1 import express from 'express'
2 import { UserAdminFlag, UserRole } from '@shared/models'
3 import { MOAuthToken, MUser } from '../models'
5 export type RegisterServerAuthOptions = RegisterServerAuthPassOptions | RegisterServerAuthExternalOptions
7 export type AuthenticatedResultUpdaterFieldName = 'displayName' | 'role' | 'adminFlags' | 'videoQuota' | 'videoQuotaDaily'
9 export interface RegisterServerAuthenticatedResult {
10 // Update the user profile if it already exists
11 // Default behaviour is no update
12 // Introduced in PeerTube >= 5.1
13 userUpdater?: <T> (options: {
14 fieldName: AuthenticatedResultUpdaterFieldName
25 adminFlags?: UserAdminFlag
30 videoQuotaDaily?: number
33 export interface RegisterServerExternalAuthenticatedResult extends RegisterServerAuthenticatedResult {
38 interface RegisterServerAuthBase {
39 // Authentication name (a plugin can register multiple auth strategies)
42 // Called by PeerTube when a user from your plugin logged out
43 // Returns a redirectUrl sent to the client or nothing
44 onLogout?(user: MUser, req: express.Request): Promise<string>
46 // Your plugin can hook PeerTube access/refresh token validity
47 // So you can control for your plugin the user session lifetime
48 hookTokenValidity?(options: { token: MOAuthToken, type: 'access' | 'refresh' }): Promise<{ valid: boolean }>
51 export interface RegisterServerAuthPassOptions extends RegisterServerAuthBase {
52 // Weight of this authentication so PeerTube tries the auth methods in DESC weight order
55 // Used by PeerTube to login a user
56 // Returns null if the login failed, or { username, email } on success
60 }): Promise<RegisterServerAuthenticatedResult | null>
63 export interface RegisterServerAuthExternalOptions extends RegisterServerAuthBase {
64 // Will be displayed in a block next to the login form
65 authDisplayName: () => string
67 onAuthRequest: (req: express.Request, res: express.Response) => void
70 export interface RegisterServerAuthExternalResult {
71 userAuthenticated (options: RegisterServerExternalAuthenticatedResult): void