aboutsummaryrefslogblamecommitdiffhomepage
path: root/server/middlewares/auth.ts
blob: 176461cc2cae41fb09aff44472adbb23080c2db7 (plain) (tree) 
69818c939

cef534ed5

f43db2f46

2d53be026

f43db2f46


9457bf880

eccf70f02

f43db2f46








0883b3245


76148b27f





f43db2f46

0c1cbbfe2


cef534ed5

fce7fe04e

cef534ed5



3acc50844

fbd51e69f

3acc50844

cef534ed5








fbd51e69f

cef534ed5



a15871560

cef534ed5


eccf70f02

ba5a8d89b

8d4273463

faa9d434b

8d4273463

76148b27f






8d4273463

eccf70f02

8d4273463



0883b3245



8d4273463


0883b3245



9457bf880


65fcc3119


cef534ed5

8d4273463

7fed63750

65fcc3119

1

2

3

4

5
6

7

8

9
10
11
12
13
14
15
16

17
18

19
20
21
22
23

24

25
26

27

28

29
30
31

32

33

34

35
36
37
38
39
40
41
42

43

44
45
46

47

48
49

50

51

52

53

54

55
56
57
58
59
60

61

62

63
64
65

66
67
68

69
70

71
72
73

74
75

76
77

78

79

80

81

                                  
                                  
                                                             
                                                                               

                                                           
 
                                                                                                                              







                                                        

                                                  




                                    
      

 
                                                                         
                                                           


                                                               
                                                                      
                                                                                        
 







                                                                                                  
                                               


                   
                                                                    

 
                                                                                                                 
                                       
                                           
                                                      
 





                                                
 
                                                                


    


                                                                                                         

                                  


               

                                                                              

               
                     
                              
                      
 
import * as express from 'express'
import { Socket } from 'socket.io'
import { getAccessToken } from '@server/lib/auth/oauth-model'
import { HttpStatusCode } from '../../shared/core-utils/miscs/http-error-codes'
import { logger } from '../helpers/logger'
import { handleOAuthAuthenticate } from '../lib/auth/oauth'

function authenticate (req: express.Request, res: express.Response, next: express.NextFunction, authenticateInQuery = false) {
  handleOAuthAuthenticate(req, res, authenticateInQuery)
    .then((token: any) => {
      res.locals.oauth = { token }
      res.locals.authenticated = true

      return next()
    })
    .catch(err => {
      logger.warn('Cannot authenticate.', { err })

      return res.fail({
        status: err.status,
        message: 'Token is invalid',
        type: err.name
      })
    })
}

function authenticateSocket (socket: Socket, next: (err?: any) => void) {
  const accessToken = socket.handshake.query['accessToken']

  logger.debug('Checking socket access token %s.', accessToken)

  if (!accessToken) return next(new Error('No access token provided'))
  if (typeof accessToken !== 'string') return next(new Error('Access token is invalid'))

  getAccessToken(accessToken)
    .then(tokenDB => {
      const now = new Date()

      if (!tokenDB || tokenDB.accessTokenExpiresAt < now || tokenDB.refreshTokenExpiresAt < now) {
        return next(new Error('Invalid access token.'))
      }

      socket.handshake.auth.user = tokenDB.User

      return next()
    })
    .catch(err => logger.error('Cannot get access token.', { err }))
}

function authenticatePromiseIfNeeded (req: express.Request, res: express.Response, authenticateInQuery = false) {
  return new Promise<void>(resolve => {
    // Already authenticated? (or tried to)
    if (res.locals.oauth?.token.User) return resolve()

    if (res.locals.authenticated === false) {
      return res.fail({
        status: HttpStatusCode.UNAUTHORIZED_401,
        message: 'Not authenticated'
      })
    }

    authenticate(req, res, () => resolve(), authenticateInQuery)
  })
}

function optionalAuthenticate (req: express.Request, res: express.Response, next: express.NextFunction) {
  if (req.header('authorization')) return authenticate(req, res, next)

  res.locals.authenticated = false

  return next()
}

// ---------------------------------------------------------------------------

export {
  authenticate,
  authenticateSocket,
  authenticatePromiseIfNeeded,
  optionalAuthenticate
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 02:47:56 +0000