1 files changed, 76 insertions, 0 deletions
diff --git a/server/middlewares/auth.ts b/server/middlewares/auth.ts
new file mode 100644
index 000000000..f38373624
--- /dev/null
+++ b/server/middlewares/auth.ts
@@ -0,0 +1,76 @@
+import * as express from 'express'
+import { Socket } from 'socket.io'
+import { getAccessToken } from '@server/lib/auth/oauth-model'
+import { HttpStatusCode } from '../../shared/core-utils/miscs/http-error-codes'
+import { logger } from '../helpers/logger'
+import { handleOAuthAuthenticate } from '../lib/auth/oauth'
+function authenticate (req: express.Request, res: express.Response, next: express.NextFunction, authenticateInQuery = false) {
+  handleOAuthAuthenticate(req, res, authenticateInQuery)
+    .then((token: any) => {
+      res.locals.oauth = { token }
+      res.locals.authenticated = true
+      return next()
+    })
+    .catch(err => {
+      logger.warn('Cannot authenticate.', { err })
+      return res.status(err.status)
+        .json({
+          error: 'Token is invalid.',
+          code: err.name
+        })
+    })
+}
+function authenticateSocket (socket: Socket, next: (err?: any) => void) {
+  const accessToken = socket.handshake.query['accessToken']
+  logger.debug('Checking socket access token %s.', accessToken)
+  if (!accessToken) return next(new Error('No access token provided'))
+  if (typeof accessToken !== 'string') return next(new Error('Access token is invalid'))
+  getAccessToken(accessToken)
+    .then(tokenDB => {
+      const now = new Date()
+      if (!tokenDB || tokenDB.accessTokenExpiresAt < now || tokenDB.refreshTokenExpiresAt < now) {
+        return next(new Error('Invalid access token.'))
+      }
+      socket.handshake.auth.user = tokenDB.User
+      return next()
+    })
+    .catch(err => logger.error('Cannot get access token.', { err }))
+}
+function authenticatePromiseIfNeeded (req: express.Request, res: express.Response, authenticateInQuery = false) {
+  return new Promise<void>(resolve => {
+    // Already authenticated? (or tried to)
+    if (res.locals.oauth?.token.User) return resolve()
+    if (res.locals.authenticated === false) return res.sendStatus(HttpStatusCode.UNAUTHORIZED_401)
+    authenticate(req, res, () => resolve(), authenticateInQuery)
+  })
+}
+function optionalAuthenticate (req: express.Request, res: express.Response, next: express.NextFunction) {
+  if (req.header('authorization')) return authenticate(req, res, next)
+  res.locals.authenticated = false
+  return next()
+}
+// ---------------------------------------------------------------------------
+export {
+  authenticate,
+  authenticateSocket,
+  authenticatePromiseIfNeeded,
+  optionalAuthenticate
+}

diff --git a/server/middlewares/auth.ts b/server/middlewares/auth.ts new file mode 100644 index 000000000..f38373624 --- /dev/null +++ b/server/middlewares/auth.ts
@@ -0,0 +1,76 @@
	1	import * as express from 'express'
	2	import { Socket } from 'socket.io'
	3	import { getAccessToken } from '@server/lib/auth/oauth-model'
	4	import { HttpStatusCode } from '../../shared/core-utils/miscs/http-error-codes'
	5	import { logger } from '../helpers/logger'
	6	import { handleOAuthAuthenticate } from '../lib/auth/oauth'
	7
	8	function authenticate (req: express.Request, res: express.Response, next: express.NextFunction, authenticateInQuery = false) {
	9	handleOAuthAuthenticate(req, res, authenticateInQuery)
	10	.then((token: any) => {
	11	res.locals.oauth = { token }
	12	res.locals.authenticated = true
	13
	14	return next()
	15	})
	16	.catch(err => {
	17	logger.warn('Cannot authenticate.', { err })
	18
	19	return res.status(err.status)
	20	.json({
	21	error: 'Token is invalid.',
	22	code: err.name
	23	})
	24	})
	25	}
	26
	27	function authenticateSocket (socket: Socket, next: (err?: any) => void) {
	28	const accessToken = socket.handshake.query['accessToken']
	29
	30	logger.debug('Checking socket access token %s.', accessToken)
	31
	32	if (!accessToken) return next(new Error('No access token provided'))
	33	if (typeof accessToken !== 'string') return next(new Error('Access token is invalid'))
	34
	35	getAccessToken(accessToken)
	36	.then(tokenDB => {
	37	const now = new Date()
	38
	39	if (!tokenDB \|\| tokenDB.accessTokenExpiresAt < now \|\| tokenDB.refreshTokenExpiresAt < now) {
	40	return next(new Error('Invalid access token.'))
	41	}
	42
	43	socket.handshake.auth.user = tokenDB.User
	44
	45	return next()
	46	})
	47	.catch(err => logger.error('Cannot get access token.', { err }))
	48	}
	49
	50	function authenticatePromiseIfNeeded (req: express.Request, res: express.Response, authenticateInQuery = false) {
	51	return new Promise<void>(resolve => {
	52	// Already authenticated? (or tried to)
	53	if (res.locals.oauth?.token.User) return resolve()
	54
	55	if (res.locals.authenticated === false) return res.sendStatus(HttpStatusCode.UNAUTHORIZED_401)
	56
	57	authenticate(req, res, () => resolve(), authenticateInQuery)
	58	})
	59	}
	60
	61	function optionalAuthenticate (req: express.Request, res: express.Response, next: express.NextFunction) {
	62	if (req.header('authorization')) return authenticate(req, res, next)
	63
	64	res.locals.authenticated = false
	65
	66	return next()
	67	}
	68
	69	// ---------------------------------------------------------------------------
	70
	71	export {
	72	authenticate,
	73	authenticateSocket,
	74	authenticatePromiseIfNeeded,
	75	optionalAuthenticate
	76	}