diff options
author | Chocobozzz <florian.bigard@gmail.com> | 2016-04-27 22:11:48 +0200 |
---|---|---|
committer | Chocobozzz <florian.bigard@gmail.com> | 2016-04-27 22:11:48 +0200 |
commit | 23a5a916dba8960e77e0dcc9f9050e0df0a5f60b (patch) | |
tree | 4b13e967a5b9715ba2c6b74681f13e6ccdfa86e4 | |
parent | 2693922352c23401b658720251db2966c92614bb (diff) | |
download | PeerTube-23a5a916dba8960e77e0dcc9f9050e0df0a5f60b.tar.gz PeerTube-23a5a916dba8960e77e0dcc9f9050e0df0a5f60b.tar.zst PeerTube-23a5a916dba8960e77e0dcc9f9050e0df0a5f60b.zip |
Make angular client load dynamically the generated client id/secret
-rw-r--r-- | client/angular/users/services/auth.service.ts | 17 | ||||
-rw-r--r-- | server/controllers/api/v1/users.js | 24 | ||||
-rw-r--r-- | server/models/users.js | 5 |
3 files changed, 46 insertions, 0 deletions
diff --git a/client/angular/users/services/auth.service.ts b/client/angular/users/services/auth.service.ts index 89412c3df..c09f0a343 100644 --- a/client/angular/users/services/auth.service.ts +++ b/client/angular/users/services/auth.service.ts | |||
@@ -11,12 +11,29 @@ export class AuthService { | |||
11 | 11 | ||
12 | private _loginChanged; | 12 | private _loginChanged; |
13 | private _baseLoginUrl = '/api/v1/users/token'; | 13 | private _baseLoginUrl = '/api/v1/users/token'; |
14 | private _baseClientUrl = '/api/v1/users/client'; | ||
14 | private _clientId = '56f055587305d40b21904240'; | 15 | private _clientId = '56f055587305d40b21904240'; |
15 | private _clientSecret = 'megustalabanana'; | 16 | private _clientSecret = 'megustalabanana'; |
16 | 17 | ||
17 | constructor (private http: Http) { | 18 | constructor (private http: Http) { |
18 | this._loginChanged = new Subject<AuthStatus>(); | 19 | this._loginChanged = new Subject<AuthStatus>(); |
19 | this.loginChanged$ = this._loginChanged.asObservable(); | 20 | this.loginChanged$ = this._loginChanged.asObservable(); |
21 | |||
22 | // Fetch the client_id/client_secret | ||
23 | // FIXME: save in local storage? | ||
24 | this.http.get(this._baseClientUrl) | ||
25 | .map(res => res.json()) | ||
26 | .catch(this.handleError) | ||
27 | .subscribe( | ||
28 | result => { | ||
29 | this._clientId = result.client_id; | ||
30 | this._clientSecret = result.client_secret; | ||
31 | console.log('Client credentials loaded.'); | ||
32 | }, | ||
33 | error => { | ||
34 | alert(error); | ||
35 | } | ||
36 | ) | ||
20 | } | 37 | } |
21 | 38 | ||
22 | login(username: string, password: string) { | 39 | login(username: string, password: string) { |
diff --git a/server/controllers/api/v1/users.js b/server/controllers/api/v1/users.js index f45b47077..1125b9faa 100644 --- a/server/controllers/api/v1/users.js +++ b/server/controllers/api/v1/users.js | |||
@@ -1,13 +1,16 @@ | |||
1 | 'use strict' | 1 | 'use strict' |
2 | 2 | ||
3 | const config = require('config') | ||
3 | const express = require('express') | 4 | const express = require('express') |
4 | const oAuth2 = require('../../../middlewares/oauth2') | 5 | const oAuth2 = require('../../../middlewares/oauth2') |
5 | 6 | ||
6 | const middleware = require('../../../middlewares') | 7 | const middleware = require('../../../middlewares') |
7 | const cacheMiddleware = middleware.cache | 8 | const cacheMiddleware = middleware.cache |
9 | const Users = require('../../../models/users') | ||
8 | 10 | ||
9 | const router = express.Router() | 11 | const router = express.Router() |
10 | 12 | ||
13 | router.get('/client', cacheMiddleware.cache(false), getAngularClient) | ||
11 | router.post('/token', cacheMiddleware.cache(false), oAuth2.token, success) | 14 | router.post('/token', cacheMiddleware.cache(false), oAuth2.token, success) |
12 | 15 | ||
13 | // --------------------------------------------------------------------------- | 16 | // --------------------------------------------------------------------------- |
@@ -16,6 +19,27 @@ module.exports = router | |||
16 | 19 | ||
17 | // --------------------------------------------------------------------------- | 20 | // --------------------------------------------------------------------------- |
18 | 21 | ||
22 | function getAngularClient (req, res, next) { | ||
23 | const server_host = config.get('webserver.host') | ||
24 | const server_port = config.get('webserver.port') | ||
25 | let header_host_should_be = server_host | ||
26 | if (server_port !== 80 && server_port !== 443) { | ||
27 | header_host_should_be += ':' + server_port | ||
28 | } | ||
29 | |||
30 | if (req.get('host') !== header_host_should_be) return res.type('json').status(403).end() | ||
31 | |||
32 | Users.getFirstClient(function (err, client) { | ||
33 | if (err) return next(err) | ||
34 | if (!client) return next(new Error('No client available.')) | ||
35 | |||
36 | res.json({ | ||
37 | client_id: client._id, | ||
38 | client_secret: client.clientSecret | ||
39 | }) | ||
40 | }) | ||
41 | } | ||
42 | |||
19 | function success (req, res, next) { | 43 | function success (req, res, next) { |
20 | res.end() | 44 | res.end() |
21 | } | 45 | } |
diff --git a/server/models/users.js b/server/models/users.js index 046fe462d..a852bf25b 100644 --- a/server/models/users.js +++ b/server/models/users.js | |||
@@ -35,6 +35,7 @@ const Users = { | |||
35 | getAccessToken: getAccessToken, | 35 | getAccessToken: getAccessToken, |
36 | getClient: getClient, | 36 | getClient: getClient, |
37 | getClients: getClients, | 37 | getClients: getClients, |
38 | getFirstClient: getFirstClient, | ||
38 | getRefreshToken: getRefreshToken, | 39 | getRefreshToken: getRefreshToken, |
39 | getUser: getUser, | 40 | getUser: getUser, |
40 | getUsers: getUsers, | 41 | getUsers: getUsers, |
@@ -64,6 +65,10 @@ function getAccessToken (bearerToken, callback) { | |||
64 | return OAuthTokensDB.findOne({ accessToken: bearerToken }).populate('user') | 65 | return OAuthTokensDB.findOne({ accessToken: bearerToken }).populate('user') |
65 | } | 66 | } |
66 | 67 | ||
68 | function getFirstClient (callback) { | ||
69 | return OAuthClientsDB.findOne({}, callback) | ||
70 | } | ||
71 | |||
67 | function getClient (clientId, clientSecret) { | 72 | function getClient (clientId, clientSecret) { |
68 | logger.debug('Getting Client (clientId: ' + clientId + ', clientSecret: ' + clientSecret + ').') | 73 | logger.debug('Getting Client (clientId: ' + clientId + ', clientSecret: ' + clientSecret + ').') |
69 | 74 | ||