diff options
author | Chocobozzz <me@florianbigard.com> | 2020-04-22 16:07:04 +0200 |
---|---|---|
committer | Chocobozzz <chocobozzz@cpy.re> | 2020-05-04 16:21:39 +0200 |
commit | 7fed637506043e4432cbebe041ada0625171cceb (patch) | |
tree | 07f174e17c4b4a0b3d43a0fa6944865c06234338 /server/lib/auth.ts | |
parent | 8d4197637868d5cde49434e937186b57e40f4b2b (diff) | |
download | PeerTube-7fed637506043e4432cbebe041ada0625171cceb.tar.gz PeerTube-7fed637506043e4432cbebe041ada0625171cceb.tar.zst PeerTube-7fed637506043e4432cbebe041ada0625171cceb.zip |
Begin auth plugin support
Diffstat (limited to 'server/lib/auth.ts')
-rw-r--r-- | server/lib/auth.ts | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/server/lib/auth.ts b/server/lib/auth.ts new file mode 100644 index 000000000..18d52fa5a --- /dev/null +++ b/server/lib/auth.ts | |||
@@ -0,0 +1,101 @@ | |||
1 | import * as express from 'express' | ||
2 | import { OAUTH_LIFETIME } from '@server/initializers/constants' | ||
3 | import * as OAuthServer from 'express-oauth-server' | ||
4 | import { PluginManager } from '@server/lib/plugins/plugin-manager' | ||
5 | import { RegisterServerAuthPassOptions } from '@shared/models/plugins/register-server-auth.model' | ||
6 | import { logger } from '@server/helpers/logger' | ||
7 | import { UserRole } from '@shared/models' | ||
8 | |||
9 | const oAuthServer = new OAuthServer({ | ||
10 | useErrorHandler: true, | ||
11 | accessTokenLifetime: OAUTH_LIFETIME.ACCESS_TOKEN, | ||
12 | refreshTokenLifetime: OAUTH_LIFETIME.REFRESH_TOKEN, | ||
13 | continueMiddleware: true, | ||
14 | model: require('./oauth-model') | ||
15 | }) | ||
16 | |||
17 | function onExternalAuthPlugin (npmName: string, username: string, email: string) { | ||
18 | |||
19 | } | ||
20 | |||
21 | async function handleIdAndPassLogin (req: express.Request, res: express.Response, next: express.NextFunction) { | ||
22 | const plugins = PluginManager.Instance.getIdAndPassAuths() | ||
23 | const pluginAuths: { npmName?: string, registerAuthOptions: RegisterServerAuthPassOptions }[] = [] | ||
24 | |||
25 | for (const plugin of plugins) { | ||
26 | const auths = plugin.idAndPassAuths | ||
27 | |||
28 | for (const auth of auths) { | ||
29 | pluginAuths.push({ | ||
30 | npmName: plugin.npmName, | ||
31 | registerAuthOptions: auth | ||
32 | }) | ||
33 | } | ||
34 | } | ||
35 | |||
36 | pluginAuths.sort((a, b) => { | ||
37 | const aWeight = a.registerAuthOptions.getWeight() | ||
38 | const bWeight = b.registerAuthOptions.getWeight() | ||
39 | |||
40 | if (aWeight === bWeight) return 0 | ||
41 | if (aWeight > bWeight) return 1 | ||
42 | return -1 | ||
43 | }) | ||
44 | |||
45 | const loginOptions = { | ||
46 | id: req.body.username, | ||
47 | password: req.body.password | ||
48 | } | ||
49 | |||
50 | for (const pluginAuth of pluginAuths) { | ||
51 | logger.debug( | ||
52 | 'Using auth method of %s to login %s with weight %d.', | ||
53 | pluginAuth.npmName, loginOptions.id, pluginAuth.registerAuthOptions.getWeight() | ||
54 | ) | ||
55 | |||
56 | const loginResult = await pluginAuth.registerAuthOptions.login(loginOptions) | ||
57 | if (loginResult) { | ||
58 | logger.info('Login success with plugin %s for %s.', pluginAuth.npmName, loginOptions.id) | ||
59 | |||
60 | res.locals.bypassLogin = { | ||
61 | bypass: true, | ||
62 | pluginName: pluginAuth.npmName, | ||
63 | user: { | ||
64 | username: loginResult.username, | ||
65 | email: loginResult.email, | ||
66 | role: loginResult.role || UserRole.USER, | ||
67 | displayName: loginResult.displayName || loginResult.username | ||
68 | } | ||
69 | } | ||
70 | |||
71 | break | ||
72 | } | ||
73 | } | ||
74 | |||
75 | return localLogin(req, res, next) | ||
76 | } | ||
77 | |||
78 | // --------------------------------------------------------------------------- | ||
79 | |||
80 | export { | ||
81 | oAuthServer, | ||
82 | handleIdAndPassLogin, | ||
83 | onExternalAuthPlugin | ||
84 | } | ||
85 | |||
86 | // --------------------------------------------------------------------------- | ||
87 | |||
88 | function localLogin (req: express.Request, res: express.Response, next: express.NextFunction) { | ||
89 | return oAuthServer.token()(req, res, err => { | ||
90 | if (err) { | ||
91 | return res.status(err.status) | ||
92 | .json({ | ||
93 | error: err.message, | ||
94 | code: err.name | ||
95 | }) | ||
96 | .end() | ||
97 | } | ||
98 | |||
99 | return next() | ||
100 | }) | ||
101 | } | ||