2018-11-06 19:48:50 +00:00
import Stacker from "../middlewares/stacker" ;
import { GetUserMiddleware } from "../middlewares/user" ;
import { Request , Response } from "express" ;
import Client from "../../models/client" ;
import Logging from "@hibas123/nodelogging" ;
import Permission , { IPermission } from "../../models/permissions" ;
import ClientCode from "../../models/client_code" ;
import moment = require ( "moment" ) ;
import { randomBytes } from "crypto" ;
import { ObjectID } from "bson" ;
const AuthRoute = Stacker ( GetUserMiddleware ( true ) , async ( req : Request , res : Response ) = > {
let { response_type , client_id , redirect_uri , scope , state , nored } = req . query ;
const sendError = ( type ) = > {
res . redirect ( redirect_uri += ` ?error= ${ type } &state= ${ state } ` ) ;
}
/ * *
* error
REQUIRED . A single ASCII [ USASCII ] error code from the
following :
invalid_request
The request is missing a required parameter , includes an
invalid parameter value , includes a parameter more than
once , or is otherwise malformed .
unauthorized_client
The client is not authorized to request an authorization
code using this method .
access_denied
The resource owner or authorization server denied the
request .
* /
try {
if ( response_type !== "code" ) {
return sendError ( "unsupported_response_type" ) ;
} else {
let client = await Client . findOne ( { client_id : client_id } )
if ( ! client ) {
return sendError ( "unauthorized_client" )
}
if ( redirect_uri && client . redirect_url !== redirect_uri ) {
Logging . log ( redirect_uri , client . redirect_url ) ;
return res . send ( "Invalid redirect_uri. Please check the integrity of the site requesting and contact the administrator of the page, you want to authorize!" ) ;
}
let permissions : IPermission [ ] = [ ] ;
if ( scope ) {
2019-03-14 18:20:54 +00:00
let perms = ( < string > scope ) . split ( ";" ) . filter ( e = > e !== "read_user" ) . map ( p = > new ObjectID ( p ) ) ;
2018-11-06 19:48:50 +00:00
permissions = await Permission . find ( { _id : { $in : perms } } )
if ( permissions . length != perms . length ) {
return sendError ( "invalid_scope" ) ;
}
}
let code = ClientCode . new ( {
user : req.user._id ,
client : client._id ,
permissions : permissions.map ( p = > p . _id ) ,
validTill : moment ( ) . add ( 30 , "minutes" ) . toDate ( ) ,
code : randomBytes ( 16 ) . toString ( "hex" )
} ) ;
await ClientCode . save ( code ) ;
let ruri = client . redirect_url + ` ?code= ${ code . code } &state= ${ state } ` ;
if ( nored === "true" ) {
res . json ( {
redirect_uri : ruri
} )
} else {
res . redirect ( ruri ) ;
}
}
} catch ( err ) {
Logging . error ( err ) ;
sendError ( "server_error" )
}
} )
export default AuthRoute ;