From ea34da50e48e5bab04e98d166434d4b9fc94a5bb Mon Sep 17 00:00:00 2001
From: Fabian Stamm <dev@fabianstamm.de>
Date: Thu, 14 Mar 2019 17:50:59 +0000
Subject: [PATCH 1/6] Adding support for client auth in authorization header

---
 src/api/middlewares/client.ts | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/api/middlewares/client.ts b/src/api/middlewares/client.ts
index 8b50710..0882720 100644
--- a/src/api/middlewares/client.ts
+++ b/src/api/middlewares/client.ts
@@ -11,6 +11,17 @@ export function GetClientAuthMiddleware(checksecret = true, internal = false, ch
       try {
          let client_id = req.query.client_id || req.body.client_id;
          let client_secret = req.query.client_secret || req.body.client_secret;
+                                                               
+         if(!client_id && !client_secret && req.query.headers.authorization) {
+            let header = req.query.headers.authorization;
+            let [type, val] = header.split(" ");
+            if(val) {
+               let str = Buffer.from(val, "base64").toString("utf-8");
+               let [id, secret] = str.split(":");
+               client_id = id;
+               client_secret = secret;
+            }
+         }
 
          if (!client_id || (!client_secret && checksecret)) {
             throw new RequestError("No client credentials", HttpStatusCode.BAD_REQUEST);

From e800dd266afbe96c9c9850741fd6b53f65d6dca6 Mon Sep 17 00:00:00 2001
From: Fabian Stamm <dev@fabianstamm.de>
Date: Thu, 14 Mar 2019 17:57:40 +0000
Subject: [PATCH 2/6] Fixing wrong property access

---
 src/api/middlewares/client.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/api/middlewares/client.ts b/src/api/middlewares/client.ts
index 0882720..45d70dc 100644
--- a/src/api/middlewares/client.ts
+++ b/src/api/middlewares/client.ts
@@ -12,8 +12,8 @@ export function GetClientAuthMiddleware(checksecret = true, internal = false, ch
          let client_id = req.query.client_id || req.body.client_id;
          let client_secret = req.query.client_secret || req.body.client_secret;
                                                                
-         if(!client_id && !client_secret && req.query.headers.authorization) {
-            let header = req.query.headers.authorization;
+         if(!client_id && !client_secret && req.headers.authorization) {
+            let header = req.headers.authorization;
             let [type, val] = header.split(" ");
             if(val) {
                let str = Buffer.from(val, "base64").toString("utf-8");

From 4f54d048c67b378d1a9b4621098fa754314ba5d8 Mon Sep 17 00:00:00 2001
From: Fabian Stamm <dev@fabianstamm.de>
Date: Thu, 14 Mar 2019 18:20:54 +0000
Subject: [PATCH 3/6] Improving Gitlab compatibility

---
 src/api/oauth/auth.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/api/oauth/auth.ts b/src/api/oauth/auth.ts
index c76fb9f..dbcce8d 100644
--- a/src/api/oauth/auth.ts
+++ b/src/api/oauth/auth.ts
@@ -46,7 +46,7 @@ const AuthRoute = Stacker(GetUserMiddleware(true), async (req: Request, res: Res
 
          let permissions: IPermission[] = [];
          if (scope) {
-            let perms = (<string>scope).split(";").map(p => new ObjectID(p));
+            let perms = (<string>scope).split(";").filter(e => e !== "read_user").map(p => new ObjectID(p));
             permissions = await Permission.find({ _id: { $in: perms } })
 
             if (permissions.length != perms.length) {

From cebd669044553be7a2b3855d0dd1fb24fa7c51a8 Mon Sep 17 00:00:00 2001
From: Fabian Stamm <dev@fabianstamm.de>
Date: Thu, 14 Mar 2019 18:22:01 +0000
Subject: [PATCH 4/6] Improving Gitlab compatibility 2

---
 src/views/views.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/views/views.ts b/src/views/views.ts
index fa18aab..cf2e70d 100644
--- a/src/views/views.ts
+++ b/src/views/views.ts
@@ -59,7 +59,7 @@ ViewRouter.get("/auth", Stacker(GetUserMiddleware(false, true), async (req, res)
    let permissions: IPermission[] = [];
    let proms: PromiseLike<void>[] = [];
    if (scope) {
-      for (let perm of scope.split(";")) {
+      for (let perm of scope.split(";").filter(e => e !== "read_user")) {
          proms.push(Permission.findById(perm).then(p => {
             if (!p) return Promise.reject(new Error());
             permissions.push(p);

From ba3acea7f382cae1b018e38ea492cdad62b77352 Mon Sep 17 00:00:00 2001
From: Fabian Stamm <dev@fabianstamm.de>
Date: Thu, 14 Mar 2019 18:24:12 +0000
Subject: [PATCH 5/6] =?UTF-8?q?=E2=80=9Esrc/views/views.ts=E2=80=9C=20?=
 =?UTF-8?q?=C3=A4ndern?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/views/views.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/views/views.ts b/src/views/views.ts
index cf2e70d..6a31114 100644
--- a/src/views/views.ts
+++ b/src/views/views.ts
@@ -13,7 +13,7 @@ import Client from "../models/client";
 import { Logging } from "@hibas123/nodelogging";
 import Stacker from "../api/middlewares/stacker";
 import { UserMiddleware, GetUserMiddleware } from "../api/middlewares/user";
-import GetUserPage from "./user";
+// import GetUserPage from "./user";
 
 Handlebars.registerHelper("appname", () => config.core.name);
 

From 41b888c9e01b0f8987122c3af99c906d7a955b3c Mon Sep 17 00:00:00 2001
From: Fabian Stamm <dev@fabianstamm.de>
Date: Thu, 14 Mar 2019 18:26:05 +0000
Subject: [PATCH 6/6] Adding additional build script

---
 package.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package.json b/package.json
index 7396e34..2035438 100644
--- a/package.json
+++ b/package.json
@@ -7,6 +7,7 @@
    "scripts": {
       "start": "node lib/index.js",
       "build": "tsc && cd views && npm run build && cd ..",
+      "build-server":"tsc",
       "watch-ts": "tsc -w",
       "watch-views": "cd views && npm run watch",
       "watch-node": "nodemon --ignore ./views lib/index.js",