Begin auth plugin support

author: Chocobozzz <me@florianbigard.com> 2020-04-22 16:07:04 +0200
committer: Chocobozzz <chocobozzz@cpy.re> 2020-05-04 16:21:39 +0200
commit: 7fed637506043e4432cbebe041ada0625171cceb (patch)
tree: 07f174e17c4b4a0b3d43a0fa6944865c06234338 /server/lib/auth.ts
parent: 8d4197637868d5cde49434e937186b57e40f4b2b (diff)
download: PeerTube-7fed637506043e4432cbebe041ada0625171cceb.tar.gz
PeerTube-7fed637506043e4432cbebe041ada0625171cceb.tar.zst
PeerTube-7fed637506043e4432cbebe041ada0625171cceb.zip
1 files changed, 101 insertions, 0 deletions
diff --git a/server/lib/auth.ts b/server/lib/auth.ts
new file mode 100644
index 000000000..18d52fa5a
--- /dev/null
+++ b/server/lib/auth.ts
@@ -0,0 +1,101 @@
+import * as express from 'express'
+import { OAUTH_LIFETIME } from '@server/initializers/constants'
+import * as OAuthServer from 'express-oauth-server'
+import { PluginManager } from '@server/lib/plugins/plugin-manager'
+import { RegisterServerAuthPassOptions } from '@shared/models/plugins/register-server-auth.model'
+import { logger } from '@server/helpers/logger'
+import { UserRole } from '@shared/models'
+const oAuthServer = new OAuthServer({
+  useErrorHandler: true,
+  accessTokenLifetime: OAUTH_LIFETIME.ACCESS_TOKEN,
+  refreshTokenLifetime: OAUTH_LIFETIME.REFRESH_TOKEN,
+  continueMiddleware: true,
+  model: require('./oauth-model')
+})
+function onExternalAuthPlugin (npmName: string, username: string, email: string) {
+}
+async function handleIdAndPassLogin (req: express.Request, res: express.Response, next: express.NextFunction) {
+  const plugins = PluginManager.Instance.getIdAndPassAuths()
+  const pluginAuths: { npmName?: string, registerAuthOptions: RegisterServerAuthPassOptions }[] = []
+  for (const plugin of plugins) {
+    const auths = plugin.idAndPassAuths
+    for (const auth of auths) {
+      pluginAuths.push({
+        npmName: plugin.npmName,
+        registerAuthOptions: auth
+      })
+    }
+  }
+  pluginAuths.sort((a, b) => {
+    const aWeight = a.registerAuthOptions.getWeight()
+    const bWeight = b.registerAuthOptions.getWeight()
+    if (aWeight === bWeight) return 0
+    if (aWeight > bWeight) return 1
+    return -1
+  })
+  const loginOptions = {
+    id: req.body.username,
+    password: req.body.password
+  }
+  for (const pluginAuth of pluginAuths) {
+    logger.debug(
+      'Using auth method of %s to login %s with weight %d.',
+      pluginAuth.npmName, loginOptions.id, pluginAuth.registerAuthOptions.getWeight()
+    )
+    const loginResult = await pluginAuth.registerAuthOptions.login(loginOptions)
+    if (loginResult) {
+      logger.info('Login success with plugin %s for %s.', pluginAuth.npmName, loginOptions.id)
+      res.locals.bypassLogin = {
+        bypass: true,
+        pluginName: pluginAuth.npmName,
+        user: {
+          username: loginResult.username,
+          email: loginResult.email,
+          role: loginResult.role || UserRole.USER,
+          displayName: loginResult.displayName || loginResult.username
+        }
+      }
+      break
+    }
+  }
+  return localLogin(req, res, next)
+}
+// ---------------------------------------------------------------------------
+export {
+  oAuthServer,
+  handleIdAndPassLogin,
+  onExternalAuthPlugin
+}
+// ---------------------------------------------------------------------------
+function localLogin (req: express.Request, res: express.Response, next: express.NextFunction) {
+  return oAuthServer.token()(req, res, err => {
+    if (err) {
+      return res.status(err.status)
+                .json({
+                  error: err.message,
+                  code: err.name
+                })
+                .end()
+    }
+    return next()
+  })
+}
author	Chocobozzz <me@florianbigard.com>	2020-04-22 16:07:04 +0200
committer	Chocobozzz <chocobozzz@cpy.re>	2020-05-04 16:21:39 +0200
commit	7fed637506043e4432cbebe041ada0625171cceb (patch)
tree	07f174e17c4b4a0b3d43a0fa6944865c06234338 /server/lib/auth.ts
parent	8d4197637868d5cde49434e937186b57e40f4b2b (diff)
download	PeerTube-7fed637506043e4432cbebe041ada0625171cceb.tar.gz PeerTube-7fed637506043e4432cbebe041ada0625171cceb.tar.zst PeerTube-7fed637506043e4432cbebe041ada0625171cceb.zip

diff --git a/server/lib/auth.ts b/server/lib/auth.ts new file mode 100644 index 000000000..18d52fa5a --- /dev/null +++ b/server/lib/auth.ts
@@ -0,0 +1,101 @@
	1	import * as express from 'express'
	2	import { OAUTH_LIFETIME } from '@server/initializers/constants'
	3	import * as OAuthServer from 'express-oauth-server'
	4	import { PluginManager } from '@server/lib/plugins/plugin-manager'
	5	import { RegisterServerAuthPassOptions } from '@shared/models/plugins/register-server-auth.model'
	6	import { logger } from '@server/helpers/logger'
	7	import { UserRole } from '@shared/models'
	8
	9	const oAuthServer = new OAuthServer({
	10	useErrorHandler: true,
	11	accessTokenLifetime: OAUTH_LIFETIME.ACCESS_TOKEN,
	12	refreshTokenLifetime: OAUTH_LIFETIME.REFRESH_TOKEN,
	13	continueMiddleware: true,
	14	model: require('./oauth-model')
	15	})
	16
	17	function onExternalAuthPlugin (npmName: string, username: string, email: string) {
	18
	19	}
	20
	21	async function handleIdAndPassLogin (req: express.Request, res: express.Response, next: express.NextFunction) {
	22	const plugins = PluginManager.Instance.getIdAndPassAuths()
	23	const pluginAuths: { npmName?: string, registerAuthOptions: RegisterServerAuthPassOptions }[] = []
	24
	25	for (const plugin of plugins) {
	26	const auths = plugin.idAndPassAuths
	27
	28	for (const auth of auths) {
	29	pluginAuths.push({
	30	npmName: plugin.npmName,
	31	registerAuthOptions: auth
	32	})
	33	}
	34	}
	35
	36	pluginAuths.sort((a, b) => {
	37	const aWeight = a.registerAuthOptions.getWeight()
	38	const bWeight = b.registerAuthOptions.getWeight()
	39
	40	if (aWeight === bWeight) return 0
	41	if (aWeight > bWeight) return 1
	42	return -1
	43	})
	44
	45	const loginOptions = {
	46	id: req.body.username,
	47	password: req.body.password
	48	}
	49
	50	for (const pluginAuth of pluginAuths) {
	51	logger.debug(
	52	'Using auth method of %s to login %s with weight %d.',
	53	pluginAuth.npmName, loginOptions.id, pluginAuth.registerAuthOptions.getWeight()
	54	)
	55
	56	const loginResult = await pluginAuth.registerAuthOptions.login(loginOptions)
	57	if (loginResult) {
	58	logger.info('Login success with plugin %s for %s.', pluginAuth.npmName, loginOptions.id)
	59
	60	res.locals.bypassLogin = {
	61	bypass: true,
	62	pluginName: pluginAuth.npmName,
	63	user: {
	64	username: loginResult.username,
	65	email: loginResult.email,
	66	role: loginResult.role \|\| UserRole.USER,
	67	displayName: loginResult.displayName \|\| loginResult.username
	68	}
	69	}
	70
	71	break
	72	}
	73	}
	74
	75	return localLogin(req, res, next)
	76	}
	77
	78	// ---------------------------------------------------------------------------
	79
	80	export {
	81	oAuthServer,
	82	handleIdAndPassLogin,
	83	onExternalAuthPlugin
	84	}
	85
	86	// ---------------------------------------------------------------------------
	87
	88	function localLogin (req: express.Request, res: express.Response, next: express.NextFunction) {
	89	return oAuthServer.token()(req, res, err => {
	90	if (err) {
	91	return res.status(err.status)
	92	.json({
	93	error: err.message,
	94	code: err.name
	95	})
	96	.end()
	97	}
	98
	99	return next()
	100	})
	101	}