Add ability for auth plugins to hook tokens validity

author: Chocobozzz <me@florianbigard.com> 2020-04-24 11:33:01 +0200
committer: Chocobozzz <chocobozzz@cpy.re> 2020-05-04 16:21:39 +0200
commit: e307e4fce39853d445d086f92b8c556c363ee15d (patch)
tree: 0f3faaf3c73222db0fb55b72260c787aeeeb05eb /server/lib/plugins/plugin-manager.ts
parent: e1c5503114deef954731904695cd40dccfcef555 (diff)
download: PeerTube-e307e4fce39853d445d086f92b8c556c363ee15d.tar.gz
PeerTube-e307e4fce39853d445d086f92b8c556c363ee15d.tar.zst
PeerTube-e307e4fce39853d445d086f92b8c556c363ee15d.zip
1 files changed, 34 insertions, 5 deletions
diff --git a/server/lib/plugins/plugin-manager.ts b/server/lib/plugins/plugin-manager.ts
index 9d646b689..c64ca60aa 100644
--- a/server/lib/plugins/plugin-manager.ts
+++ b/server/lib/plugins/plugin-manager.ts
@@ -21,6 +21,7 @@ import { ClientHtml } from '../client-html'
 import { PluginTranslation } from '../../../shared/models/plugins/plugin-translation.model'
 import { RegisterHelpersStore } from './register-helpers-store'
 import { RegisterServerHookOptions } from '@shared/models/plugins/register-server-hook.model'
+import { MOAuthTokenUser } from '@server/typings/models'
 export interface RegisteredPlugin {
  npmName: string
@@ -133,13 +134,11 @@ export class PluginManager implements ServerHook {
  }
  onLogout (npmName: string, authName: string) {
-    const plugin = this.getRegisteredPluginOrTheme(npmName)
+    const auth = this.getAuth(npmName, authName)
-    if (!plugin || plugin.type !== PluginType.PLUGIN) return
-    const auth = plugin.registerHelpersStore.getIdAndPassAuths()
+    if (auth?.onLogout) {
-      .find(a => a.authName === authName)
+      logger.info('Running onLogout function from auth %s of plugin %s', authName, npmName)
-    if (auth.onLogout) {
      try {
        auth.onLogout()
      } catch (err) {
@@ -148,6 +147,28 @@ export class PluginManager implements ServerHook {
    }
  }
+  async isTokenValid (token: MOAuthTokenUser, type: 'access' | 'refresh') {
+    const auth = this.getAuth(token.User.pluginAuth, token.authName)
+    if (!auth) return true
+    if (auth.hookTokenValidity) {
+      try {
+        const { valid } = await auth.hookTokenValidity({ token, type })
+        if (valid === false) {
+          logger.info('Rejecting %s token validity from auth %s of plugin %s', type, token.authName, token.User.pluginAuth)
+        }
+        return valid
+      } catch (err) {
+        logger.warn('Cannot run check token validity from auth %s of plugin %s.', token.authName, token.User.pluginAuth, { err })
+        return true
+      }
+    }
+    return true
+  }
  // ###################### Hooks ######################
  async runHook<T> (hookName: ServerHookName, result?: T, params?: any): Promise<T> {
@@ -453,6 +474,14 @@ export class PluginManager implements ServerHook {
    return join(CONFIG.STORAGE.PLUGINS_DIR, 'node_modules', npmName)
  }
+  private getAuth (npmName: string, authName: string) {
+    const plugin = this.getRegisteredPluginOrTheme(npmName)
+    if (!plugin || plugin.type !== PluginType.PLUGIN) return null
+    return plugin.registerHelpersStore.getIdAndPassAuths()
+                 .find(a => a.authName === authName)
+  }
  // ###################### Private getters ######################
  private getRegisteredPluginsOrThemes (type: PluginType) {
author	Chocobozzz <me@florianbigard.com>	2020-04-24 11:33:01 +0200
committer	Chocobozzz <chocobozzz@cpy.re>	2020-05-04 16:21:39 +0200
commit	e307e4fce39853d445d086f92b8c556c363ee15d (patch)
tree	0f3faaf3c73222db0fb55b72260c787aeeeb05eb /server/lib/plugins/plugin-manager.ts
parent	e1c5503114deef954731904695cd40dccfcef555 (diff)
download	PeerTube-e307e4fce39853d445d086f92b8c556c363ee15d.tar.gz PeerTube-e307e4fce39853d445d086f92b8c556c363ee15d.tar.zst PeerTube-e307e4fce39853d445d086f92b8c556c363ee15d.zip