X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Flib%2Foauth-model.ts;h=45ac3e7c4fd88f57c1a585a5b7cdfe220c3c9b49;hb=e8a739e880593c3ffd07a634d5ff62690ed844f6;hp=f159ad6a90c4b8d7bd2a47880a346124df8d4d0b;hpb=141b177db088891e84040f68aa95008fb52f1d44;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/lib/oauth-model.ts b/server/lib/oauth-model.ts index f159ad6a9..45ac3e7c4 100644 --- a/server/lib/oauth-model.ts +++ b/server/lib/oauth-model.ts @@ -1,17 +1,63 @@ +import * as Bluebird from 'bluebird' import { AccessDeniedError } from 'oauth2-server' import { logger } from '../helpers/logger' import { UserModel } from '../models/account/user' import { OAuthClientModel } from '../models/oauth/oauth-client' import { OAuthTokenModel } from '../models/oauth/oauth-token' +import { CACHE } from '../initializers/constants' +import { Transaction } from 'sequelize' +import { CONFIG } from '../initializers/config' type TokenInfo = { accessToken: string, refreshToken: string, accessTokenExpiresAt: Date, refreshTokenExpiresAt: Date } +let accessTokenCache: { [ accessToken: string ]: OAuthTokenModel } = {} +let userHavingToken: { [ userId: number ]: string } = {} // --------------------------------------------------------------------------- +function deleteUserToken (userId: number, t?: Transaction) { + clearCacheByUserId(userId) + + return OAuthTokenModel.deleteUserToken(userId, t) +} + +function clearCacheByUserId (userId: number) { + const token = userHavingToken[userId] + if (token !== undefined) { + accessTokenCache[ token ] = undefined + userHavingToken[ userId ] = undefined + } +} + +function clearCacheByToken (token: string) { + const tokenModel = accessTokenCache[ token ] + if (tokenModel !== undefined) { + userHavingToken[tokenModel.userId] = undefined + accessTokenCache[ token ] = undefined + } +} + function getAccessToken (bearerToken: string) { logger.debug('Getting access token (bearerToken: ' + bearerToken + ').') + if (!bearerToken) return Bluebird.resolve(undefined) + + if (accessTokenCache[bearerToken] !== undefined) return Bluebird.resolve(accessTokenCache[bearerToken]) + return OAuthTokenModel.getByTokenAndPopulateUser(bearerToken) + .then(tokenModel => { + if (tokenModel) { + // Reinit our cache + if (Object.keys(accessTokenCache).length > CACHE.USER_TOKENS.MAX_SIZE) { + accessTokenCache = {} + userHavingToken = {} + } + + accessTokenCache[ bearerToken ] = tokenModel + userHavingToken[ tokenModel.userId ] = tokenModel.accessToken + } + + return tokenModel + }) } function getClient (clientId: string, clientSecret: string) { @@ -37,12 +83,21 @@ async function getUser (usernameOrEmail: string, password: string) { if (user.blocked) throw new AccessDeniedError('User is blocked.') + if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION && user.emailVerified === false) { + throw new AccessDeniedError('User email is not verified.') + } + return user } async function revokeToken (tokenInfo: TokenInfo) { const token = await OAuthTokenModel.getByRefreshTokenAndPopulateUser(tokenInfo.refreshToken) - if (token) token.destroy() + if (token) { + clearCacheByToken(token.accessToken) + + token.destroy() + .catch(err => logger.error('Cannot destroy token when revoking token.', { err })) + } /* * Thanks to https://github.com/manjeshpv/node-oauth2-server-implementation/blob/master/components/oauth/mongo-models.js @@ -77,6 +132,9 @@ async function saveToken (token: TokenInfo, client: OAuthClientModel, user: User // See https://github.com/oauthjs/node-oauth2-server/wiki/Model-specification for the model specifications export { + deleteUserToken, + clearCacheByUserId, + clearCacheByToken, getAccessToken, getClient, getRefreshToken,