OAuth server: first draft

author: Chocobozzz <florian.bigard@gmail.com> 2016-03-21 11:56:33 +0100
committer: Chocobozzz <florian.bigard@gmail.com> 2016-03-21 11:56:33 +0100
commit: 9457bf88079a23d28011ff7c65faa56a548b7817 (patch)
tree: f4507aa5ad04b7fca4ab49acee5aa97c6c962f6c /server
parent: 233d12d8b1916eae5bae230dc965045adb89a173 (diff)
download: PeerTube-9457bf88079a23d28011ff7c65faa56a548b7817.tar.gz
PeerTube-9457bf88079a23d28011ff7c65faa56a548b7817.tar.zst
PeerTube-9457bf88079a23d28011ff7c65faa56a548b7817.zip
4 files changed, 143 insertions, 0 deletions
diff --git a/server/controllers/api/v1/index.js b/server/controllers/api/v1/index.js
index 45f07ae1f..7b3ec32c0 100644
--- a/server/controllers/api/v1/index.js
+++ b/server/controllers/api/v1/index.js
@@ -6,10 +6,12 @@ const router = express.Router()
 const podsController = require('./pods')
 const remoteVideosController = require('./remoteVideos')
+const usersController = require('./users')
 const videosController = require('./videos')
 router.use('/pods', podsController)
 router.use('/remotevideos', remoteVideosController)
+router.use('/users', usersController)
 router.use('/videos', videosController)
 router.use('/*', badRequest)
diff --git a/server/controllers/api/v1/users.js b/server/controllers/api/v1/users.js
new file mode 100644
index 000000000..acb860c66
--- /dev/null
+++ b/server/controllers/api/v1/users.js
@@ -0,0 +1,22 @@
+'use strict'
+var express = require('express')
+var oAuth2 = require('../../../middlewares/oauth2')
+const middleware = require('../../../middlewares')
+const cacheMiddleware = middleware.cache
+const router = express.Router()
+router.post('/token', cacheMiddleware.cache(false), oAuth2.token(), success)
+router.get('/authenticate', cacheMiddleware.cache(false), oAuth2.authenticate(), success)
+// ---------------------------------------------------------------------------
+module.exports = router
+// ---------------------------------------------------------------------------
+function success (req, res, next) {
+  res.end()
+}
diff --git a/server/middlewares/oauth2.js b/server/middlewares/oauth2.js
new file mode 100644
index 000000000..a1fa61fbb
--- /dev/null
+++ b/server/middlewares/oauth2.js
@@ -0,0 +1,11 @@
+'use strict'
+const OAuthServer = require('express-oauth-server')
+const oAuth2 = new OAuthServer({
+  model: require('../models/users')
+})
+// ---------------------------------------------------------------------------
+module.exports = oAuth2
diff --git a/server/models/users.js b/server/models/users.js
new file mode 100644
index 000000000..355d991bd
--- /dev/null
+++ b/server/models/users.js
@@ -0,0 +1,108 @@
+const mongoose = require('mongoose')
+const logger = require('../helpers/logger')
+// ---------------------------------------------------------------------------
+const oAuthTokensSchema = mongoose.Schema({
+  accessToken: String,
+  accessTokenExpiresOn: Date,
+  client: { type: mongoose.Schema.Types.ObjectId, ref: 'oAuthClients' },
+  refreshToken: String,
+  refreshTokenExpiresOn: Date,
+  user: { type: mongoose.Schema.Types.ObjectId, ref: 'users' }
+})
+const OAuthTokensDB = mongoose.model('oAuthTokens', oAuthTokensSchema)
+const oAuthClientsSchema = mongoose.Schema({
+  clientSecret: String,
+  grants: Array,
+  redirectUris: Array
+})
+const OAuthClientsDB = mongoose.model('oAuthClients', oAuthClientsSchema)
+const usersSchema = mongoose.Schema({
+  password: String,
+  username: String
+})
+const UsersDB = mongoose.model('users', usersSchema)
+// ---------------------------------------------------------------------------
+const Users = {
+  createClient: createClient,
+  createUser: createUser,
+  getAccessToken: getAccessToken,
+  getClient: getClient,
+  getRefreshToken: getRefreshToken,
+  getUser: getUser,
+  saveToken: saveToken
+}
+function createClient (secret, grants, callback) {
+  logger.debug('Creating client.')
+  const mongo_id = new mongoose.mongo.ObjectID()
+  return OAuthClientsDB.create({ _id: mongo_id, clientSecret: secret, grants: grants }, function (err) {
+    if (err) return callback(err)
+    return callback(null, mongo_id)
+  })
+}
+function createUser (username, password, callback) {
+  logger.debug('Creating user.')
+  return UsersDB.create({ username: username, password: password }, callback)
+}
+function getAccessToken (bearerToken, callback) {
+  logger.debug('Getting access token (bearerToken: ' + bearerToken + ').')
+  return OAuthTokensDB.findOne({ accessToken: bearerToken }).populate('user')
+}
+function getClient (clientId, clientSecret) {
+  logger.debug('Getting Client (clientId: ' + clientId + ', clientSecret: ' + clientSecret + ').')
+  // TODO req validator
+  const mongo_id = new mongoose.mongo.ObjectID(clientId)
+  return OAuthClientsDB.findOne({ _id: mongo_id, clientSecret: clientSecret })
+}
+function getRefreshToken (refreshToken) {
+  logger.debug('Getting RefreshToken (refreshToken: ' + refreshToken + ').')
+  return OAuthTokensDB.findOne({ refreshToken: refreshToken })
+}
+function getUser (username, password) {
+  logger.debug('Getting User (username: ' + username + ', password: ' + password + ').')
+  return UsersDB.findOne({ username: username, password: password })
+}
+function saveToken (token, client, user) {
+  logger.debug('Saving token for client ' + client.id + ' and user ' + user.id + '.')
+  const token_to_create = {
+    accessToken: token.accessToken,
+    accessTokenExpiresOn: token.accessTokenExpiresOn,
+    client: client.id,
+    refreshToken: token.refreshToken,
+    refreshTokenExpiresOn: token.refreshTokenExpiresOn,
+    user: user.id
+  }
+  return OAuthTokensDB.create(token_to_create, function (err, token_created) {
+    if (err) throw err // node-oauth2-server library use Promise.try
+    token_created.client = client
+    token_created.user = user
+    return token_created
+  })
+}
+// ---------------------------------------------------------------------------
+module.exports = Users
author	Chocobozzz <florian.bigard@gmail.com>	2016-03-21 11:56:33 +0100
committer	Chocobozzz <florian.bigard@gmail.com>	2016-03-21 11:56:33 +0100
commit	9457bf88079a23d28011ff7c65faa56a548b7817 (patch)
tree	f4507aa5ad04b7fca4ab49acee5aa97c6c962f6c /server
parent	233d12d8b1916eae5bae230dc965045adb89a173 (diff)
download	PeerTube-9457bf88079a23d28011ff7c65faa56a548b7817.tar.gz PeerTube-9457bf88079a23d28011ff7c65faa56a548b7817.tar.zst PeerTube-9457bf88079a23d28011ff7c65faa56a548b7817.zip

diff --git a/server/controllers/api/v1/index.js b/server/controllers/api/v1/index.js index 45f07ae1f..7b3ec32c0 100644 --- a/server/controllers/api/v1/index.js +++ b/server/controllers/api/v1/index.js
@@ -6,10 +6,12 @@ const router = express.Router()
6		6
7	const podsController = require('./pods')	7	const podsController = require('./pods')
8	const remoteVideosController = require('./remoteVideos')	8	const remoteVideosController = require('./remoteVideos')
		9	const usersController = require('./users')
9	const videosController = require('./videos')	10	const videosController = require('./videos')
10		11
11	router.use('/pods', podsController)	12	router.use('/pods', podsController)
12	router.use('/remotevideos', remoteVideosController)	13	router.use('/remotevideos', remoteVideosController)
		14	router.use('/users', usersController)
13	router.use('/videos', videosController)	15	router.use('/videos', videosController)
14	router.use('/*', badRequest)	16	router.use('/*', badRequest)
15		17


diff --git a/server/controllers/api/v1/users.js b/server/controllers/api/v1/users.js new file mode 100644 index 000000000..acb860c66 --- /dev/null +++ b/server/controllers/api/v1/users.js
@@ -0,0 +1,22 @@
		1	'use strict'
		2
		3	var express = require('express')
		4	var oAuth2 = require('../../../middlewares/oauth2')
		5
		6	const middleware = require('../../../middlewares')
		7	const cacheMiddleware = middleware.cache
		8
		9	const router = express.Router()
		10
		11	router.post('/token', cacheMiddleware.cache(false), oAuth2.token(), success)
		12	router.get('/authenticate', cacheMiddleware.cache(false), oAuth2.authenticate(), success)
		13
		14	// ---------------------------------------------------------------------------
		15
		16	module.exports = router
		17
		18	// ---------------------------------------------------------------------------
		19
		20	function success (req, res, next) {
		21	res.end()
		22	}


diff --git a/server/middlewares/oauth2.js b/server/middlewares/oauth2.js new file mode 100644 index 000000000..a1fa61fbb --- /dev/null +++ b/server/middlewares/oauth2.js
@@ -0,0 +1,11 @@
		1	'use strict'
		2
		3	const OAuthServer = require('express-oauth-server')
		4
		5	const oAuth2 = new OAuthServer({
		6	model: require('../models/users')
		7	})
		8
		9	// ---------------------------------------------------------------------------
		10
		11	module.exports = oAuth2


diff --git a/server/models/users.js b/server/models/users.js new file mode 100644 index 000000000..355d991bd --- /dev/null +++ b/server/models/users.js
@@ -0,0 +1,108 @@
		1	const mongoose = require('mongoose')
		2
		3	const logger = require('../helpers/logger')
		4
		5	// ---------------------------------------------------------------------------
		6
		7	const oAuthTokensSchema = mongoose.Schema({
		8	accessToken: String,
		9	accessTokenExpiresOn: Date,
		10	client: { type: mongoose.Schema.Types.ObjectId, ref: 'oAuthClients' },
		11	refreshToken: String,
		12	refreshTokenExpiresOn: Date,
		13	user: { type: mongoose.Schema.Types.ObjectId, ref: 'users' }
		14	})
		15	const OAuthTokensDB = mongoose.model('oAuthTokens', oAuthTokensSchema)
		16
		17	const oAuthClientsSchema = mongoose.Schema({
		18	clientSecret: String,
		19	grants: Array,
		20	redirectUris: Array
		21	})
		22	const OAuthClientsDB = mongoose.model('oAuthClients', oAuthClientsSchema)
		23
		24	const usersSchema = mongoose.Schema({
		25	password: String,
		26	username: String
		27	})
		28	const UsersDB = mongoose.model('users', usersSchema)
		29
		30	// ---------------------------------------------------------------------------
		31
		32	const Users = {
		33	createClient: createClient,
		34	createUser: createUser,
		35	getAccessToken: getAccessToken,
		36	getClient: getClient,
		37	getRefreshToken: getRefreshToken,
		38	getUser: getUser,
		39	saveToken: saveToken
		40	}
		41
		42	function createClient (secret, grants, callback) {
		43	logger.debug('Creating client.')
		44
		45	const mongo_id = new mongoose.mongo.ObjectID()
		46	return OAuthClientsDB.create({ _id: mongo_id, clientSecret: secret, grants: grants }, function (err) {
		47	if (err) return callback(err)
		48
		49	return callback(null, mongo_id)
		50	})
		51	}
		52
		53	function createUser (username, password, callback) {
		54	logger.debug('Creating user.')
		55
		56	return UsersDB.create({ username: username, password: password }, callback)
		57	}
		58
		59	function getAccessToken (bearerToken, callback) {
		60	logger.debug('Getting access token (bearerToken: ' + bearerToken + ').')
		61
		62	return OAuthTokensDB.findOne({ accessToken: bearerToken }).populate('user')
		63	}
		64
		65	function getClient (clientId, clientSecret) {
		66	logger.debug('Getting Client (clientId: ' + clientId + ', clientSecret: ' + clientSecret + ').')
		67
		68	// TODO req validator
		69	const mongo_id = new mongoose.mongo.ObjectID(clientId)
		70	return OAuthClientsDB.findOne({ _id: mongo_id, clientSecret: clientSecret })
		71	}
		72
		73	function getRefreshToken (refreshToken) {
		74	logger.debug('Getting RefreshToken (refreshToken: ' + refreshToken + ').')
		75
		76	return OAuthTokensDB.findOne({ refreshToken: refreshToken })
		77	}
		78
		79	function getUser (username, password) {
		80	logger.debug('Getting User (username: ' + username + ', password: ' + password + ').')
		81	return UsersDB.findOne({ username: username, password: password })
		82	}
		83
		84	function saveToken (token, client, user) {
		85	logger.debug('Saving token for client ' + client.id + ' and user ' + user.id + '.')
		86
		87	const token_to_create = {
		88	accessToken: token.accessToken,
		89	accessTokenExpiresOn: token.accessTokenExpiresOn,
		90	client: client.id,
		91	refreshToken: token.refreshToken,
		92	refreshTokenExpiresOn: token.refreshTokenExpiresOn,
		93	user: user.id
		94	}
		95
		96	return OAuthTokensDB.create(token_to_create, function (err, token_created) {
		97	if (err) throw err // node-oauth2-server library use Promise.try
		98
		99	token_created.client = client
		100	token_created.user = user
		101
		102	return token_created
		103	})
		104	}
		105
		106	// ---------------------------------------------------------------------------
		107
		108	module.exports = Users