diff options
author | Chocobozzz <florian.bigard@gmail.com> | 2016-03-21 11:56:33 +0100 |
---|---|---|
committer | Chocobozzz <florian.bigard@gmail.com> | 2016-03-21 11:56:33 +0100 |
commit | 9457bf88079a23d28011ff7c65faa56a548b7817 (patch) | |
tree | f4507aa5ad04b7fca4ab49acee5aa97c6c962f6c | |
parent | 233d12d8b1916eae5bae230dc965045adb89a173 (diff) | |
download | PeerTube-9457bf88079a23d28011ff7c65faa56a548b7817.tar.gz PeerTube-9457bf88079a23d28011ff7c65faa56a548b7817.tar.zst PeerTube-9457bf88079a23d28011ff7c65faa56a548b7817.zip |
OAuth server: first draft
-rw-r--r-- | package.json | 5 | ||||
-rw-r--r-- | server.js | 8 | ||||
-rw-r--r-- | server/controllers/api/v1/index.js | 2 | ||||
-rw-r--r-- | server/controllers/api/v1/users.js | 22 | ||||
-rw-r--r-- | server/middlewares/oauth2.js | 11 | ||||
-rw-r--r-- | server/models/users.js | 108 |
6 files changed, 154 insertions, 2 deletions
diff --git a/package.json b/package.json index a5f32fe11..e94d34fa1 100644 --- a/package.json +++ b/package.json | |||
@@ -31,7 +31,7 @@ | |||
31 | "client:tsc": "cd client && npm run tsc", | 31 | "client:tsc": "cd client && npm run tsc", |
32 | "client:tsc:watch": "cd client && npm run tsc:w", | 32 | "client:tsc:watch": "cd client && npm run tsc:w", |
33 | "client:tsc:clean": "cd client && find angular -regextype posix-egrep -regex \".*\\.(js|map)$\" -exec rm -f {} \\;", | 33 | "client:tsc:clean": "cd client && find angular -regextype posix-egrep -regex \".*\\.(js|map)$\" -exec rm -f {} \\;", |
34 | "dev": "npm run build && concurrently \"npm run livereload\" \"npm run client:tsc:watch\" \"npm run client:sass:watch\" \"npm start\"", | 34 | "dev": "npm run build && NODE_ENV=test concurrently \"npm run livereload\" \"npm run client:tsc:watch\" \"npm run client:sass:watch\" \"npm start\"", |
35 | "livereload": "livereload ./client", | 35 | "livereload": "livereload ./client", |
36 | "start": "node server", | 36 | "start": "node server", |
37 | "test": "standard && mocha server/tests", | 37 | "test": "standard && mocha server/tests", |
@@ -48,6 +48,7 @@ | |||
48 | "dezalgo": "^1.0.3", | 48 | "dezalgo": "^1.0.3", |
49 | "electron-spawn": "https://github.com/Chocobozzz/electron-spawn", | 49 | "electron-spawn": "https://github.com/Chocobozzz/electron-spawn", |
50 | "express": "^4.12.4", | 50 | "express": "^4.12.4", |
51 | "express-oauth-server": "https://github.com/oauthjs/express-oauth-server", | ||
51 | "express-validator": "^2.11.0", | 52 | "express-validator": "^2.11.0", |
52 | "js-yaml": "^3.5.4", | 53 | "js-yaml": "^3.5.4", |
53 | "lodash-node": "^3.10.2", | 54 | "lodash-node": "^3.10.2", |
@@ -62,7 +63,7 @@ | |||
62 | "segfault-handler": "^1.0.0", | 63 | "segfault-handler": "^1.0.0", |
63 | "ursa": "^0.9.1", | 64 | "ursa": "^0.9.1", |
64 | "validator": "^5.0.0", | 65 | "validator": "^5.0.0", |
65 | "webtorrent": "^0.85.1", | 66 | "webtorrent": "^0.86.0", |
66 | "winston": "^2.1.1", | 67 | "winston": "^2.1.1", |
67 | "ws": "^1.0.1" | 68 | "ws": "^1.0.1" |
68 | }, | 69 | }, |
@@ -119,6 +119,14 @@ app.use(function (err, req, res, next) { | |||
119 | res.sendStatus(err.status || 500) | 119 | res.sendStatus(err.status || 500) |
120 | }) | 120 | }) |
121 | 121 | ||
122 | // TODO: move into initializer | ||
123 | require('./server/models/users').createClient('coucou', [ 'password' ], function (err, id) { | ||
124 | if (err) throw err | ||
125 | logger.info('Client id: ' + id) | ||
126 | |||
127 | require('./server/models/users').createUser('floflo', 'coucou', function () {}) | ||
128 | }) | ||
129 | |||
122 | // ----------- Create the certificates if they don't already exist ----------- | 130 | // ----------- Create the certificates if they don't already exist ----------- |
123 | peertubeCrypto.createCertsIfNotExist(function (err) { | 131 | peertubeCrypto.createCertsIfNotExist(function (err) { |
124 | if (err) throw err | 132 | if (err) throw err |
diff --git a/server/controllers/api/v1/index.js b/server/controllers/api/v1/index.js index 45f07ae1f..7b3ec32c0 100644 --- a/server/controllers/api/v1/index.js +++ b/server/controllers/api/v1/index.js | |||
@@ -6,10 +6,12 @@ const router = express.Router() | |||
6 | 6 | ||
7 | const podsController = require('./pods') | 7 | const podsController = require('./pods') |
8 | const remoteVideosController = require('./remoteVideos') | 8 | const remoteVideosController = require('./remoteVideos') |
9 | const usersController = require('./users') | ||
9 | const videosController = require('./videos') | 10 | const videosController = require('./videos') |
10 | 11 | ||
11 | router.use('/pods', podsController) | 12 | router.use('/pods', podsController) |
12 | router.use('/remotevideos', remoteVideosController) | 13 | router.use('/remotevideos', remoteVideosController) |
14 | router.use('/users', usersController) | ||
13 | router.use('/videos', videosController) | 15 | router.use('/videos', videosController) |
14 | router.use('/*', badRequest) | 16 | router.use('/*', badRequest) |
15 | 17 | ||
diff --git a/server/controllers/api/v1/users.js b/server/controllers/api/v1/users.js new file mode 100644 index 000000000..acb860c66 --- /dev/null +++ b/server/controllers/api/v1/users.js | |||
@@ -0,0 +1,22 @@ | |||
1 | 'use strict' | ||
2 | |||
3 | var express = require('express') | ||
4 | var oAuth2 = require('../../../middlewares/oauth2') | ||
5 | |||
6 | const middleware = require('../../../middlewares') | ||
7 | const cacheMiddleware = middleware.cache | ||
8 | |||
9 | const router = express.Router() | ||
10 | |||
11 | router.post('/token', cacheMiddleware.cache(false), oAuth2.token(), success) | ||
12 | router.get('/authenticate', cacheMiddleware.cache(false), oAuth2.authenticate(), success) | ||
13 | |||
14 | // --------------------------------------------------------------------------- | ||
15 | |||
16 | module.exports = router | ||
17 | |||
18 | // --------------------------------------------------------------------------- | ||
19 | |||
20 | function success (req, res, next) { | ||
21 | res.end() | ||
22 | } | ||
diff --git a/server/middlewares/oauth2.js b/server/middlewares/oauth2.js new file mode 100644 index 000000000..a1fa61fbb --- /dev/null +++ b/server/middlewares/oauth2.js | |||
@@ -0,0 +1,11 @@ | |||
1 | 'use strict' | ||
2 | |||
3 | const OAuthServer = require('express-oauth-server') | ||
4 | |||
5 | const oAuth2 = new OAuthServer({ | ||
6 | model: require('../models/users') | ||
7 | }) | ||
8 | |||
9 | // --------------------------------------------------------------------------- | ||
10 | |||
11 | module.exports = oAuth2 | ||
diff --git a/server/models/users.js b/server/models/users.js new file mode 100644 index 000000000..355d991bd --- /dev/null +++ b/server/models/users.js | |||
@@ -0,0 +1,108 @@ | |||
1 | const mongoose = require('mongoose') | ||
2 | |||
3 | const logger = require('../helpers/logger') | ||
4 | |||
5 | // --------------------------------------------------------------------------- | ||
6 | |||
7 | const oAuthTokensSchema = mongoose.Schema({ | ||
8 | accessToken: String, | ||
9 | accessTokenExpiresOn: Date, | ||
10 | client: { type: mongoose.Schema.Types.ObjectId, ref: 'oAuthClients' }, | ||
11 | refreshToken: String, | ||
12 | refreshTokenExpiresOn: Date, | ||
13 | user: { type: mongoose.Schema.Types.ObjectId, ref: 'users' } | ||
14 | }) | ||
15 | const OAuthTokensDB = mongoose.model('oAuthTokens', oAuthTokensSchema) | ||
16 | |||
17 | const oAuthClientsSchema = mongoose.Schema({ | ||
18 | clientSecret: String, | ||
19 | grants: Array, | ||
20 | redirectUris: Array | ||
21 | }) | ||
22 | const OAuthClientsDB = mongoose.model('oAuthClients', oAuthClientsSchema) | ||
23 | |||
24 | const usersSchema = mongoose.Schema({ | ||
25 | password: String, | ||
26 | username: String | ||
27 | }) | ||
28 | const UsersDB = mongoose.model('users', usersSchema) | ||
29 | |||
30 | // --------------------------------------------------------------------------- | ||
31 | |||
32 | const Users = { | ||
33 | createClient: createClient, | ||
34 | createUser: createUser, | ||
35 | getAccessToken: getAccessToken, | ||
36 | getClient: getClient, | ||
37 | getRefreshToken: getRefreshToken, | ||
38 | getUser: getUser, | ||
39 | saveToken: saveToken | ||
40 | } | ||
41 | |||
42 | function createClient (secret, grants, callback) { | ||
43 | logger.debug('Creating client.') | ||
44 | |||
45 | const mongo_id = new mongoose.mongo.ObjectID() | ||
46 | return OAuthClientsDB.create({ _id: mongo_id, clientSecret: secret, grants: grants }, function (err) { | ||
47 | if (err) return callback(err) | ||
48 | |||
49 | return callback(null, mongo_id) | ||
50 | }) | ||
51 | } | ||
52 | |||
53 | function createUser (username, password, callback) { | ||
54 | logger.debug('Creating user.') | ||
55 | |||
56 | return UsersDB.create({ username: username, password: password }, callback) | ||
57 | } | ||
58 | |||
59 | function getAccessToken (bearerToken, callback) { | ||
60 | logger.debug('Getting access token (bearerToken: ' + bearerToken + ').') | ||
61 | |||
62 | return OAuthTokensDB.findOne({ accessToken: bearerToken }).populate('user') | ||
63 | } | ||
64 | |||
65 | function getClient (clientId, clientSecret) { | ||
66 | logger.debug('Getting Client (clientId: ' + clientId + ', clientSecret: ' + clientSecret + ').') | ||
67 | |||
68 | // TODO req validator | ||
69 | const mongo_id = new mongoose.mongo.ObjectID(clientId) | ||
70 | return OAuthClientsDB.findOne({ _id: mongo_id, clientSecret: clientSecret }) | ||
71 | } | ||
72 | |||
73 | function getRefreshToken (refreshToken) { | ||
74 | logger.debug('Getting RefreshToken (refreshToken: ' + refreshToken + ').') | ||
75 | |||
76 | return OAuthTokensDB.findOne({ refreshToken: refreshToken }) | ||
77 | } | ||
78 | |||
79 | function getUser (username, password) { | ||
80 | logger.debug('Getting User (username: ' + username + ', password: ' + password + ').') | ||
81 | return UsersDB.findOne({ username: username, password: password }) | ||
82 | } | ||
83 | |||
84 | function saveToken (token, client, user) { | ||
85 | logger.debug('Saving token for client ' + client.id + ' and user ' + user.id + '.') | ||
86 | |||
87 | const token_to_create = { | ||
88 | accessToken: token.accessToken, | ||
89 | accessTokenExpiresOn: token.accessTokenExpiresOn, | ||
90 | client: client.id, | ||
91 | refreshToken: token.refreshToken, | ||
92 | refreshTokenExpiresOn: token.refreshTokenExpiresOn, | ||
93 | user: user.id | ||
94 | } | ||
95 | |||
96 | return OAuthTokensDB.create(token_to_create, function (err, token_created) { | ||
97 | if (err) throw err // node-oauth2-server library use Promise.try | ||
98 | |||
99 | token_created.client = client | ||
100 | token_created.user = user | ||
101 | |||
102 | return token_created | ||
103 | }) | ||
104 | } | ||
105 | |||
106 | // --------------------------------------------------------------------------- | ||
107 | |||
108 | module.exports = Users | ||