X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Flib%2Foauth-model.ts;h=45ac3e7c4fd88f57c1a585a5b7cdfe220c3c9b49;hb=e8a739e880593c3ffd07a634d5ff62690ed844f6;hp=dce71e83bb4e4677b2ec042b6284911b93f0af72;hpb=3fd3ab2d34d512b160a5e6084d7609be7b4f4452;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/lib/oauth-model.ts b/server/lib/oauth-model.ts index dce71e83b..45ac3e7c4 100644 --- a/server/lib/oauth-model.ts +++ b/server/lib/oauth-model.ts @@ -1,16 +1,63 @@ -import { logger } from '../helpers' +import * as Bluebird from 'bluebird' +import { AccessDeniedError } from 'oauth2-server' +import { logger } from '../helpers/logger' import { UserModel } from '../models/account/user' import { OAuthClientModel } from '../models/oauth/oauth-client' import { OAuthTokenModel } from '../models/oauth/oauth-token' +import { CACHE } from '../initializers/constants' +import { Transaction } from 'sequelize' +import { CONFIG } from '../initializers/config' type TokenInfo = { accessToken: string, refreshToken: string, accessTokenExpiresAt: Date, refreshTokenExpiresAt: Date } +let accessTokenCache: { [ accessToken: string ]: OAuthTokenModel } = {} +let userHavingToken: { [ userId: number ]: string } = {} // --------------------------------------------------------------------------- +function deleteUserToken (userId: number, t?: Transaction) { + clearCacheByUserId(userId) + + return OAuthTokenModel.deleteUserToken(userId, t) +} + +function clearCacheByUserId (userId: number) { + const token = userHavingToken[userId] + if (token !== undefined) { + accessTokenCache[ token ] = undefined + userHavingToken[ userId ] = undefined + } +} + +function clearCacheByToken (token: string) { + const tokenModel = accessTokenCache[ token ] + if (tokenModel !== undefined) { + userHavingToken[tokenModel.userId] = undefined + accessTokenCache[ token ] = undefined + } +} + function getAccessToken (bearerToken: string) { logger.debug('Getting access token (bearerToken: ' + bearerToken + ').') + if (!bearerToken) return Bluebird.resolve(undefined) + + if (accessTokenCache[bearerToken] !== undefined) return Bluebird.resolve(accessTokenCache[bearerToken]) + return OAuthTokenModel.getByTokenAndPopulateUser(bearerToken) + .then(tokenModel => { + if (tokenModel) { + // Reinit our cache + if (Object.keys(accessTokenCache).length > CACHE.USER_TOKENS.MAX_SIZE) { + accessTokenCache = {} + userHavingToken = {} + } + + accessTokenCache[ bearerToken ] = tokenModel + userHavingToken[ tokenModel.userId ] = tokenModel.accessToken + } + + return tokenModel + }) } function getClient (clientId: string, clientSecret: string) { @@ -25,21 +72,32 @@ function getRefreshToken (refreshToken: string) { return OAuthTokenModel.getByRefreshTokenAndPopulateClient(refreshToken) } -async function getUser (username: string, password: string) { - logger.debug('Getting User (username: ' + username + ', password: ******).') +async function getUser (usernameOrEmail: string, password: string) { + logger.debug('Getting User (username/email: ' + usernameOrEmail + ', password: ******).') - const user = await UserModel.getByUsername(username) + const user = await UserModel.loadByUsernameOrEmail(usernameOrEmail) if (!user) return null const passwordMatch = await user.isPasswordMatch(password) if (passwordMatch === false) return null + if (user.blocked) throw new AccessDeniedError('User is blocked.') + + if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION && user.emailVerified === false) { + throw new AccessDeniedError('User email is not verified.') + } + return user } async function revokeToken (tokenInfo: TokenInfo) { const token = await OAuthTokenModel.getByRefreshTokenAndPopulateUser(tokenInfo.refreshToken) - if (token) token.destroy() + if (token) { + clearCacheByToken(token.accessToken) + + token.destroy() + .catch(err => logger.error('Cannot destroy token when revoking token.', { err })) + } /* * Thanks to https://github.com/manjeshpv/node-oauth2-server-implementation/blob/master/components/oauth/mongo-models.js @@ -67,15 +125,16 @@ async function saveToken (token: TokenInfo, client: OAuthClientModel, user: User } const tokenCreated = await OAuthTokenModel.create(tokenToCreate) - const tokenToReturn = Object.assign(tokenCreated, { client, user }) - - return tokenToReturn + return Object.assign(tokenCreated, { client, user }) } // --------------------------------------------------------------------------- // See https://github.com/oauthjs/node-oauth2-server/wiki/Model-specification for the model specifications export { + deleteUserToken, + clearCacheByUserId, + clearCacheByToken, getAccessToken, getClient, getRefreshToken,