]>
Commit | Line | Data |
---|---|---|
69818c93 | 1 | import * as express from 'express' |
4d4e5cd4 | 2 | import * as OAuthServer from 'express-oauth-server' |
93e4a311 | 3 | import 'express-validator' |
74dc3bca | 4 | import { OAUTH_LIFETIME } from '../initializers/constants' |
0883b324 | 5 | import { logger } from '../helpers/logger' |
cef534ed C |
6 | import { Socket } from 'socket.io' |
7 | import { getAccessToken } from '../lib/oauth-model' | |
0c1cbbfe C |
8 | |
9 | const oAuthServer = new OAuthServer({ | |
93e4a311 | 10 | useErrorHandler: true, |
e02643f3 C |
11 | accessTokenLifetime: OAUTH_LIFETIME.ACCESS_TOKEN, |
12 | refreshTokenLifetime: OAUTH_LIFETIME.REFRESH_TOKEN, | |
69b0a27c | 13 | model: require('../lib/oauth-model') |
9457bf88 C |
14 | }) |
15 | ||
69818c93 | 16 | function authenticate (req: express.Request, res: express.Response, next: express.NextFunction) { |
075f16ca | 17 | oAuthServer.authenticate()(req, res, err => { |
0c1cbbfe | 18 | if (err) { |
0883b324 C |
19 | logger.warn('Cannot authenticate.', { err }) |
20 | ||
93e4a311 C |
21 | return res.status(err.status) |
22 | .json({ | |
5960f923 | 23 | error: 'Token is invalid.', |
93e4a311 C |
24 | code: err.name |
25 | }) | |
26 | .end() | |
eec63bbc | 27 | } |
0c1cbbfe C |
28 | |
29 | return next() | |
30 | }) | |
31 | } | |
32 | ||
cef534ed C |
33 | function authenticateSocket (socket: Socket, next: (err?: any) => void) { |
34 | const accessToken = socket.handshake.query.accessToken | |
35 | ||
36 | logger.debug('Checking socket access token %s.', accessToken) | |
37 | ||
3acc5084 C |
38 | if (!accessToken) return next(new Error('No access token provided')) |
39 | ||
cef534ed C |
40 | getAccessToken(accessToken) |
41 | .then(tokenDB => { | |
42 | const now = new Date() | |
43 | ||
44 | if (!tokenDB || tokenDB.accessTokenExpiresAt < now || tokenDB.refreshTokenExpiresAt < now) { | |
45 | return next(new Error('Invalid access token.')) | |
46 | } | |
47 | ||
48 | socket.handshake.query.user = tokenDB.User | |
49 | ||
50 | return next() | |
51 | }) | |
52 | } | |
53 | ||
8d427346 C |
54 | function authenticatePromiseIfNeeded (req: express.Request, res: express.Response) { |
55 | return new Promise(resolve => { | |
56 | // Already authenticated? (or tried to) | |
57 | if (res.locals.oauth && res.locals.oauth.token.User) return resolve() | |
58 | ||
59 | if (res.locals.authenticated === false) return res.sendStatus(401) | |
60 | ||
61 | authenticate(req, res, () => { | |
62 | return resolve() | |
63 | }) | |
64 | }) | |
65 | } | |
66 | ||
0883b324 C |
67 | function optionalAuthenticate (req: express.Request, res: express.Response, next: express.NextFunction) { |
68 | if (req.header('authorization')) return authenticate(req, res, next) | |
69 | ||
8d427346 C |
70 | res.locals.authenticated = false |
71 | ||
0883b324 C |
72 | return next() |
73 | } | |
74 | ||
69818c93 | 75 | function token (req: express.Request, res: express.Response, next: express.NextFunction) { |
5960f923 C |
76 | return oAuthServer.token()(req, res, err => { |
77 | if (err) { | |
78 | return res.status(err.status) | |
79 | .json({ | |
e6921918 | 80 | error: err.message, |
5960f923 C |
81 | code: err.name |
82 | }) | |
83 | .end() | |
84 | } | |
85 | ||
86 | return next() | |
87 | }) | |
0c1cbbfe C |
88 | } |
89 | ||
9457bf88 C |
90 | // --------------------------------------------------------------------------- |
91 | ||
65fcc311 C |
92 | export { |
93 | authenticate, | |
cef534ed | 94 | authenticateSocket, |
8d427346 | 95 | authenticatePromiseIfNeeded, |
0883b324 | 96 | optionalAuthenticate, |
65fcc311 C |
97 | token |
98 | } |