diff options
author | Chocobozzz <me@florianbigard.com> | 2019-02-11 11:52:34 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2019-02-11 11:52:34 +0100 |
commit | 88108880bbdba473cfe36ecbebc1c3c4f972e102 (patch) | |
tree | b242efb3b4f0d7e49d88f2d1f2063b5b3b0489c0 /server/middlewares/oauth.ts | |
parent | 53a94c7cfa8368da4cd248d65df8346905938f0c (diff) | |
parent | 9b712a2017e4ab3cf12cd6bd58278905520159d0 (diff) | |
download | PeerTube-88108880bbdba473cfe36ecbebc1c3c4f972e102.tar.gz PeerTube-88108880bbdba473cfe36ecbebc1c3c4f972e102.tar.zst PeerTube-88108880bbdba473cfe36ecbebc1c3c4f972e102.zip |
Merge branch 'develop' into pr/1217
Diffstat (limited to 'server/middlewares/oauth.ts')
-rw-r--r-- | server/middlewares/oauth.ts | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/server/middlewares/oauth.ts b/server/middlewares/oauth.ts index 5233b66bd..1d193d467 100644 --- a/server/middlewares/oauth.ts +++ b/server/middlewares/oauth.ts | |||
@@ -3,6 +3,8 @@ import * as OAuthServer from 'express-oauth-server' | |||
3 | import 'express-validator' | 3 | import 'express-validator' |
4 | import { OAUTH_LIFETIME } from '../initializers' | 4 | import { OAUTH_LIFETIME } from '../initializers' |
5 | import { logger } from '../helpers/logger' | 5 | import { logger } from '../helpers/logger' |
6 | import { Socket } from 'socket.io' | ||
7 | import { getAccessToken } from '../lib/oauth-model' | ||
6 | 8 | ||
7 | const oAuthServer = new OAuthServer({ | 9 | const oAuthServer = new OAuthServer({ |
8 | useErrorHandler: true, | 10 | useErrorHandler: true, |
@@ -28,9 +30,43 @@ function authenticate (req: express.Request, res: express.Response, next: expres | |||
28 | }) | 30 | }) |
29 | } | 31 | } |
30 | 32 | ||
33 | function authenticateSocket (socket: Socket, next: (err?: any) => void) { | ||
34 | const accessToken = socket.handshake.query.accessToken | ||
35 | |||
36 | logger.debug('Checking socket access token %s.', accessToken) | ||
37 | |||
38 | getAccessToken(accessToken) | ||
39 | .then(tokenDB => { | ||
40 | const now = new Date() | ||
41 | |||
42 | if (!tokenDB || tokenDB.accessTokenExpiresAt < now || tokenDB.refreshTokenExpiresAt < now) { | ||
43 | return next(new Error('Invalid access token.')) | ||
44 | } | ||
45 | |||
46 | socket.handshake.query.user = tokenDB.User | ||
47 | |||
48 | return next() | ||
49 | }) | ||
50 | } | ||
51 | |||
52 | function authenticatePromiseIfNeeded (req: express.Request, res: express.Response) { | ||
53 | return new Promise(resolve => { | ||
54 | // Already authenticated? (or tried to) | ||
55 | if (res.locals.oauth && res.locals.oauth.token.User) return resolve() | ||
56 | |||
57 | if (res.locals.authenticated === false) return res.sendStatus(401) | ||
58 | |||
59 | authenticate(req, res, () => { | ||
60 | return resolve() | ||
61 | }) | ||
62 | }) | ||
63 | } | ||
64 | |||
31 | function optionalAuthenticate (req: express.Request, res: express.Response, next: express.NextFunction) { | 65 | function optionalAuthenticate (req: express.Request, res: express.Response, next: express.NextFunction) { |
32 | if (req.header('authorization')) return authenticate(req, res, next) | 66 | if (req.header('authorization')) return authenticate(req, res, next) |
33 | 67 | ||
68 | res.locals.authenticated = false | ||
69 | |||
34 | return next() | 70 | return next() |
35 | } | 71 | } |
36 | 72 | ||
@@ -53,6 +89,8 @@ function token (req: express.Request, res: express.Response, next: express.NextF | |||
53 | 89 | ||
54 | export { | 90 | export { |
55 | authenticate, | 91 | authenticate, |
92 | authenticateSocket, | ||
93 | authenticatePromiseIfNeeded, | ||
56 | optionalAuthenticate, | 94 | optionalAuthenticate, |
57 | token | 95 | token |
58 | } | 96 | } |