server/middlewares/oauth.ts

   1 import * as express from 'express'
   2 import * as OAuthServer from 'express-oauth-server'
   3 import { OAUTH_LIFETIME } from '../initializers/constants'
   4 import { logger } from '../helpers/logger'
   5 import { Socket } from 'socket.io'
   6 import { getAccessToken } from '../lib/oauth-model'
   7
   8 const oAuthServer = new OAuthServer({
   9   useErrorHandler: true,
  10   accessTokenLifetime: OAUTH_LIFETIME.ACCESS_TOKEN,
  11   refreshTokenLifetime: OAUTH_LIFETIME.REFRESH_TOKEN,
  12   model: require('../lib/oauth-model')
  13 })
  14
  15 function authenticate (req: express.Request, res: express.Response, next: express.NextFunction) {
  16   oAuthServer.authenticate()(req, res, err => {
  17     if (err) {
  18       logger.warn('Cannot authenticate.', { err })
  19
  20       return res.status(err.status)
  21         .json({
  22           error: 'Token is invalid.',
  23           code: err.name
  24         })
  25         .end()
  26     }
  27
  28     return next()
  29   })
  30 }
  31
  32 function authenticateSocket (socket: Socket, next: (err?: any) => void) {
  33   const accessToken = socket.handshake.query.accessToken
  34
  35   logger.debug('Checking socket access token %s.', accessToken)
  36
  37   if (!accessToken) return next(new Error('No access token provided'))
  38
  39   getAccessToken(accessToken)
  40     .then(tokenDB => {
  41       const now = new Date()
  42
  43       if (!tokenDB || tokenDB.accessTokenExpiresAt < now || tokenDB.refreshTokenExpiresAt < now) {
  44         return next(new Error('Invalid access token.'))
  45       }
  46
  47       socket.handshake.query.user = tokenDB.User
  48
  49       return next()
  50     })
  51 }
  52
  53 function authenticatePromiseIfNeeded (req: express.Request, res: express.Response) {
  54   return new Promise(resolve => {
  55     // Already authenticated? (or tried to)
  56     if (res.locals.oauth && res.locals.oauth.token.User) return resolve()
  57
  58     if (res.locals.authenticated === false) return res.sendStatus(401)
  59
  60     authenticate(req, res, () => {
  61       return resolve()
  62     })
  63   })
  64 }
  65
  66 function optionalAuthenticate (req: express.Request, res: express.Response, next: express.NextFunction) {
  67   if (req.header('authorization')) return authenticate(req, res, next)
  68
  69   res.locals.authenticated = false
  70
  71   return next()
  72 }
  73
  74 function token (req: express.Request, res: express.Response, next: express.NextFunction) {
  75   return oAuthServer.token()(req, res, err => {
  76     if (err) {
  77       return res.status(err.status)
  78         .json({
  79           error: err.message,
  80           code: err.name
  81         })
  82         .end()
  83     }
  84
  85     return next()
  86   })
  87 }
  88
  89 // ---------------------------------------------------------------------------
  90
  91 export {
  92   authenticate,
  93   authenticateSocket,
  94   authenticatePromiseIfNeeded,
  95   optionalAuthenticate,
  96   token
  97 }