[github/Chocobozzz/PeerTube.git] / client / src / app / shared / shared-main / auth / auth-interceptor.service.ts

import { Observable, of, throwError as observableThrowError } from 'rxjs'
import { catchError, switchMap } from 'rxjs/operators'
import { HTTP_INTERCEPTORS, HttpErrorResponse, HttpEvent, HttpHandler, HttpInterceptor, HttpRequest } from '@angular/common/http'
import { Injectable, Injector } from '@angular/core'
import { Router } from '@angular/router'
import { AuthService } from '@app/core/auth/auth.service'
import { HttpStatusCode } from '@shared/models'
import { OAuth2ErrorCode, PeerTubeProblemDocument } from '@shared/models/server'

@Injectable()
export class AuthInterceptor implements HttpInterceptor {
  private authService: AuthService

  // https://github.com/angular/angular/issues/18224#issuecomment-316957213
  constructor (private injector: Injector, private router: Router) {}

  intercept (req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
    if (this.authService === undefined) {
      this.authService = this.injector.get(AuthService)
    }

    const authReq = this.cloneRequestWithAuth(req)

    // Pass on the cloned request instead of the original request
    // Catch 401 errors (refresh token expired)
    return next.handle(authReq)
               .pipe(
                 catchError((err: HttpErrorResponse) => {
                   const error = err.error as PeerTubeProblemDocument
                   const isOTPMissingError = this.authService.isOTPMissingError(err)

                   if (!isOTPMissingError) {
                     if (err.status === HttpStatusCode.UNAUTHORIZED_401 && error && error.code === OAuth2ErrorCode.INVALID_TOKEN) {
                       return this.handleTokenExpired(req, next)
                     }

                     if (err.status === HttpStatusCode.UNAUTHORIZED_401) {
                       return this.handleNotAuthenticated(err)
                     }
                   }

                   return observableThrowError(() => err)
                 })
               )
  }

  private handleTokenExpired (req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
    return this.authService.refreshAccessToken()
               .pipe(
                 switchMap(() => {
                   const authReq = this.cloneRequestWithAuth(req)

                   return next.handle(authReq)
                 })
               )
  }

  private cloneRequestWithAuth (req: HttpRequest<any>) {
    const authHeaderValue = this.authService.getRequestHeaderValue()

    if (authHeaderValue === null) return req

    // Clone the request to add the new header
    return req.clone({ headers: req.headers.set('Authorization', authHeaderValue) })
  }

  private handleNotAuthenticated (err: HttpErrorResponse): Observable<any> {
    this.router.navigate([ '/401' ], { state: { obj: err }, skipLocationChange: true })
    return of(err.message)
  }
}

export const AUTH_INTERCEPTOR_PROVIDER = {
  provide: HTTP_INTERCEPTORS,
  useClass: AuthInterceptor,
  multi: true
}
Commit	Line	Data
	1	import { Observable, of, throwError as observableThrowError } from 'rxjs'
	2	import { catchError, switchMap } from 'rxjs/operators'
	3	import { HTTP_INTERCEPTORS, HttpErrorResponse, HttpEvent, HttpHandler, HttpInterceptor, HttpRequest } from '@angular/common/http'
	4	import { Injectable, Injector } from '@angular/core'
	5	import { Router } from '@angular/router'
	6	import { AuthService } from '@app/core/auth/auth.service'
	7	import { HttpStatusCode } from '@shared/models'
	8	import { OAuth2ErrorCode, PeerTubeProblemDocument } from '@shared/models/server'
	9
	10	@Injectable()
	11	export class AuthInterceptor implements HttpInterceptor {
	12	private authService: AuthService
	13
	14	// https://github.com/angular/angular/issues/18224#issuecomment-316957213
	15	constructor (private injector: Injector, private router: Router) {}
	16
	17	intercept (req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
	18	if (this.authService === undefined) {
	19	this.authService = this.injector.get(AuthService)
	20	}
	21
	22	const authReq = this.cloneRequestWithAuth(req)
	23
	24	// Pass on the cloned request instead of the original request
	25	// Catch 401 errors (refresh token expired)
	26	return next.handle(authReq)
	27	.pipe(
	28	catchError((err: HttpErrorResponse) => {
	29	const error = err.error as PeerTubeProblemDocument
	30	const isOTPMissingError = this.authService.isOTPMissingError(err)
	31
	32	if (!isOTPMissingError) {
	33	if (err.status === HttpStatusCode.UNAUTHORIZED_401 && error && error.code === OAuth2ErrorCode.INVALID_TOKEN) {
	34	return this.handleTokenExpired(req, next)
	35	}
	36
	37	if (err.status === HttpStatusCode.UNAUTHORIZED_401) {
	38	return this.handleNotAuthenticated(err)
	39	}
	40	}
	41
	42	return observableThrowError(() => err)
	43	})
	44	)
	45	}
	46
	47	private handleTokenExpired (req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
	48	return this.authService.refreshAccessToken()
	49	.pipe(
	50	switchMap(() => {
	51	const authReq = this.cloneRequestWithAuth(req)
	52
	53	return next.handle(authReq)
	54	})
	55	)
	56	}
	57
	58	private cloneRequestWithAuth (req: HttpRequest<any>) {
	59	const authHeaderValue = this.authService.getRequestHeaderValue()
	60
	61	if (authHeaderValue === null) return req
	62
	63	// Clone the request to add the new header
	64	return req.clone({ headers: req.headers.set('Authorization', authHeaderValue) })
	65	}
	66
	67	private handleNotAuthenticated (err: HttpErrorResponse): Observable<any> {
	68	this.router.navigate([ '/401' ], { state: { obj: err }, skipLocationChange: true })
	69	return of(err.message)
	70	}
	71	}
	72
	73	export const AUTH_INTERCEPTOR_PROVIDER = {
	74	provide: HTTP_INTERCEPTORS,
	75	useClass: AuthInterceptor,
	76	multi: true
	77	}