From 3a4992633ee62d5edfbb484d9c6bcb3cf158489d Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Mon, 31 Jul 2023 14:34:36 +0200 Subject: Migrate server to ESM Sorry for the very big commit that may lead to git log issues and merge conflicts, but it's a major step forward: * Server can be faster at startup because imports() are async and we can easily lazy import big modules * Angular doesn't seem to support ES import (with .js extension), so we had to correctly organize peertube into a monorepo: * Use yarn workspace feature * Use typescript reference projects for dependencies * Shared projects have been moved into "packages", each one is now a node module (with a dedicated package.json/tsconfig.json) * server/tools have been moved into apps/ and is now a dedicated app bundled and published on NPM so users don't have to build peertube cli tools manually * server/tests have been moved into packages/ so we don't compile them every time we want to run the server * Use isolatedModule option: * Had to move from const enum to const (https://www.typescriptlang.org/docs/handbook/enums.html#objects-vs-enums) * Had to explictely specify "type" imports when used in decorators * Prefer tsx (that uses esbuild under the hood) instead of ts-node to load typescript files (tests with mocha or scripts): * To reduce test complexity as esbuild doesn't support decorator metadata, we only test server files that do not import server models * We still build tests files into js files for a faster CI * Remove unmaintained peertube CLI import script * Removed some barrels to speed up execution (less imports) --- server/controllers/api/users/token.ts | 131 ---------------------------------- 1 file changed, 131 deletions(-) delete mode 100644 server/controllers/api/users/token.ts (limited to 'server/controllers/api/users/token.ts') diff --git a/server/controllers/api/users/token.ts b/server/controllers/api/users/token.ts deleted file mode 100644 index c6afea67c..000000000 --- a/server/controllers/api/users/token.ts +++ /dev/null @@ -1,131 +0,0 @@ -import express from 'express' -import { logger } from '@server/helpers/logger' -import { CONFIG } from '@server/initializers/config' -import { OTP } from '@server/initializers/constants' -import { getAuthNameFromRefreshGrant, getBypassFromExternalAuth, getBypassFromPasswordGrant } from '@server/lib/auth/external-auth' -import { handleOAuthToken, MissingTwoFactorError } from '@server/lib/auth/oauth' -import { BypassLogin, revokeToken } from '@server/lib/auth/oauth-model' -import { Hooks } from '@server/lib/plugins/hooks' -import { asyncMiddleware, authenticate, buildRateLimiter, openapiOperationDoc } from '@server/middlewares' -import { buildUUID } from '@shared/extra-utils' -import { ScopedToken } from '@shared/models/users/user-scoped-token' - -const tokensRouter = express.Router() - -const loginRateLimiter = buildRateLimiter({ - windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS, - max: CONFIG.RATES_LIMIT.LOGIN.MAX -}) - -tokensRouter.post('/token', - loginRateLimiter, - openapiOperationDoc({ operationId: 'getOAuthToken' }), - asyncMiddleware(handleToken) -) - -tokensRouter.post('/revoke-token', - openapiOperationDoc({ operationId: 'revokeOAuthToken' }), - authenticate, - asyncMiddleware(handleTokenRevocation) -) - -tokensRouter.get('/scoped-tokens', - authenticate, - getScopedTokens -) - -tokensRouter.post('/scoped-tokens', - authenticate, - asyncMiddleware(renewScopedTokens) -) - -// --------------------------------------------------------------------------- - -export { - tokensRouter -} -// --------------------------------------------------------------------------- - -async function handleToken (req: express.Request, res: express.Response, next: express.NextFunction) { - const grantType = req.body.grant_type - - try { - const bypassLogin = await buildByPassLogin(req, grantType) - - const refreshTokenAuthName = grantType === 'refresh_token' - ? await getAuthNameFromRefreshGrant(req.body.refresh_token) - : undefined - - const options = { - refreshTokenAuthName, - bypassLogin - } - - const token = await handleOAuthToken(req, options) - - res.set('Cache-Control', 'no-store') - res.set('Pragma', 'no-cache') - - Hooks.runAction('action:api.user.oauth2-got-token', { username: token.user.username, ip: req.ip, req, res }) - - return res.json({ - token_type: 'Bearer', - - access_token: token.accessToken, - refresh_token: token.refreshToken, - - expires_in: token.accessTokenExpiresIn, - refresh_token_expires_in: token.refreshTokenExpiresIn - }) - } catch (err) { - logger.warn('Login error', { err }) - - if (err instanceof MissingTwoFactorError) { - res.set(OTP.HEADER_NAME, OTP.HEADER_REQUIRED_VALUE) - } - - return res.fail({ - status: err.code, - message: err.message, - type: err.name - }) - } -} - -async function handleTokenRevocation (req: express.Request, res: express.Response) { - const token = res.locals.oauth.token - - const result = await revokeToken(token, { req, explicitLogout: true }) - - return res.json(result) -} - -function getScopedTokens (req: express.Request, res: express.Response) { - const user = res.locals.oauth.token.user - - return res.json({ - feedToken: user.feedToken - } as ScopedToken) -} - -async function renewScopedTokens (req: express.Request, res: express.Response) { - const user = res.locals.oauth.token.user - - user.feedToken = buildUUID() - await user.save() - - return res.json({ - feedToken: user.feedToken - } as ScopedToken) -} - -async function buildByPassLogin (req: express.Request, grantType: string): Promise { - if (grantType !== 'password') return undefined - - if (req.body.externalAuthToken) { - // Consistency with the getBypassFromPasswordGrant promise - return getBypassFromExternalAuth(req.body.username, req.body.externalAuthToken) - } - - return getBypassFromPasswordGrant(req.body.username, req.body.password) -} -- cgit v1.2.3