diff options
Diffstat (limited to 'server/lib/auth.ts')
-rw-r--r-- | server/lib/auth.ts | 128 |
1 files changed, 70 insertions, 58 deletions
diff --git a/server/lib/auth.ts b/server/lib/auth.ts index 3495571db..c2a6fcaff 100644 --- a/server/lib/auth.ts +++ b/server/lib/auth.ts | |||
@@ -6,6 +6,7 @@ import { RegisterServerAuthPassOptions } from '@shared/models/plugins/register-s | |||
6 | import { logger } from '@server/helpers/logger' | 6 | import { logger } from '@server/helpers/logger' |
7 | import { UserRole } from '@shared/models' | 7 | import { UserRole } from '@shared/models' |
8 | import { revokeToken } from '@server/lib/oauth-model' | 8 | import { revokeToken } from '@server/lib/oauth-model' |
9 | import { OAuthTokenModel } from '@server/models/oauth/oauth-token' | ||
9 | 10 | ||
10 | const oAuthServer = new OAuthServer({ | 11 | const oAuthServer = new OAuthServer({ |
11 | useErrorHandler: true, | 12 | useErrorHandler: true, |
@@ -20,6 +21,74 @@ function onExternalAuthPlugin (npmName: string, username: string, email: string) | |||
20 | } | 21 | } |
21 | 22 | ||
22 | async function handleIdAndPassLogin (req: express.Request, res: express.Response, next: express.NextFunction) { | 23 | async function handleIdAndPassLogin (req: express.Request, res: express.Response, next: express.NextFunction) { |
24 | const grantType = req.body.grant_type | ||
25 | |||
26 | if (grantType === 'password') await proxifyPasswordGrant(req, res) | ||
27 | else if (grantType === 'refresh_token') await proxifyRefreshGrant(req, res) | ||
28 | |||
29 | return forwardTokenReq(req, res, next) | ||
30 | } | ||
31 | |||
32 | async function handleTokenRevocation (req: express.Request, res: express.Response) { | ||
33 | const token = res.locals.oauth.token | ||
34 | |||
35 | res.locals.explicitLogout = true | ||
36 | await revokeToken(token) | ||
37 | |||
38 | // FIXME: uncomment when https://github.com/oauthjs/node-oauth2-server/pull/289 is released | ||
39 | // oAuthServer.revoke(req, res, err => { | ||
40 | // if (err) { | ||
41 | // logger.warn('Error in revoke token handler.', { err }) | ||
42 | // | ||
43 | // return res.status(err.status) | ||
44 | // .json({ | ||
45 | // error: err.message, | ||
46 | // code: err.name | ||
47 | // }) | ||
48 | // .end() | ||
49 | // } | ||
50 | // }) | ||
51 | |||
52 | return res.sendStatus(200) | ||
53 | } | ||
54 | |||
55 | // --------------------------------------------------------------------------- | ||
56 | |||
57 | export { | ||
58 | oAuthServer, | ||
59 | handleIdAndPassLogin, | ||
60 | onExternalAuthPlugin, | ||
61 | handleTokenRevocation | ||
62 | } | ||
63 | |||
64 | // --------------------------------------------------------------------------- | ||
65 | |||
66 | function forwardTokenReq (req: express.Request, res: express.Response, next: express.NextFunction) { | ||
67 | return oAuthServer.token()(req, res, err => { | ||
68 | if (err) { | ||
69 | logger.warn('Login error.', { err }) | ||
70 | |||
71 | return res.status(err.status) | ||
72 | .json({ | ||
73 | error: err.message, | ||
74 | code: err.name | ||
75 | }) | ||
76 | .end() | ||
77 | } | ||
78 | |||
79 | return next() | ||
80 | }) | ||
81 | } | ||
82 | |||
83 | async function proxifyRefreshGrant (req: express.Request, res: express.Response) { | ||
84 | const refreshToken = req.body.refresh_token | ||
85 | if (!refreshToken) return | ||
86 | |||
87 | const tokenModel = await OAuthTokenModel.loadByRefreshToken(refreshToken) | ||
88 | if (tokenModel?.authName) res.locals.refreshTokenAuthName = tokenModel.authName | ||
89 | } | ||
90 | |||
91 | async function proxifyPasswordGrant (req: express.Request, res: express.Response) { | ||
23 | const plugins = PluginManager.Instance.getIdAndPassAuths() | 92 | const plugins = PluginManager.Instance.getIdAndPassAuths() |
24 | const pluginAuths: { npmName?: string, registerAuthOptions: RegisterServerAuthPassOptions }[] = [] | 93 | const pluginAuths: { npmName?: string, registerAuthOptions: RegisterServerAuthPassOptions }[] = [] |
25 | 94 | ||
@@ -76,64 +145,7 @@ async function handleIdAndPassLogin (req: express.Request, res: express.Response | |||
76 | } | 145 | } |
77 | } | 146 | } |
78 | 147 | ||
79 | break | 148 | return |
80 | } | 149 | } |
81 | } | 150 | } |
82 | |||
83 | return localLogin(req, res, next) | ||
84 | } | ||
85 | |||
86 | async function handleTokenRevocation (req: express.Request, res: express.Response) { | ||
87 | const token = res.locals.oauth.token | ||
88 | |||
89 | PluginManager.Instance.onLogout(token.User.pluginAuth, token.authName) | ||
90 | |||
91 | await revokeToken(token) | ||
92 | .catch(err => { | ||
93 | logger.error('Cannot revoke token.', err) | ||
94 | }) | ||
95 | |||
96 | // FIXME: uncomment when https://github.com/oauthjs/node-oauth2-server/pull/289 is released | ||
97 | // oAuthServer.revoke(req, res, err => { | ||
98 | // if (err) { | ||
99 | // logger.warn('Error in revoke token handler.', { err }) | ||
100 | // | ||
101 | // return res.status(err.status) | ||
102 | // .json({ | ||
103 | // error: err.message, | ||
104 | // code: err.name | ||
105 | // }) | ||
106 | // .end() | ||
107 | // } | ||
108 | // }) | ||
109 | |||
110 | return res.sendStatus(200) | ||
111 | } | ||
112 | |||
113 | // --------------------------------------------------------------------------- | ||
114 | |||
115 | export { | ||
116 | oAuthServer, | ||
117 | handleIdAndPassLogin, | ||
118 | onExternalAuthPlugin, | ||
119 | handleTokenRevocation | ||
120 | } | ||
121 | |||
122 | // --------------------------------------------------------------------------- | ||
123 | |||
124 | function localLogin (req: express.Request, res: express.Response, next: express.NextFunction) { | ||
125 | return oAuthServer.token()(req, res, err => { | ||
126 | if (err) { | ||
127 | logger.warn('Login error.', { err }) | ||
128 | |||
129 | return res.status(err.status) | ||
130 | .json({ | ||
131 | error: err.message, | ||
132 | code: err.name | ||
133 | }) | ||
134 | .end() | ||
135 | } | ||
136 | |||
137 | return next() | ||
138 | }) | ||
139 | } | 151 | } |