projects / github / Chocobozzz / PeerTube.git / blame
| Commit | Line | Data |
|---|---|---|
| 69818c93 | 1 | import * as express from 'express' |
| 4d4e5cd4 | 2 | import * as OAuthServer from 'express-oauth-server' |
| 74dc3bca | 3 | import { OAUTH_LIFETIME } from '../initializers/constants' |
| 0883b324 | 4 | import { logger } from '../helpers/logger' |
| cef534ed C |
5 | import { Socket } from 'socket.io' |
| 6 | import { getAccessToken } from '../lib/oauth-model' | |
| 0c1cbbfe C |
7 | |
| 8 | const oAuthServer = new OAuthServer({ | |
| 93e4a311 | 9 | useErrorHandler: true, |
| e02643f3 C |
10 | accessTokenLifetime: OAUTH_LIFETIME.ACCESS_TOKEN, |
| 11 | refreshTokenLifetime: OAUTH_LIFETIME.REFRESH_TOKEN, | |
| 69b0a27c | 12 | model: require('../lib/oauth-model') |
| 9457bf88 C |
13 | }) |
| 14 | ||
| eccf70f0 C |
15 | function authenticate (req: express.Request, res: express.Response, next: express.NextFunction, authenticateInQuery = false) { |
| 16 | const options = authenticateInQuery ? { allowBearerTokensInQueryString: true } : {} | |
| 17 | ||
| 18 | oAuthServer.authenticate(options)(req, res, err => { | |
| 0c1cbbfe | 19 | if (err) { |
| 0883b324 C |
20 | logger.warn('Cannot authenticate.', { err }) |
| 21 | ||
| 93e4a311 C |
22 | return res.status(err.status) |
| 23 | .json({ | |
| 5960f923 | 24 | error: 'Token is invalid.', |
| 93e4a311 C |
25 | code: err.name |
| 26 | }) | |
| 27 | .end() | |
| eec63bbc | 28 | } |
| 0c1cbbfe C |
29 | |
| 30 | return next() | |
| 31 | }) | |
| 32 | } | |
| 33 | ||
| cef534ed C |
34 | function authenticateSocket (socket: Socket, next: (err?: any) => void) { |
| 35 | const accessToken = socket.handshake.query.accessToken | |
| 36 | ||
| 37 | logger.debug('Checking socket access token %s.', accessToken) | |
| 38 | ||
| 3acc5084 C |
39 | if (!accessToken) return next(new Error('No access token provided')) |
| 40 | ||
| cef534ed C |
41 | getAccessToken(accessToken) |
| 42 | .then(tokenDB => { | |
| 43 | const now = new Date() | |
| 44 | ||
| 45 | if (!tokenDB || tokenDB.accessTokenExpiresAt < now || tokenDB.refreshTokenExpiresAt < now) { | |
| 46 | return next(new Error('Invalid access token.')) | |
| 47 | } | |
| 48 | ||
| 49 | socket.handshake.query.user = tokenDB.User | |
| 50 | ||
| 51 | return next() | |
| 52 | }) | |
| 53 | } | |
| 54 | ||
| eccf70f0 | 55 | function authenticatePromiseIfNeeded (req: express.Request, res: express.Response, authenticateInQuery = false) { |
| 8d427346 C |
56 | return new Promise(resolve => { |
| 57 | // Already authenticated? (or tried to) | |
| 58 | if (res.locals.oauth && res.locals.oauth.token.User) return resolve() | |
| 59 | ||
| 60 | if (res.locals.authenticated === false) return res.sendStatus(401) | |
| 61 | ||
| eccf70f0 | 62 | authenticate(req, res, () => resolve(), authenticateInQuery) |
| 8d427346 C |
63 | }) |
| 64 | } | |
| 65 | ||
| 0883b324 C |
66 | function optionalAuthenticate (req: express.Request, res: express.Response, next: express.NextFunction) { |
| 67 | if (req.header('authorization')) return authenticate(req, res, next) | |
| 68 | ||
| 8d427346 C |
69 | res.locals.authenticated = false |
| 70 | ||
| 0883b324 C |
71 | return next() |
| 72 | } | |
| 73 | ||
| 69818c93 | 74 | function token (req: express.Request, res: express.Response, next: express.NextFunction) { |
| 5960f923 C |
75 | return oAuthServer.token()(req, res, err => { |
| 76 | if (err) { | |
| 77 | return res.status(err.status) | |
| 78 | .json({ | |
| e6921918 | 79 | error: err.message, |
| 5960f923 C |
80 | code: err.name |
| 81 | }) | |
| 82 | .end() | |
| 83 | } | |
| 84 | ||
| 85 | return next() | |
| 86 | }) | |
| 0c1cbbfe C |
87 | } |
| 88 | ||
| 9457bf88 C |
89 | // --------------------------------------------------------------------------- |
| 90 | ||
| 65fcc311 C |
91 | export { |
| 92 | authenticate, | |
| cef534ed | 93 | authenticateSocket, |
| 8d427346 | 94 | authenticatePromiseIfNeeded, |
| 0883b324 | 95 | optionalAuthenticate, |
| 65fcc311 C |
96 | token |
| 97 | } |