Restructuring the Project

Updating dependencies

Backend/src/api/internal/index.ts

@@ -0,0 +1,30 @@
+import { Router } from "express";
+import { OAuthInternalApp } from "./oauth";
+import PasswordAuth from "./password";
+
+const InternalRoute: Router = Router();
+/**
+ * @api {get} /internal/oauth
+ * @apiName ClientInteralOAuth
+ *
+ * @apiGroup client_internal
+ * @apiPermission client_internal Only ClientID
+ *
+ * @apiParam {String} redirect_uri Redirect URI called after success
+ * @apiParam {String} state State will be set in RedirectURI for the client to check
+ */
+InternalRoute.get("/oauth", OAuthInternalApp);
+
+/**
+ * @api {post} /internal/password
+ * @apiName ClientInteralPassword
+ *
+ * @apiGroup client_internal
+ * @apiPermission client_internal Requires ClientID and Secret
+ *
+ * @apiParam {String} username Username (either username or UID)
+ * @apiParam {String} uid User ID (either username or UID)
+ * @apiParam {String} password Hashed and Salted according to specification
+ */
+InternalRoute.post("/password", PasswordAuth);
+export default InternalRoute;

Backend/src/api/internal/oauth.ts

@@ -0,0 +1,41 @@
+import { Request, Response, NextFunction } from "express";
+import Stacker from "../middlewares/stacker";
+import { GetClientAuthMiddleware } from "../middlewares/client";
+import { UserMiddleware } from "../middlewares/user";
+import RequestError, { HttpStatusCode } from "../../helper/request_error";
+import ClientCode from "../../models/client_code";
+import moment = require("moment");
+import { randomBytes } from "crypto";
+export const OAuthInternalApp = Stacker(
+   GetClientAuthMiddleware(false, true),
+   UserMiddleware,
+   async (req: Request, res: Response) => {
+      let { redirect_uri, state } = req.query as { [key: string]: string };
+      if (!redirect_uri) {
+         throw new RequestError(
+            "No redirect url set!",
+            HttpStatusCode.BAD_REQUEST
+         );
+      }
+
+      let sep = redirect_uri.indexOf("?") < 0 ? "?" : "&";
+
+      let code = ClientCode.new({
+         user: req.user._id,
+         client: req.client._id,
+         validTill: moment().add(30, "minutes").toDate(),
+         code: randomBytes(16).toString("hex"),
+         permissions: [],
+      });
+      await ClientCode.save(code);
+
+      res.redirect(
+         redirect_uri +
+            sep +
+            "code=" +
+            code.code +
+            (state ? "&state=" + state : "")
+      );
+      res.end();
+   }
+);

Backend/src/api/internal/password.ts

@@ -0,0 +1,35 @@
+import { Request, Response, NextFunction } from "express";
+import { GetClientAuthMiddleware } from "../middlewares/client";
+import Stacker from "../middlewares/stacker";
+import RequestError, { HttpStatusCode } from "../../helper/request_error";
+import User from "../../models/user";
+
+const PasswordAuth = Stacker(
+   GetClientAuthMiddleware(true, true),
+   async (req: Request, res: Response) => {
+      let {
+         username,
+         password,
+         uid,
+      }: { username: string; password: string; uid: string } = req.body;
+      let query: any = { password: password };
+      if (username) {
+         query.username = username.toLowerCase();
+      } else if (uid) {
+         query.uid = uid;
+      } else {
+         throw new RequestError(
+            req.__("No username or uid set"),
+            HttpStatusCode.BAD_REQUEST
+         );
+      }
+
+      let user = await User.findOne(query);
+      if (!user) {
+         res.json({ error: req.__("Password or username wrong") });
+      } else {
+         res.json({ success: true, uid: user.uid });
+      }
+   }
+);
+export default PasswordAuth;