This commit is contained in:
Fabian Stamm
@ -9,42 +9,52 @@ export interface OAuthJWT {
|
||||
user: string;
|
||||
username: string;
|
||||
permissions: string[];
|
||||
application: string
|
||||
application: string;
|
||||
}
|
||||
|
||||
const issuer = config.core.url;
|
||||
|
||||
export const IDTokenJWTExp = moment.duration(30, "m").asSeconds();
|
||||
export function getIDToken(user: IUser, client_id: string, nonce: string) {
|
||||
return createJWT({
|
||||
user: user.uid,
|
||||
name: user.name,
|
||||
nickname: user.username,
|
||||
username: user.username,
|
||||
preferred_username: user.username,
|
||||
gender: Gender[user.gender],
|
||||
nonce
|
||||
}, {
|
||||
expiresIn: IDTokenJWTExp,
|
||||
issuer,
|
||||
algorithm: "RS256",
|
||||
subject: user.uid,
|
||||
audience: client_id
|
||||
})
|
||||
return createJWT(
|
||||
{
|
||||
user: user.uid,
|
||||
name: user.name,
|
||||
nickname: user.username,
|
||||
username: user.username,
|
||||
preferred_username: user.username,
|
||||
gender: Gender[user.gender],
|
||||
nonce,
|
||||
},
|
||||
{
|
||||
expiresIn: IDTokenJWTExp,
|
||||
issuer,
|
||||
algorithm: "RS256",
|
||||
subject: user.uid,
|
||||
audience: client_id,
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
export const AccessTokenJWTExp = moment.duration(6, "h");
|
||||
export function getAccessTokenJWT(token: { user: IUser, permissions: ObjectID[], client: IClient }) {
|
||||
return createJWT(<OAuthJWT>{
|
||||
user: token.user.uid,
|
||||
username: token.user.username,
|
||||
permissions: token.permissions.map(p => p.toHexString()),
|
||||
application: token.client.client_id
|
||||
}, {
|
||||
expiresIn: AccessTokenJWTExp.asSeconds(),
|
||||
issuer,
|
||||
algorithm: "RS256",
|
||||
subject: token.user.uid,
|
||||
audience: token.client.client_id
|
||||
})
|
||||
}
|
||||
export function getAccessTokenJWT(token: {
|
||||
user: IUser;
|
||||
permissions: ObjectID[];
|
||||
client: IClient;
|
||||
}) {
|
||||
return createJWT(
|
||||
<OAuthJWT>{
|
||||
user: token.user.uid,
|
||||
username: token.user.username,
|
||||
permissions: token.permissions.map((p) => p.toHexString()),
|
||||
application: token.client.client_id,
|
||||
},
|
||||
{
|
||||
expiresIn: AccessTokenJWTExp.asSeconds(),
|
||||
issuer,
|
||||
algorithm: "RS256",
|
||||
subject: token.user.uid,
|
||||
audience: token.client.client_id,
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
@ -1,5 +1,7 @@
|
||||
import { Request, Response, NextFunction } from "express"
|
||||
import { Request, Response, NextFunction } from "express";
|
||||
|
||||
export default (fn: (req: Request, res: Response, next: NextFunction) => Promise<any>) => (req: Request, res: Response, next: NextFunction) => {
|
||||
Promise.resolve(fn(req, res, next)).catch(next)
|
||||
}
|
||||
export default (
|
||||
fn: (req: Request, res: Response, next: NextFunction) => Promise<any>
|
||||
) => (req: Request, res: Response, next: NextFunction) => {
|
||||
Promise.resolve(fn(req, res, next)).catch(next);
|
||||
};
|
||||
|
||||
@ -2,4 +2,4 @@ import { randomBytes } from "crypto";
|
||||
|
||||
export function randomString(length: number) {
|
||||
return randomBytes(length).toString("base64").slice(0, length);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,10 +1,8 @@
|
||||
|
||||
/**
|
||||
* Hypertext Transfer Protocol (HTTP) response status codes.
|
||||
* @see {@link https://en.wikipedia.org/wiki/List_of_HTTP_status_codes}
|
||||
*/
|
||||
export enum HttpStatusCode {
|
||||
|
||||
/**
|
||||
* The server has received the request headers and the client should proceed to send the request body
|
||||
* (in the case of a request for which a body needs to be sent; for example, a POST request).
|
||||
@ -376,13 +374,17 @@ export enum HttpStatusCode {
|
||||
* Intended for use by intercepting proxies used to control access to the network (e.g., "captive portals" used
|
||||
* to require agreement to Terms of Service before granting full Internet access via a Wi-Fi hotspot).
|
||||
*/
|
||||
NETWORK_AUTHENTICATION_REQUIRED = 511
|
||||
NETWORK_AUTHENTICATION_REQUIRED = 511,
|
||||
}
|
||||
|
||||
|
||||
export default class RequestError extends Error {
|
||||
constructor(message: any, public status: HttpStatusCode, public nolog: boolean = false, public additional: any = undefined) {
|
||||
super("")
|
||||
constructor(
|
||||
message: any,
|
||||
public status: HttpStatusCode,
|
||||
public nolog: boolean = false,
|
||||
public additional: any = undefined
|
||||
) {
|
||||
super("");
|
||||
this.message = message;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,14 +1,18 @@
|
||||
// import * as crypto from "crypto-js"
|
||||
import { IUser } from "../models/user";
|
||||
import { IClient } from "../models/client";
|
||||
import * as crypto from "crypto"
|
||||
import * as crypto from "crypto";
|
||||
|
||||
function sha512(text: string) {
|
||||
let hash = crypto.createHash("sha512")
|
||||
hash.update(text)
|
||||
return hash.digest("base64")
|
||||
let hash = crypto.createHash("sha512");
|
||||
hash.update(text);
|
||||
return hash.digest("base64");
|
||||
}
|
||||
|
||||
export function getEncryptionKey(user: IUser, client: IClient) {
|
||||
return sha512(sha512(user.encryption_key) + sha512(client._id.toHexString()) + sha512(client.client_id))
|
||||
}
|
||||
return sha512(
|
||||
sha512(user.encryption_key) +
|
||||
sha512(client._id.toHexString()) +
|
||||
sha512(client.client_id)
|
||||
);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user