]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/controllers/api/users/token.ts
projects / github / Chocobozzz / PeerTube.git / blob
? search:


863a3d74cf3b694c79829b4d3f5363f0665ca30d
[github/Chocobozzz/PeerTube.git] / server / controllers / api / users / token.ts
1 import * as express from 'express'
2 import * as RateLimit from 'express-rate-limit'
3 import { v4 as uuidv4 } from 'uuid'
4 import { logger } from '@server/helpers/logger'
5 import { CONFIG } from '@server/initializers/config'
6 import { getAuthNameFromRefreshGrant, getBypassFromExternalAuth, getBypassFromPasswordGrant } from '@server/lib/auth/external-auth'
7 import { handleOAuthToken } from '@server/lib/auth/oauth'
8 import { BypassLogin, revokeToken } from '@server/lib/auth/oauth-model'
9 import { Hooks } from '@server/lib/plugins/hooks'
10 import { asyncMiddleware, authenticate } from '@server/middlewares'
11 import { ScopedToken } from '@shared/models/users/user-scoped-token'
12
13 const tokensRouter = express.Router()
14
15 const loginRateLimiter = RateLimit({
16 windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS,
17 max: CONFIG.RATES_LIMIT.LOGIN.MAX
18 })
19
20 tokensRouter.post('/token',
21 loginRateLimiter,
22 asyncMiddleware(handleToken)
23 )
24
25 tokensRouter.post('/revoke-token',
26 authenticate,
27 asyncMiddleware(handleTokenRevocation)
28 )
29
30 tokensRouter.get('/scoped-tokens',
31 authenticate,
32 getScopedTokens
33 )
34
35 tokensRouter.post('/scoped-tokens',
36 authenticate,
37 asyncMiddleware(renewScopedTokens)
38 )
39
40 // ---------------------------------------------------------------------------
41
42 export {
43 tokensRouter
44 }
45 // ---------------------------------------------------------------------------
46
47 async function handleToken (req: express.Request, res: express.Response, next: express.NextFunction) {
48 const grantType = req.body.grant_type
49
50 try {
51 const bypassLogin = await buildByPassLogin(req, grantType)
52
53 const refreshTokenAuthName = grantType === 'refresh_token'
54 ? await getAuthNameFromRefreshGrant(req.body.refresh_token)
55 : undefined
56
57 const options = {
58 refreshTokenAuthName,
59 bypassLogin
60 }
61
62 const token = await handleOAuthToken(req, options)
63
64 res.set('Cache-Control', 'no-store')
65 res.set('Pragma', 'no-cache')
66
67 Hooks.runAction('action:api.user.oauth2-got-token', { username: token.user.username, ip: req.ip })
68
69 return res.json({
70 token_type: 'Bearer',
71
72 access_token: token.accessToken,
73 refresh_token: token.refreshToken,
74
75 expires_in: token.accessTokenExpiresIn,
76 refresh_token_expires_in: token.refreshTokenExpiresIn
77 })
78 } catch (err) {
79 logger.warn('Login error', { err })
80
81 return res.fail({
82 status: err.code,
83 message: err.message,
84 type: err.name
85 })
86 }
87 }
88
89 async function handleTokenRevocation (req: express.Request, res: express.Response) {
90 const token = res.locals.oauth.token
91
92 const result = await revokeToken(token, { req, explicitLogout: true })
93
94 return res.json(result)
95 }
96
97 function getScopedTokens (req: express.Request, res: express.Response) {
98 const user = res.locals.oauth.token.user
99
100 return res.json({
101 feedToken: user.feedToken
102 } as ScopedToken)
103 }
104
105 async function renewScopedTokens (req: express.Request, res: express.Response) {
106 const user = res.locals.oauth.token.user
107
108 user.feedToken = uuidv4()
109 await user.save()
110
111 return res.json({
112 feedToken: user.feedToken
113 } as ScopedToken)
114 }
115
116 async function buildByPassLogin (req: express.Request, grantType: string): Promise<BypassLogin> {
117 if (grantType !== 'password') return undefined
118
119 if (req.body.externalAuthToken) {
120 // Consistency with the getBypassFromPasswordGrant promise
121 return getBypassFromExternalAuth(req.body.username, req.body.externalAuthToken)
122 }
123
124 return getBypassFromPasswordGrant(req.body.username, req.body.password)
125 }
ActivityPub-federated video streaming platform using P2P directly in your web browser