From e1c5503114deef954731904695cd40dccfcef555 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 23 Apr 2020 11:36:50 +0200 Subject: Support logout and add id and pass tests --- server/controllers/api/accounts.ts | 2 +- server/controllers/api/server/follows.ts | 2 +- server/controllers/api/server/server-blocklist.ts | 2 +- server/controllers/api/users/index.ts | 35 +++------------------ server/controllers/api/users/token.ts | 38 +++++++++++++++++++++++ server/controllers/api/video-channel.ts | 2 +- server/controllers/api/video-playlist.ts | 2 +- 7 files changed, 47 insertions(+), 36 deletions(-) create mode 100644 server/controllers/api/users/token.ts (limited to 'server/controllers') diff --git a/server/controllers/api/accounts.ts b/server/controllers/api/accounts.ts index 3bbb0a43e..ccdc610a2 100644 --- a/server/controllers/api/accounts.ts +++ b/server/controllers/api/accounts.ts @@ -1,5 +1,5 @@ import * as express from 'express' -import { getFormattedObjects} from '../../helpers/utils' +import { getFormattedObjects } from '../../helpers/utils' import { asyncMiddleware, authenticate, diff --git a/server/controllers/api/server/follows.ts b/server/controllers/api/server/follows.ts index 82e9ef898..23823c9fb 100644 --- a/server/controllers/api/server/follows.ts +++ b/server/controllers/api/server/follows.ts @@ -1,7 +1,7 @@ import * as express from 'express' import { UserRight } from '../../../../shared/models/users' import { logger } from '../../../helpers/logger' -import { getFormattedObjects} from '../../../helpers/utils' +import { getFormattedObjects } from '../../../helpers/utils' import { SERVER_ACTOR_NAME } from '../../../initializers/constants' import { sendAccept, sendReject, sendUndoFollow } from '../../../lib/activitypub/send' import { diff --git a/server/controllers/api/server/server-blocklist.ts b/server/controllers/api/server/server-blocklist.ts index 008b8d4ea..f849b15c7 100644 --- a/server/controllers/api/server/server-blocklist.ts +++ b/server/controllers/api/server/server-blocklist.ts @@ -1,6 +1,6 @@ import * as express from 'express' import 'multer' -import { getFormattedObjects} from '../../../helpers/utils' +import { getFormattedObjects } from '../../../helpers/utils' import { asyncMiddleware, asyncRetryTransactionMiddleware, diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts index b30f42b43..c488f720b 100644 --- a/server/controllers/api/users/index.ts +++ b/server/controllers/api/users/index.ts @@ -26,12 +26,12 @@ import { usersUpdateValidator } from '../../../middlewares' import { + ensureCanManageUser, usersAskResetPasswordValidator, usersAskSendVerifyEmailValidator, usersBlockingValidator, usersResetPasswordValidator, - usersVerifyEmailValidator, - ensureCanManageUser + usersVerifyEmailValidator } from '../../../middlewares/validators' import { UserModel } from '../../../models/account/user' import { auditLoggerFactory, getAuditIdFromRes, UserAuditView } from '../../../helpers/audit-logger' @@ -49,15 +49,10 @@ import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model' import { UserRegister } from '../../../../shared/models/users/user-register.model' import { MUser, MUserAccountDefault } from '@server/typings/models' import { Hooks } from '@server/lib/plugins/hooks' -import { handleIdAndPassLogin } from '@server/lib/auth' +import { tokensRouter } from '@server/controllers/api/users/token' const auditLogger = auditLoggerFactory('users') -const loginRateLimiter = RateLimit({ - windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS, - max: CONFIG.RATES_LIMIT.LOGIN.MAX -}) - // @ts-ignore const signupRateLimiter = RateLimit({ windowMs: CONFIG.RATES_LIMIT.SIGNUP.WINDOW_MS, @@ -72,6 +67,7 @@ const askSendEmailLimiter = new RateLimit({ }) const usersRouter = express.Router() +usersRouter.use('/', tokensRouter) usersRouter.use('/', myNotificationsRouter) usersRouter.use('/', mySubscriptionsRouter) usersRouter.use('/', myBlocklistRouter) @@ -168,23 +164,6 @@ usersRouter.post('/:id/verify-email', asyncMiddleware(verifyUserEmail) ) -usersRouter.post('/token', - loginRateLimiter, - handleIdAndPassLogin, - tokenSuccess -) -usersRouter.post('/token', - loginRateLimiter, - handleIdAndPassLogin, - tokenSuccess -) -usersRouter.post('/revoke-token', - loginRateLimiter, - handleIdAndPassLogin, - tokenSuccess -) -// TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged, implement revoke token route - // --------------------------------------------------------------------------- export { @@ -391,12 +370,6 @@ async function verifyUserEmail (req: express.Request, res: express.Response) { return res.status(204).end() } -function tokenSuccess (req: express.Request) { - const username = req.body.username - - Hooks.runAction('action:api.user.oauth2-got-token', { username, ip: req.ip }) -} - async function changeUserBlock (res: express.Response, user: MUserAccountDefault, block: boolean, reason?: string) { const oldUserAuditView = new UserAuditView(user.toFormattedJSON()) diff --git a/server/controllers/api/users/token.ts b/server/controllers/api/users/token.ts new file mode 100644 index 000000000..9694f9e5e --- /dev/null +++ b/server/controllers/api/users/token.ts @@ -0,0 +1,38 @@ +import { handleIdAndPassLogin, handleTokenRevocation } from '@server/lib/auth' +import * as RateLimit from 'express-rate-limit' +import { CONFIG } from '@server/initializers/config' +import * as express from 'express' +import { Hooks } from '@server/lib/plugins/hooks' +import { asyncMiddleware, authenticate } from '@server/middlewares' + +const tokensRouter = express.Router() + +const loginRateLimiter = RateLimit({ + windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS, + max: CONFIG.RATES_LIMIT.LOGIN.MAX +}) + +tokensRouter.post('/token', + loginRateLimiter, + handleIdAndPassLogin, + tokenSuccess +) + +tokensRouter.post('/revoke-token', + authenticate, + asyncMiddleware(handleTokenRevocation), + tokenSuccess +) + +// --------------------------------------------------------------------------- + +export { + tokensRouter +} +// --------------------------------------------------------------------------- + +function tokenSuccess (req: express.Request) { + const username = req.body.username + + Hooks.runAction('action:api.user.oauth2-got-token', { username, ip: req.ip }) +} diff --git a/server/controllers/api/video-channel.ts b/server/controllers/api/video-channel.ts index faef5ba4b..d779f1aab 100644 --- a/server/controllers/api/video-channel.ts +++ b/server/controllers/api/video-channel.ts @@ -1,5 +1,5 @@ import * as express from 'express' -import { getFormattedObjects} from '../../helpers/utils' +import { getFormattedObjects } from '../../helpers/utils' import { asyncMiddleware, asyncRetryTransactionMiddleware, diff --git a/server/controllers/api/video-playlist.ts b/server/controllers/api/video-playlist.ts index 49ac3c80e..375d711fd 100644 --- a/server/controllers/api/video-playlist.ts +++ b/server/controllers/api/video-playlist.ts @@ -1,5 +1,5 @@ import * as express from 'express' -import { getFormattedObjects} from '../../helpers/utils' +import { getFormattedObjects } from '../../helpers/utils' import { asyncMiddleware, asyncRetryTransactionMiddleware, -- cgit v1.2.3