OpenServer/OpenAuth_server
1
1
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity

Making grants and authentication now possible.

Browse Source
This commit is contained in:
Fabian Stamm 2020-03-18 11:00:57 +01:00
parent 44d02b0110
commit d94e83b468
3 changed files with 141 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.vscode/launch.json vendored
View File

@ -5,7 +5,7 @@
"version": "0.2.0", "version": "0.2.0",
"configurations": [ "configurations": [
{ {
"type": "node", "type": "pwa-node",
"request": "launch", "request": "launch",
"name": "Launch Program", "name": "Launch Program",
"program": "${workspaceFolder}/lib/index.js", "program": "${workspaceFolder}/lib/index.js",

4
locales/en.json
View File

@ -11,5 +11,7 @@
"Special token invalid": "Special token invalid", "Special token invalid": "Special token invalid",
"You are not logged in or your login is expired(Special token invalid)": "You are not logged in or your login is expired(Special token invalid)", "You are not logged in or your login is expired(Special token invalid)": "You are not logged in or your login is expired(Special token invalid)",
"No login token": "No login token", "No login token": "No login token",
"Login token invalid": "Login token invalid" "Login token invalid": "Login token invalid",
"Authorize %s": "Authorize %s",
"By clicking on ALLOW, you allow this app to access the requested recources.": "By clicking on ALLOW, you allow this app to access the requested recources."
} }

247
src/api/oauth/auth.ts
View File

@ -84,128 +84,155 @@ import GetAuthPage from "../../views/authorize";
// } // }
// }) // })
const GetAuthRoute = (view = false) => Stacker(GetUserMiddleware(false), async (req: Request, res: Response) => { const GetAuthRoute = (view = false) =>
let { response_type, client_id, redirect_uri, scope, state, nored } = req.query; Stacker(GetUserMiddleware(false), async (req: Request, res: Response) => {
const sendError = (type) => { let {
if (redirect_uri === "$local") response_type,
redirect_uri = "/code"; client_id,
res.redirect(redirect_uri += `?error=${type}&state=${state}`); redirect_uri,
} scope,
state,
nored
} = req.query;
const sendError = type => {
if (redirect_uri === "$local") redirect_uri = "/code";
res.redirect((redirect_uri += `?error=${type}&state=${state}`));
};
const scopes = scope.split(";"); const scopes = scope.split(";");
Logging.debug("Scopes:", scope); Logging.debug("Scopes:", scope);
try { try {
if (response_type !== "code") { if (response_type !== "code") {
return sendError("unsupported_response_type"); return sendError("unsupported_response_type");
} else { } else {
let client = await Client.findOne({ client_id: client_id });
if (!client) {
return sendError("unauthorized_client");
}
let client = await Client.findOne({ client_id: client_id }); if (redirect_uri && client.redirect_url !== redirect_uri) {
if (!client) { Logging.log(redirect_uri, client.redirect_url);
return sendError("unauthorized_client"); return res.send(
} "Invalid redirect_uri. Please check the integrity of the site requesting and contact the administrator of the page, you want to authorize!"
if (redirect_uri && client.redirect_url !== redirect_uri) {
Logging.log(redirect_uri, client.redirect_url);
return res.send("Invalid redirect_uri. Please check the integrity of the site requesting and contact the administrator of the page, you want to authorize!");
}
let permissions: IPermission[] = [];
let proms: PromiseLike<void>[] = [];
if (scopes) {
for (let perm of scopes.filter(e => e !== "read_user")) {
proms.push(
Permission.findById(perm).then(p => {
if (!p) return Promise.reject(new Error());
permissions.push(p);
})
); );
} }
}
let err = undefined; let permissions: IPermission[] = [];
await Promise.all(proms).catch(e => { let proms: PromiseLike<void>[] = [];
err = e; if (scopes) {
}); for (let perm of scopes.filter(e => e !== "read_user")) {
proms.push(
if (err) { Permission.findById(perm).then(p => {
Logging.error(err); if (!p) return Promise.reject(new Error());
return sendError("invalid_scope"); permissions.push(p);
} })
);
let grant: IGrant | undefined = await Grant.findOne({
client: client._id,
user: req.user._id
})
Logging.debug("Grant", grant, permissions);
let missing_permissions: IPermission[] = [];
if (grant) {
missing_permissions = grant.permissions.map(perm => permissions.find(p => p._id.equals(perm))).filter(e => !!e);
} else {
missing_permissions = permissions;
}
let client_granted_perm = missing_permissions.filter(e => e.grant_type == "client")
if (client_granted_perm.length > 0) {
return sendError("no_permission")
}
if (grant && missing_permissions.length > 0) {
await new Promise<void>((yes, no) => GetUserMiddleware(false, true)(req, res, (err?: Error) => err ? no(err) : yes())); // Maybe unresolved when redirect is happening
if (view) {
res.send(GetAuthPage(req.__, client.name, permissions.map(perm => {
return {
name: perm.name,
description: perm.description,
logo: client.logo
}
})));
return;
} else {
if (req.body.allow = "true") {
if (!grant)
grant = Grant.new({
client: client._id,
user: req.user._id,
permissions: []
});
grant.permissions.push(...missing_permissions.map(e => e._id));
await Grant.save(grant);
} else {
return sendError("access_denied");
} }
} }
}
let code = ClientCode.new({ let err = undefined;
user: req.user._id, await Promise.all(proms).catch(e => {
client: client._id, err = e;
permissions: permissions.map(p => p._id), });
validTill: moment().add(30, "minutes").toDate(),
code: randomBytes(16).toString("hex")
});
await ClientCode.save(code);
let redir = client.redirect_url === "$local" ? "/code" : client.redirect_url; if (err) {
let ruri = redir + `?code=${code.code}&state=${state}`; Logging.error(err);
if (nored === "true") { return sendError("invalid_scope");
res.json({ }
redirect_uri: ruri
}) let grant: IGrant | undefined = await Grant.findOne({
} else { client: client._id,
res.redirect(ruri); user: req.user._id
});
Logging.debug("Grant", grant, permissions);
let missing_permissions: IPermission[] = [];
if (grant) {
missing_permissions = grant.permissions
.map(perm => permissions.find(p => p._id.equals(perm)))
.filter(e => !!e);
} else {
missing_permissions = permissions;
}
let client_granted_perm = missing_permissions.filter(
e => e.grant_type == "client"
);
if (client_granted_perm.length > 0) {
return sendError("no_permission");
}
if (!grant && missing_permissions.length > 0) {
await new Promise<void>((yes, no) =>
GetUserMiddleware(false, true)(req, res, (err?: Error) =>
err ? no(err) : yes()
)
); // Maybe unresolved when redirect is happening
if (view) {
res.send(
GetAuthPage(
req.__,
client.name,
permissions.map(perm => {
return {
name: perm.name,
description: perm.description,
logo: client.logo
};
})
)
);
return;
} else {
if ((req.body.allow = "true")) {
if (!grant)
grant = Grant.new({
client: client._id,
user: req.user._id,
permissions: []
});
grant.permissions.push(
...missing_permissions.map(e => e._id)
);
await Grant.save(grant);
} else {
return sendError("access_denied");
}
}
}
let code = ClientCode.new({
user: req.user._id,
client: client._id,
permissions: permissions.map(p => p._id),
validTill: moment()
.add(30, "minutes")
.toDate(),
code: randomBytes(16).toString("hex")
});
await ClientCode.save(code);
let redir =
client.redirect_url === "$local" ? "/code" : client.redirect_url;
let ruri = redir + `?code=${code.code}&state=${state}`;
if (nored === "true") {
res.json({
redirect_uri: ruri
});
} else {
res.redirect(ruri);
}
} }
} catch (err) {
Logging.error(err);
sendError("server_error");
} }
} catch (err) { });
Logging.error(err);
sendError("server_error")
}
});
export default GetAuthRoute; export default GetAuthRoute;