]>
Commit | Line | Data |
---|---|---|
69818c93 | 1 | import * as express from 'express' |
cef534ed | 2 | import { Socket } from 'socket.io' |
e1c55031 | 3 | import { oAuthServer } from '@server/lib/auth' |
fce7fe04 C |
4 | import { logger } from '../helpers/logger' |
5 | import { getAccessToken } from '../lib/oauth-model' | |
2d53be02 | 6 | import { HttpStatusCode } from '../../shared/core-utils/miscs/http-error-codes' |
9457bf88 | 7 | |
eccf70f0 C |
8 | function authenticate (req: express.Request, res: express.Response, next: express.NextFunction, authenticateInQuery = false) { |
9 | const options = authenticateInQuery ? { allowBearerTokensInQueryString: true } : {} | |
10 | ||
11 | oAuthServer.authenticate(options)(req, res, err => { | |
0c1cbbfe | 12 | if (err) { |
0883b324 C |
13 | logger.warn('Cannot authenticate.', { err }) |
14 | ||
93e4a311 C |
15 | return res.status(err.status) |
16 | .json({ | |
5960f923 | 17 | error: 'Token is invalid.', |
93e4a311 C |
18 | code: err.name |
19 | }) | |
20 | .end() | |
eec63bbc | 21 | } |
0c1cbbfe | 22 | |
2805cb7c | 23 | res.locals.authenticated = true |
24 | ||
0c1cbbfe C |
25 | return next() |
26 | }) | |
27 | } | |
28 | ||
cef534ed | 29 | function authenticateSocket (socket: Socket, next: (err?: any) => void) { |
fce7fe04 | 30 | const accessToken = socket.handshake.query['accessToken'] |
cef534ed C |
31 | |
32 | logger.debug('Checking socket access token %s.', accessToken) | |
33 | ||
3acc5084 | 34 | if (!accessToken) return next(new Error('No access token provided')) |
fbd51e69 | 35 | if (typeof accessToken !== 'string') return next(new Error('Access token is invalid')) |
3acc5084 | 36 | |
cef534ed C |
37 | getAccessToken(accessToken) |
38 | .then(tokenDB => { | |
39 | const now = new Date() | |
40 | ||
41 | if (!tokenDB || tokenDB.accessTokenExpiresAt < now || tokenDB.refreshTokenExpiresAt < now) { | |
42 | return next(new Error('Invalid access token.')) | |
43 | } | |
44 | ||
fbd51e69 | 45 | socket.handshake.auth.user = tokenDB.User |
cef534ed C |
46 | |
47 | return next() | |
48 | }) | |
a1587156 | 49 | .catch(err => logger.error('Cannot get access token.', { err })) |
cef534ed C |
50 | } |
51 | ||
eccf70f0 | 52 | function authenticatePromiseIfNeeded (req: express.Request, res: express.Response, authenticateInQuery = false) { |
ba5a8d89 | 53 | return new Promise<void>(resolve => { |
8d427346 | 54 | // Already authenticated? (or tried to) |
faa9d434 | 55 | if (res.locals.oauth?.token.User) return resolve() |
8d427346 | 56 | |
2d53be02 | 57 | if (res.locals.authenticated === false) return res.sendStatus(HttpStatusCode.UNAUTHORIZED_401) |
8d427346 | 58 | |
eccf70f0 | 59 | authenticate(req, res, () => resolve(), authenticateInQuery) |
8d427346 C |
60 | }) |
61 | } | |
62 | ||
0883b324 C |
63 | function optionalAuthenticate (req: express.Request, res: express.Response, next: express.NextFunction) { |
64 | if (req.header('authorization')) return authenticate(req, res, next) | |
65 | ||
8d427346 C |
66 | res.locals.authenticated = false |
67 | ||
0883b324 C |
68 | return next() |
69 | } | |
70 | ||
9457bf88 C |
71 | // --------------------------------------------------------------------------- |
72 | ||
65fcc311 C |
73 | export { |
74 | authenticate, | |
cef534ed | 75 | authenticateSocket, |
8d427346 | 76 | authenticatePromiseIfNeeded, |
7fed6375 | 77 | optionalAuthenticate |
65fcc311 | 78 | } |