diff options
author | Chocobozzz <florian.bigard@gmail.com> | 2016-03-21 11:56:33 +0100 |
---|---|---|
committer | Chocobozzz <florian.bigard@gmail.com> | 2016-03-21 11:56:33 +0100 |
commit | 9457bf88079a23d28011ff7c65faa56a548b7817 (patch) | |
tree | f4507aa5ad04b7fca4ab49acee5aa97c6c962f6c /server | |
parent | 233d12d8b1916eae5bae230dc965045adb89a173 (diff) | |
download | PeerTube-9457bf88079a23d28011ff7c65faa56a548b7817.tar.gz PeerTube-9457bf88079a23d28011ff7c65faa56a548b7817.tar.zst PeerTube-9457bf88079a23d28011ff7c65faa56a548b7817.zip |
OAuth server: first draft
Diffstat (limited to 'server')
-rw-r--r-- | server/controllers/api/v1/index.js | 2 | ||||
-rw-r--r-- | server/controllers/api/v1/users.js | 22 | ||||
-rw-r--r-- | server/middlewares/oauth2.js | 11 | ||||
-rw-r--r-- | server/models/users.js | 108 |
4 files changed, 143 insertions, 0 deletions
diff --git a/server/controllers/api/v1/index.js b/server/controllers/api/v1/index.js index 45f07ae1f..7b3ec32c0 100644 --- a/server/controllers/api/v1/index.js +++ b/server/controllers/api/v1/index.js | |||
@@ -6,10 +6,12 @@ const router = express.Router() | |||
6 | 6 | ||
7 | const podsController = require('./pods') | 7 | const podsController = require('./pods') |
8 | const remoteVideosController = require('./remoteVideos') | 8 | const remoteVideosController = require('./remoteVideos') |
9 | const usersController = require('./users') | ||
9 | const videosController = require('./videos') | 10 | const videosController = require('./videos') |
10 | 11 | ||
11 | router.use('/pods', podsController) | 12 | router.use('/pods', podsController) |
12 | router.use('/remotevideos', remoteVideosController) | 13 | router.use('/remotevideos', remoteVideosController) |
14 | router.use('/users', usersController) | ||
13 | router.use('/videos', videosController) | 15 | router.use('/videos', videosController) |
14 | router.use('/*', badRequest) | 16 | router.use('/*', badRequest) |
15 | 17 | ||
diff --git a/server/controllers/api/v1/users.js b/server/controllers/api/v1/users.js new file mode 100644 index 000000000..acb860c66 --- /dev/null +++ b/server/controllers/api/v1/users.js | |||
@@ -0,0 +1,22 @@ | |||
1 | 'use strict' | ||
2 | |||
3 | var express = require('express') | ||
4 | var oAuth2 = require('../../../middlewares/oauth2') | ||
5 | |||
6 | const middleware = require('../../../middlewares') | ||
7 | const cacheMiddleware = middleware.cache | ||
8 | |||
9 | const router = express.Router() | ||
10 | |||
11 | router.post('/token', cacheMiddleware.cache(false), oAuth2.token(), success) | ||
12 | router.get('/authenticate', cacheMiddleware.cache(false), oAuth2.authenticate(), success) | ||
13 | |||
14 | // --------------------------------------------------------------------------- | ||
15 | |||
16 | module.exports = router | ||
17 | |||
18 | // --------------------------------------------------------------------------- | ||
19 | |||
20 | function success (req, res, next) { | ||
21 | res.end() | ||
22 | } | ||
diff --git a/server/middlewares/oauth2.js b/server/middlewares/oauth2.js new file mode 100644 index 000000000..a1fa61fbb --- /dev/null +++ b/server/middlewares/oauth2.js | |||
@@ -0,0 +1,11 @@ | |||
1 | 'use strict' | ||
2 | |||
3 | const OAuthServer = require('express-oauth-server') | ||
4 | |||
5 | const oAuth2 = new OAuthServer({ | ||
6 | model: require('../models/users') | ||
7 | }) | ||
8 | |||
9 | // --------------------------------------------------------------------------- | ||
10 | |||
11 | module.exports = oAuth2 | ||
diff --git a/server/models/users.js b/server/models/users.js new file mode 100644 index 000000000..355d991bd --- /dev/null +++ b/server/models/users.js | |||
@@ -0,0 +1,108 @@ | |||
1 | const mongoose = require('mongoose') | ||
2 | |||
3 | const logger = require('../helpers/logger') | ||
4 | |||
5 | // --------------------------------------------------------------------------- | ||
6 | |||
7 | const oAuthTokensSchema = mongoose.Schema({ | ||
8 | accessToken: String, | ||
9 | accessTokenExpiresOn: Date, | ||
10 | client: { type: mongoose.Schema.Types.ObjectId, ref: 'oAuthClients' }, | ||
11 | refreshToken: String, | ||
12 | refreshTokenExpiresOn: Date, | ||
13 | user: { type: mongoose.Schema.Types.ObjectId, ref: 'users' } | ||
14 | }) | ||
15 | const OAuthTokensDB = mongoose.model('oAuthTokens', oAuthTokensSchema) | ||
16 | |||
17 | const oAuthClientsSchema = mongoose.Schema({ | ||
18 | clientSecret: String, | ||
19 | grants: Array, | ||
20 | redirectUris: Array | ||
21 | }) | ||
22 | const OAuthClientsDB = mongoose.model('oAuthClients', oAuthClientsSchema) | ||
23 | |||
24 | const usersSchema = mongoose.Schema({ | ||
25 | password: String, | ||
26 | username: String | ||
27 | }) | ||
28 | const UsersDB = mongoose.model('users', usersSchema) | ||
29 | |||
30 | // --------------------------------------------------------------------------- | ||
31 | |||
32 | const Users = { | ||
33 | createClient: createClient, | ||
34 | createUser: createUser, | ||
35 | getAccessToken: getAccessToken, | ||
36 | getClient: getClient, | ||
37 | getRefreshToken: getRefreshToken, | ||
38 | getUser: getUser, | ||
39 | saveToken: saveToken | ||
40 | } | ||
41 | |||
42 | function createClient (secret, grants, callback) { | ||
43 | logger.debug('Creating client.') | ||
44 | |||
45 | const mongo_id = new mongoose.mongo.ObjectID() | ||
46 | return OAuthClientsDB.create({ _id: mongo_id, clientSecret: secret, grants: grants }, function (err) { | ||
47 | if (err) return callback(err) | ||
48 | |||
49 | return callback(null, mongo_id) | ||
50 | }) | ||
51 | } | ||
52 | |||
53 | function createUser (username, password, callback) { | ||
54 | logger.debug('Creating user.') | ||
55 | |||
56 | return UsersDB.create({ username: username, password: password }, callback) | ||
57 | } | ||
58 | |||
59 | function getAccessToken (bearerToken, callback) { | ||
60 | logger.debug('Getting access token (bearerToken: ' + bearerToken + ').') | ||
61 | |||
62 | return OAuthTokensDB.findOne({ accessToken: bearerToken }).populate('user') | ||
63 | } | ||
64 | |||
65 | function getClient (clientId, clientSecret) { | ||
66 | logger.debug('Getting Client (clientId: ' + clientId + ', clientSecret: ' + clientSecret + ').') | ||
67 | |||
68 | // TODO req validator | ||
69 | const mongo_id = new mongoose.mongo.ObjectID(clientId) | ||
70 | return OAuthClientsDB.findOne({ _id: mongo_id, clientSecret: clientSecret }) | ||
71 | } | ||
72 | |||
73 | function getRefreshToken (refreshToken) { | ||
74 | logger.debug('Getting RefreshToken (refreshToken: ' + refreshToken + ').') | ||
75 | |||
76 | return OAuthTokensDB.findOne({ refreshToken: refreshToken }) | ||
77 | } | ||
78 | |||
79 | function getUser (username, password) { | ||
80 | logger.debug('Getting User (username: ' + username + ', password: ' + password + ').') | ||
81 | return UsersDB.findOne({ username: username, password: password }) | ||
82 | } | ||
83 | |||
84 | function saveToken (token, client, user) { | ||
85 | logger.debug('Saving token for client ' + client.id + ' and user ' + user.id + '.') | ||
86 | |||
87 | const token_to_create = { | ||
88 | accessToken: token.accessToken, | ||
89 | accessTokenExpiresOn: token.accessTokenExpiresOn, | ||
90 | client: client.id, | ||
91 | refreshToken: token.refreshToken, | ||
92 | refreshTokenExpiresOn: token.refreshTokenExpiresOn, | ||
93 | user: user.id | ||
94 | } | ||
95 | |||
96 | return OAuthTokensDB.create(token_to_create, function (err, token_created) { | ||
97 | if (err) throw err // node-oauth2-server library use Promise.try | ||
98 | |||
99 | token_created.client = client | ||
100 | token_created.user = user | ||
101 | |||
102 | return token_created | ||
103 | }) | ||
104 | } | ||
105 | |||
106 | // --------------------------------------------------------------------------- | ||
107 | |||
108 | module.exports = Users | ||