]>
Commit | Line | Data |
---|---|---|
1 | import * as express from 'express' | |
2 | import * as OAuthServer from 'express-oauth-server' | |
3 | import { OAUTH_LIFETIME } from '../initializers/constants' | |
4 | import { logger } from '../helpers/logger' | |
5 | import { Socket } from 'socket.io' | |
6 | import { getAccessToken } from '../lib/oauth-model' | |
7 | ||
8 | const oAuthServer = new OAuthServer({ | |
9 | useErrorHandler: true, | |
10 | accessTokenLifetime: OAUTH_LIFETIME.ACCESS_TOKEN, | |
11 | refreshTokenLifetime: OAUTH_LIFETIME.REFRESH_TOKEN, | |
12 | model: require('../lib/oauth-model') | |
13 | }) | |
14 | ||
15 | function authenticate (req: express.Request, res: express.Response, next: express.NextFunction) { | |
16 | oAuthServer.authenticate()(req, res, err => { | |
17 | if (err) { | |
18 | logger.warn('Cannot authenticate.', { err }) | |
19 | ||
20 | return res.status(err.status) | |
21 | .json({ | |
22 | error: 'Token is invalid.', | |
23 | code: err.name | |
24 | }) | |
25 | .end() | |
26 | } | |
27 | ||
28 | return next() | |
29 | }) | |
30 | } | |
31 | ||
32 | function authenticateSocket (socket: Socket, next: (err?: any) => void) { | |
33 | const accessToken = socket.handshake.query.accessToken | |
34 | ||
35 | logger.debug('Checking socket access token %s.', accessToken) | |
36 | ||
37 | if (!accessToken) return next(new Error('No access token provided')) | |
38 | ||
39 | getAccessToken(accessToken) | |
40 | .then(tokenDB => { | |
41 | const now = new Date() | |
42 | ||
43 | if (!tokenDB || tokenDB.accessTokenExpiresAt < now || tokenDB.refreshTokenExpiresAt < now) { | |
44 | return next(new Error('Invalid access token.')) | |
45 | } | |
46 | ||
47 | socket.handshake.query.user = tokenDB.User | |
48 | ||
49 | return next() | |
50 | }) | |
51 | } | |
52 | ||
53 | function authenticatePromiseIfNeeded (req: express.Request, res: express.Response) { | |
54 | return new Promise(resolve => { | |
55 | // Already authenticated? (or tried to) | |
56 | if (res.locals.oauth && res.locals.oauth.token.User) return resolve() | |
57 | ||
58 | if (res.locals.authenticated === false) return res.sendStatus(401) | |
59 | ||
60 | authenticate(req, res, () => { | |
61 | return resolve() | |
62 | }) | |
63 | }) | |
64 | } | |
65 | ||
66 | function optionalAuthenticate (req: express.Request, res: express.Response, next: express.NextFunction) { | |
67 | if (req.header('authorization')) return authenticate(req, res, next) | |
68 | ||
69 | res.locals.authenticated = false | |
70 | ||
71 | return next() | |
72 | } | |
73 | ||
74 | function token (req: express.Request, res: express.Response, next: express.NextFunction) { | |
75 | return oAuthServer.token()(req, res, err => { | |
76 | if (err) { | |
77 | return res.status(err.status) | |
78 | .json({ | |
79 | error: err.message, | |
80 | code: err.name | |
81 | }) | |
82 | .end() | |
83 | } | |
84 | ||
85 | return next() | |
86 | }) | |
87 | } | |
88 | ||
89 | // --------------------------------------------------------------------------- | |
90 | ||
91 | export { | |
92 | authenticate, | |
93 | authenticateSocket, | |
94 | authenticatePromiseIfNeeded, | |
95 | optionalAuthenticate, | |
96 | token | |
97 | } |