From e307e4fce39853d445d086f92b8c556c363ee15d Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Fri, 24 Apr 2020 11:33:01 +0200
Subject: Add ability for auth plugins to hook tokens validity

---
 server/lib/plugins/plugin-manager.ts | 39 +++++++++++++++++++++++++++++++-----
 1 file changed, 34 insertions(+), 5 deletions(-)

(limited to 'server/lib/plugins/plugin-manager.ts')

diff --git a/server/lib/plugins/plugin-manager.ts b/server/lib/plugins/plugin-manager.ts
index 9d646b689..c64ca60aa 100644
--- a/server/lib/plugins/plugin-manager.ts
+++ b/server/lib/plugins/plugin-manager.ts
@@ -21,6 +21,7 @@ import { ClientHtml } from '../client-html'
 import { PluginTranslation } from '../../../shared/models/plugins/plugin-translation.model'
 import { RegisterHelpersStore } from './register-helpers-store'
 import { RegisterServerHookOptions } from '@shared/models/plugins/register-server-hook.model'
+import { MOAuthTokenUser } from '@server/typings/models'
 
 export interface RegisteredPlugin {
   npmName: string
@@ -133,13 +134,11 @@ export class PluginManager implements ServerHook {
   }
 
   onLogout (npmName: string, authName: string) {
-    const plugin = this.getRegisteredPluginOrTheme(npmName)
-    if (!plugin || plugin.type !== PluginType.PLUGIN) return
+    const auth = this.getAuth(npmName, authName)
 
-    const auth = plugin.registerHelpersStore.getIdAndPassAuths()
-      .find(a => a.authName === authName)
+    if (auth?.onLogout) {
+      logger.info('Running onLogout function from auth %s of plugin %s', authName, npmName)
 
-    if (auth.onLogout) {
       try {
         auth.onLogout()
       } catch (err) {
@@ -148,6 +147,28 @@ export class PluginManager implements ServerHook {
     }
   }
 
+  async isTokenValid (token: MOAuthTokenUser, type: 'access' | 'refresh') {
+    const auth = this.getAuth(token.User.pluginAuth, token.authName)
+    if (!auth) return true
+
+    if (auth.hookTokenValidity) {
+      try {
+        const { valid } = await auth.hookTokenValidity({ token, type })
+
+        if (valid === false) {
+          logger.info('Rejecting %s token validity from auth %s of plugin %s', type, token.authName, token.User.pluginAuth)
+        }
+
+        return valid
+      } catch (err) {
+        logger.warn('Cannot run check token validity from auth %s of plugin %s.', token.authName, token.User.pluginAuth, { err })
+        return true
+      }
+    }
+
+    return true
+  }
+
   // ###################### Hooks ######################
 
   async runHook<T> (hookName: ServerHookName, result?: T, params?: any): Promise<T> {
@@ -453,6 +474,14 @@ export class PluginManager implements ServerHook {
     return join(CONFIG.STORAGE.PLUGINS_DIR, 'node_modules', npmName)
   }
 
+  private getAuth (npmName: string, authName: string) {
+    const plugin = this.getRegisteredPluginOrTheme(npmName)
+    if (!plugin || plugin.type !== PluginType.PLUGIN) return null
+
+    return plugin.registerHelpersStore.getIdAndPassAuths()
+                 .find(a => a.authName === authName)
+  }
+
   // ###################### Private getters ######################
 
   private getRegisteredPluginsOrThemes (type: PluginType) {
-- 
cgit v1.2.3