Make angular client load dynamically the generated client id/secret

diff --git a/client/angular/users/services/auth.service.ts b/client/angular/users/services/auth.service.ts
index 89412c3dff559abf555ae1664282253b08349236..c09f0a343ce149b625a5860e96b0d3ba3d2e164a 100644 (file)
--- a/client/angular/users/services/auth.service.ts
+++ b/client/angular/users/services/auth.service.ts
@@ -11,12 +11,29 @@ export class AuthService {
 
   private _loginChanged;
   private _baseLoginUrl = '/api/v1/users/token';
+  private _baseClientUrl = '/api/v1/users/client';
   private _clientId = '56f055587305d40b21904240';
   private _clientSecret = 'megustalabanana';
 
   constructor (private http: Http) {
     this._loginChanged = new Subject<AuthStatus>();
     this.loginChanged$ = this._loginChanged.asObservable();
+
+    // Fetch the client_id/client_secret
+    // FIXME: save in local storage?
+    this.http.get(this._baseClientUrl)
+      .map(res => res.json())
+      .catch(this.handleError)
+      .subscribe(
+        result => {
+          this._clientId = result.client_id;
+          this._clientSecret = result.client_secret;
+          console.log('Client credentials loaded.');
+        },
+        error => {
+          alert(error);
+        }
+      )
   }
 
   login(username: string, password: string) {

diff --git a/server/controllers/api/v1/users.js b/server/controllers/api/v1/users.js
index f45b470777229a1c7a2d7e6aa2716c5ebc835262..1125b9faa90bbdc7b67f528d3ed6bd1b5aefc4a9 100644 (file)
--- a/server/controllers/api/v1/users.js
+++ b/server/controllers/api/v1/users.js
@@ -1,13 +1,16 @@
 'use strict'
 
+const config = require('config')
 const express = require('express')
 const oAuth2 = require('../../../middlewares/oauth2')
 
 const middleware = require('../../../middlewares')
 const cacheMiddleware = middleware.cache
+const Users = require('../../../models/users')
 
 const router = express.Router()
 
+router.get('/client', cacheMiddleware.cache(false), getAngularClient)
 router.post('/token', cacheMiddleware.cache(false), oAuth2.token, success)
 
 // ---------------------------------------------------------------------------
@@ -16,6 +19,27 @@ module.exports = router
 
 // ---------------------------------------------------------------------------
 
+function getAngularClient (req, res, next) {
+  const server_host = config.get('webserver.host')
+  const server_port = config.get('webserver.port')
+  let header_host_should_be = server_host
+  if (server_port !== 80 && server_port !== 443) {
+    header_host_should_be += ':' + server_port
+  }
+
+  if (req.get('host') !== header_host_should_be) return res.type('json').status(403).end()
+
+  Users.getFirstClient(function (err, client) {
+    if (err) return next(err)
+    if (!client) return next(new Error('No client available.'))
+
+    res.json({
+      client_id: client._id,
+      client_secret: client.clientSecret
+    })
+  })
+}
+
 function success (req, res, next) {
   res.end()
 }

diff --git a/server/models/users.js b/server/models/users.js
index 046fe462d15d7638b18a3389604de5d87f716c86..a852bf25bdc3131464ce3ce87ee5c255addc25bf 100644 (file)
--- a/server/models/users.js
+++ b/server/models/users.js
@@ -35,6 +35,7 @@ const Users = {
   getAccessToken: getAccessToken,
   getClient: getClient,
   getClients: getClients,
+  getFirstClient: getFirstClient,
   getRefreshToken: getRefreshToken,
   getUser: getUser,
   getUsers: getUsers,
@@ -64,6 +65,10 @@ function getAccessToken (bearerToken, callback) {
   return OAuthTokensDB.findOne({ accessToken: bearerToken }).populate('user')
 }
 
+function getFirstClient (callback) {
+  return OAuthClientsDB.findOne({}, callback)
+}
+
 function getClient (clientId, clientSecret) {
   logger.debug('Getting Client (clientId: ' + clientId + ', clientSecret: ' + clientSecret + ').')