aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/lib/auth.ts
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2020-04-24 11:33:01 +0200
committerChocobozzz <chocobozzz@cpy.re>2020-05-04 16:21:39 +0200
commite307e4fce39853d445d086f92b8c556c363ee15d (patch)
tree0f3faaf3c73222db0fb55b72260c787aeeeb05eb /server/lib/auth.ts
parente1c5503114deef954731904695cd40dccfcef555 (diff)
downloadPeerTube-e307e4fce39853d445d086f92b8c556c363ee15d.tar.gz
PeerTube-e307e4fce39853d445d086f92b8c556c363ee15d.tar.zst
PeerTube-e307e4fce39853d445d086f92b8c556c363ee15d.zip
Add ability for auth plugins to hook tokens validity
Diffstat (limited to 'server/lib/auth.ts')
-rw-r--r--server/lib/auth.ts128
1 files changed, 70 insertions, 58 deletions
diff --git a/server/lib/auth.ts b/server/lib/auth.ts
index 3495571db..c2a6fcaff 100644
--- a/server/lib/auth.ts
+++ b/server/lib/auth.ts
@@ -6,6 +6,7 @@ import { RegisterServerAuthPassOptions } from '@shared/models/plugins/register-s
6import { logger } from '@server/helpers/logger' 6import { logger } from '@server/helpers/logger'
7import { UserRole } from '@shared/models' 7import { UserRole } from '@shared/models'
8import { revokeToken } from '@server/lib/oauth-model' 8import { revokeToken } from '@server/lib/oauth-model'
9import { OAuthTokenModel } from '@server/models/oauth/oauth-token'
9 10
10const oAuthServer = new OAuthServer({ 11const oAuthServer = new OAuthServer({
11 useErrorHandler: true, 12 useErrorHandler: true,
@@ -20,6 +21,74 @@ function onExternalAuthPlugin (npmName: string, username: string, email: string)
20} 21}
21 22
22async function handleIdAndPassLogin (req: express.Request, res: express.Response, next: express.NextFunction) { 23async function handleIdAndPassLogin (req: express.Request, res: express.Response, next: express.NextFunction) {
24 const grantType = req.body.grant_type
25
26 if (grantType === 'password') await proxifyPasswordGrant(req, res)
27 else if (grantType === 'refresh_token') await proxifyRefreshGrant(req, res)
28
29 return forwardTokenReq(req, res, next)
30}
31
32async function handleTokenRevocation (req: express.Request, res: express.Response) {
33 const token = res.locals.oauth.token
34
35 res.locals.explicitLogout = true
36 await revokeToken(token)
37
38 // FIXME: uncomment when https://github.com/oauthjs/node-oauth2-server/pull/289 is released
39 // oAuthServer.revoke(req, res, err => {
40 // if (err) {
41 // logger.warn('Error in revoke token handler.', { err })
42 //
43 // return res.status(err.status)
44 // .json({
45 // error: err.message,
46 // code: err.name
47 // })
48 // .end()
49 // }
50 // })
51
52 return res.sendStatus(200)
53}
54
55// ---------------------------------------------------------------------------
56
57export {
58 oAuthServer,
59 handleIdAndPassLogin,
60 onExternalAuthPlugin,
61 handleTokenRevocation
62}
63
64// ---------------------------------------------------------------------------
65
66function forwardTokenReq (req: express.Request, res: express.Response, next: express.NextFunction) {
67 return oAuthServer.token()(req, res, err => {
68 if (err) {
69 logger.warn('Login error.', { err })
70
71 return res.status(err.status)
72 .json({
73 error: err.message,
74 code: err.name
75 })
76 .end()
77 }
78
79 return next()
80 })
81}
82
83async function proxifyRefreshGrant (req: express.Request, res: express.Response) {
84 const refreshToken = req.body.refresh_token
85 if (!refreshToken) return
86
87 const tokenModel = await OAuthTokenModel.loadByRefreshToken(refreshToken)
88 if (tokenModel?.authName) res.locals.refreshTokenAuthName = tokenModel.authName
89}
90
91async function proxifyPasswordGrant (req: express.Request, res: express.Response) {
23 const plugins = PluginManager.Instance.getIdAndPassAuths() 92 const plugins = PluginManager.Instance.getIdAndPassAuths()
24 const pluginAuths: { npmName?: string, registerAuthOptions: RegisterServerAuthPassOptions }[] = [] 93 const pluginAuths: { npmName?: string, registerAuthOptions: RegisterServerAuthPassOptions }[] = []
25 94
@@ -76,64 +145,7 @@ async function handleIdAndPassLogin (req: express.Request, res: express.Response
76 } 145 }
77 } 146 }
78 147
79 break 148 return
80 } 149 }
81 } 150 }
82
83 return localLogin(req, res, next)
84}
85
86async function handleTokenRevocation (req: express.Request, res: express.Response) {
87 const token = res.locals.oauth.token
88
89 PluginManager.Instance.onLogout(token.User.pluginAuth, token.authName)
90
91 await revokeToken(token)
92 .catch(err => {
93 logger.error('Cannot revoke token.', err)
94 })
95
96 // FIXME: uncomment when https://github.com/oauthjs/node-oauth2-server/pull/289 is released
97 // oAuthServer.revoke(req, res, err => {
98 // if (err) {
99 // logger.warn('Error in revoke token handler.', { err })
100 //
101 // return res.status(err.status)
102 // .json({
103 // error: err.message,
104 // code: err.name
105 // })
106 // .end()
107 // }
108 // })
109
110 return res.sendStatus(200)
111}
112
113// ---------------------------------------------------------------------------
114
115export {
116 oAuthServer,
117 handleIdAndPassLogin,
118 onExternalAuthPlugin,
119 handleTokenRevocation
120}
121
122// ---------------------------------------------------------------------------
123
124function localLogin (req: express.Request, res: express.Response, next: express.NextFunction) {
125 return oAuthServer.token()(req, res, err => {
126 if (err) {
127 logger.warn('Login error.', { err })
128
129 return res.status(err.status)
130 .json({
131 error: err.message,
132 code: err.name
133 })
134 .end()
135 }
136
137 return next()
138 })
139} 151}