X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Flib%2Foauth-model.ts;h=5cbe60b82c626ca8148ee5545d2da7a05c90fcf3;hb=58d515e32fe1d0133435b3a5e550c6ff24906fff;hp=3adcce7b0e1d4f25c01c784b2041c2340dcec364;hpb=ba12e8b3a6de8ac82101894abe7460b392fec42a;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/lib/oauth-model.ts b/server/lib/oauth-model.ts index 3adcce7b0..5cbe60b82 100644 --- a/server/lib/oauth-model.ts +++ b/server/lib/oauth-model.ts @@ -1,16 +1,53 @@ +import { AccessDeniedError } from 'oauth2-server' import { logger } from '../helpers/logger' import { UserModel } from '../models/account/user' import { OAuthClientModel } from '../models/oauth/oauth-client' import { OAuthTokenModel } from '../models/oauth/oauth-token' +import { CONFIG } from '../initializers/constants' +import { Transaction } from 'sequelize' type TokenInfo = { accessToken: string, refreshToken: string, accessTokenExpiresAt: Date, refreshTokenExpiresAt: Date } +const accessTokenCache: { [ accessToken: string ]: OAuthTokenModel } = {} +const userHavingToken: { [ userId: number ]: string } = {} // --------------------------------------------------------------------------- +function deleteUserToken (userId: number, t?: Transaction) { + clearCacheByUserId(userId) + + return OAuthTokenModel.deleteUserToken(userId, t) +} + +function clearCacheByUserId (userId: number) { + const token = userHavingToken[userId] + if (token !== undefined) { + accessTokenCache[ token ] = undefined + userHavingToken[ userId ] = undefined + } +} + +function clearCacheByToken (token: string) { + const tokenModel = accessTokenCache[ token ] + if (tokenModel !== undefined) { + userHavingToken[tokenModel.userId] = undefined + accessTokenCache[ token ] = undefined + } +} + function getAccessToken (bearerToken: string) { logger.debug('Getting access token (bearerToken: ' + bearerToken + ').') + if (accessTokenCache[bearerToken] !== undefined) return accessTokenCache[bearerToken] + return OAuthTokenModel.getByTokenAndPopulateUser(bearerToken) + .then(tokenModel => { + if (tokenModel) { + accessTokenCache[ bearerToken ] = tokenModel + userHavingToken[ tokenModel.userId ] = tokenModel.accessToken + } + + return tokenModel + }) } function getClient (clientId: string, clientSecret: string) { @@ -34,12 +71,23 @@ async function getUser (usernameOrEmail: string, password: string) { const passwordMatch = await user.isPasswordMatch(password) if (passwordMatch === false) return null + if (user.blocked) throw new AccessDeniedError('User is blocked.') + + if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION && user.emailVerified === false) { + throw new AccessDeniedError('User email is not verified.') + } + return user } async function revokeToken (tokenInfo: TokenInfo) { const token = await OAuthTokenModel.getByRefreshTokenAndPopulateUser(tokenInfo.refreshToken) - if (token) token.destroy() + if (token) { + clearCacheByToken(token.accessToken) + + token.destroy() + .catch(err => logger.error('Cannot destroy token when revoking token.', { err })) + } /* * Thanks to https://github.com/manjeshpv/node-oauth2-server-implementation/blob/master/components/oauth/mongo-models.js @@ -67,15 +115,16 @@ async function saveToken (token: TokenInfo, client: OAuthClientModel, user: User } const tokenCreated = await OAuthTokenModel.create(tokenToCreate) - const tokenToReturn = Object.assign(tokenCreated, { client, user }) - - return tokenToReturn + return Object.assign(tokenCreated, { client, user }) } // --------------------------------------------------------------------------- // See https://github.com/oauthjs/node-oauth2-server/wiki/Model-specification for the model specifications export { + deleteUserToken, + clearCacheByUserId, + clearCacheByToken, getAccessToken, getClient, getRefreshToken,