diff options
author | Chocobozzz <me@florianbigard.com> | 2021-03-12 15:20:46 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2021-03-24 18:18:41 +0100 |
commit | f43db2f46ee50bacb402a6ef42d768694c2bc9a8 (patch) | |
tree | bce2574e94d48e8602387615a07ee691e98e23e4 /server/middlewares/oauth.ts | |
parent | cae2df6bdc3c3590df32bf7431a617177be30429 (diff) | |
download | PeerTube-f43db2f46ee50bacb402a6ef42d768694c2bc9a8.tar.gz PeerTube-f43db2f46ee50bacb402a6ef42d768694c2bc9a8.tar.zst PeerTube-f43db2f46ee50bacb402a6ef42d768694c2bc9a8.zip |
Refactor auth flow
Reimplement some node-oauth2-server methods to remove hacky code needed by our external
login workflow
Diffstat (limited to 'server/middlewares/oauth.ts')
-rw-r--r-- | server/middlewares/oauth.ts | 78 |
1 files changed, 0 insertions, 78 deletions
diff --git a/server/middlewares/oauth.ts b/server/middlewares/oauth.ts deleted file mode 100644 index 280595acc..000000000 --- a/server/middlewares/oauth.ts +++ /dev/null | |||
@@ -1,78 +0,0 @@ | |||
1 | import * as express from 'express' | ||
2 | import { Socket } from 'socket.io' | ||
3 | import { oAuthServer } from '@server/lib/auth' | ||
4 | import { logger } from '../helpers/logger' | ||
5 | import { getAccessToken } from '../lib/oauth-model' | ||
6 | import { HttpStatusCode } from '../../shared/core-utils/miscs/http-error-codes' | ||
7 | |||
8 | function authenticate (req: express.Request, res: express.Response, next: express.NextFunction, authenticateInQuery = false) { | ||
9 | const options = authenticateInQuery ? { allowBearerTokensInQueryString: true } : {} | ||
10 | |||
11 | oAuthServer.authenticate(options)(req, res, err => { | ||
12 | if (err) { | ||
13 | logger.warn('Cannot authenticate.', { err }) | ||
14 | |||
15 | return res.status(err.status) | ||
16 | .json({ | ||
17 | error: 'Token is invalid.', | ||
18 | code: err.name | ||
19 | }) | ||
20 | .end() | ||
21 | } | ||
22 | |||
23 | res.locals.authenticated = true | ||
24 | |||
25 | return next() | ||
26 | }) | ||
27 | } | ||
28 | |||
29 | function authenticateSocket (socket: Socket, next: (err?: any) => void) { | ||
30 | const accessToken = socket.handshake.query['accessToken'] | ||
31 | |||
32 | logger.debug('Checking socket access token %s.', accessToken) | ||
33 | |||
34 | if (!accessToken) return next(new Error('No access token provided')) | ||
35 | if (typeof accessToken !== 'string') return next(new Error('Access token is invalid')) | ||
36 | |||
37 | getAccessToken(accessToken) | ||
38 | .then(tokenDB => { | ||
39 | const now = new Date() | ||
40 | |||
41 | if (!tokenDB || tokenDB.accessTokenExpiresAt < now || tokenDB.refreshTokenExpiresAt < now) { | ||
42 | return next(new Error('Invalid access token.')) | ||
43 | } | ||
44 | |||
45 | socket.handshake.auth.user = tokenDB.User | ||
46 | |||
47 | return next() | ||
48 | }) | ||
49 | .catch(err => logger.error('Cannot get access token.', { err })) | ||
50 | } | ||
51 | |||
52 | function authenticatePromiseIfNeeded (req: express.Request, res: express.Response, authenticateInQuery = false) { | ||
53 | return new Promise<void>(resolve => { | ||
54 | // Already authenticated? (or tried to) | ||
55 | if (res.locals.oauth?.token.User) return resolve() | ||
56 | |||
57 | if (res.locals.authenticated === false) return res.sendStatus(HttpStatusCode.UNAUTHORIZED_401) | ||
58 | |||
59 | authenticate(req, res, () => resolve(), authenticateInQuery) | ||
60 | }) | ||
61 | } | ||
62 | |||
63 | function optionalAuthenticate (req: express.Request, res: express.Response, next: express.NextFunction) { | ||
64 | if (req.header('authorization')) return authenticate(req, res, next) | ||
65 | |||
66 | res.locals.authenticated = false | ||
67 | |||
68 | return next() | ||
69 | } | ||
70 | |||
71 | // --------------------------------------------------------------------------- | ||
72 | |||
73 | export { | ||
74 | authenticate, | ||
75 | authenticateSocket, | ||
76 | authenticatePromiseIfNeeded, | ||
77 | optionalAuthenticate | ||
78 | } | ||