From f43db2f46ee50bacb402a6ef42d768694c2bc9a8 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Fri, 12 Mar 2021 15:20:46 +0100
Subject: Refactor auth flow

Reimplement some node-oauth2-server methods to remove hacky code needed by our external
login workflow
---
 server/middlewares/oauth.ts | 78 ---------------------------------------------
 1 file changed, 78 deletions(-)
 delete mode 100644 server/middlewares/oauth.ts

(limited to 'server/middlewares/oauth.ts')

diff --git a/server/middlewares/oauth.ts b/server/middlewares/oauth.ts
deleted file mode 100644
index 280595acc..000000000
--- a/server/middlewares/oauth.ts
+++ /dev/null
@@ -1,78 +0,0 @@
-import * as express from 'express'
-import { Socket } from 'socket.io'
-import { oAuthServer } from '@server/lib/auth'
-import { logger } from '../helpers/logger'
-import { getAccessToken } from '../lib/oauth-model'
-import { HttpStatusCode } from '../../shared/core-utils/miscs/http-error-codes'
-
-function authenticate (req: express.Request, res: express.Response, next: express.NextFunction, authenticateInQuery = false) {
-  const options = authenticateInQuery ? { allowBearerTokensInQueryString: true } : {}
-
-  oAuthServer.authenticate(options)(req, res, err => {
-    if (err) {
-      logger.warn('Cannot authenticate.', { err })
-
-      return res.status(err.status)
-        .json({
-          error: 'Token is invalid.',
-          code: err.name
-        })
-        .end()
-    }
-
-    res.locals.authenticated = true
-
-    return next()
-  })
-}
-
-function authenticateSocket (socket: Socket, next: (err?: any) => void) {
-  const accessToken = socket.handshake.query['accessToken']
-
-  logger.debug('Checking socket access token %s.', accessToken)
-
-  if (!accessToken) return next(new Error('No access token provided'))
-  if (typeof accessToken !== 'string') return next(new Error('Access token is invalid'))
-
-  getAccessToken(accessToken)
-    .then(tokenDB => {
-      const now = new Date()
-
-      if (!tokenDB || tokenDB.accessTokenExpiresAt < now || tokenDB.refreshTokenExpiresAt < now) {
-        return next(new Error('Invalid access token.'))
-      }
-
-      socket.handshake.auth.user = tokenDB.User
-
-      return next()
-    })
-    .catch(err => logger.error('Cannot get access token.', { err }))
-}
-
-function authenticatePromiseIfNeeded (req: express.Request, res: express.Response, authenticateInQuery = false) {
-  return new Promise<void>(resolve => {
-    // Already authenticated? (or tried to)
-    if (res.locals.oauth?.token.User) return resolve()
-
-    if (res.locals.authenticated === false) return res.sendStatus(HttpStatusCode.UNAUTHORIZED_401)
-
-    authenticate(req, res, () => resolve(), authenticateInQuery)
-  })
-}
-
-function optionalAuthenticate (req: express.Request, res: express.Response, next: express.NextFunction) {
-  if (req.header('authorization')) return authenticate(req, res, next)
-
-  res.locals.authenticated = false
-
-  return next()
-}
-
-// ---------------------------------------------------------------------------
-
-export {
-  authenticate,
-  authenticateSocket,
-  authenticatePromiseIfNeeded,
-  optionalAuthenticate
-}
-- 
cgit v1.2.3