request, res: express.Response, next: express.NextFunction) { |
10 | handleOAuthAuthenticate(req, res) | |
f43db2f4 C |
11 | .then((token: any) => { |
12 | res.locals.oauth = { token } | |
13 | res.locals.authenticated = true | |
14 | ||
15 | return next() | |
16 | }) | |
17 | .catch(err => { | |
b0f42042 | 18 | logger.info('Cannot authenticate.', { err }) |
0883b324 | 19 | |
76148b27 RK |
20 | return res.fail({ |
21 | status: err.status, | |
22 | message: 'Token is invalid', | |
23 | type: err.name | |
24 | }) | |
f43db2f4 | 25 | }) |
0c1cbbfe C |
26 | } |
27 | ||
cef534ed | 28 | function authenticateSocket (socket: Socket, next: (err?: any) => void) { |
fce7fe04 | 29 | const accessToken = socket.handshake.query['accessToken'] |
cef534ed | 30 | |
0c9668f7 | 31 | logger.debug('Checking access token in runner.') |
cef534ed | 32 | |
3acc5084 | 33 | if (!accessToken) return next(new Error('No access token provided')) |
fbd51e69 | 34 | if (typeof accessToken !== 'string') return next(new Error('Access token is invalid')) |
3acc5084 | 35 | |
cef534ed C |
36 | getAccessToken(accessToken) |
37 | .then(tokenDB => { | |
38 | const now = new Date() | |
39 | ||
40 | if (!tokenDB || tokenDB.accessTokenExpiresAt < now || tokenDB.refreshTokenExpiresAt < now) { | |
41 | return next(new Error('Invalid access token.')) | |
42 | } | |
43 | ||
fbd51e69 | 44 | socket.handshake.auth.user = tokenDB.User |
cef534ed C |
45 | |
46 | return next() | |
47 | }) | |
a1587156 | 48 | .catch(err => logger.error('Cannot get access token.', { err })) |
cef534ed C |
49 | } |
50 | ||
3545e72c | 51 | function authenticatePromise (req: express.Request, res: express.Response) { |
ba5a8d89 | 52 | return new Promise<void>(resolve => { |
8d427346 | 53 | // Already authenticated? (or tried to) |
faa9d434 | 54 | if (res.locals.oauth?.token.User) return resolve() |
8d427346 | 55 | |
76148b27 RK |
56 | if (res.locals.authenticated === false) { |
57 | return res.fail({ | |
58 | status: HttpStatusCode.UNAUTHORIZED_401, | |
59 | message: 'Not authenticated' | |
60 | }) | |
61 | } | |
8d427346 | 62 | |
3545e72c | 63 | authenticate(req, res, () => resolve()) |
8d427346 C |
64 | }) |
65 | } | |
66 | ||
0883b324 C |
67 | function optionalAuthenticate (req: express.Request, res: express.Response, next: express.NextFunction) { |
68 | if (req.header('authorization')) return authenticate(req, res, next) | |
69 | ||
8d427346 C |
70 | res.locals.authenticated = false |
71 | ||
0883b324 C |
72 | return next() |
73 | } | |
74 | ||
9457bf88 C |
75 | // --------------------------------------------------------------------------- |
76 | ||
0c9668f7 C |
77 | function authenticateRunnerSocket (socket: Socket, next: (err?: any) => void) { |
78 | const runnerToken = socket.handshake.auth['runnerToken'] | |
79 | ||
80 | logger.debug('Checking runner token in socket.') | |
81 | ||
82 | if (!runnerToken) return next(new Error('No runner token provided')) | |
83 | if (typeof runnerToken !== 'string') return next(new Error('Runner token is invalid')) | |
84 | ||
85 | RunnerModel.loadByToken(runnerToken) | |
86 | .then(runner => { | |
87 | if (!runner) return next(new Error('Invalid runner token.')) | |
88 | ||
89 | socket.handshake.auth.runner = runner | |
90 | ||
91 | return next() | |
92 | }) | |
93 | .catch(err => logger.error('Cannot get runner token.', { err })) | |
94 | } | |
95 | ||
96 | // --------------------------------------------------------------------------- | |
97 | ||
65fcc311 C |
98 | export { |
99 | authenticate, | |
cef534ed | 100 | authenticateSocket, |
2c2befaa | 101 | authenticatePromise, |
0c9668f7 C |
102 | optionalAuthenticate, |
103 | authenticateRunnerSocket | |
65fcc311 | 104 | } |