Compare commits
37 Commits
improving-
...
master
Author | SHA1 | Date |
---|---|---|
Fabian Stamm | 8135190cd8 | |
Fabian Stamm | abe9bb28a4 | |
Fabian Stamm | 99845a7b94 | |
Fabian Stamm | 60b0c2f577 | |
Fabian Stamm | 58e4ab1886 | |
Fabian Stamm | e87cc7f86f | |
Fabian Stamm | 8d3b788657 | |
Fabian Stamm | 26f9b8d208 | |
Fabian Stamm | 36304b8873 | |
Fabian Stamm | 9234efab2a | |
Fabian Stamm | 6bcda75634 | |
Fabian Stamm | dd39ece408 | |
Fabian Stamm | cc1696a429 | |
Fabian Stamm | b68fa6f223 | |
Fabian Stamm | 3718a1d55c | |
Fabian Stamm | e1164eb05b | |
Fabian Stamm | 80aace7b72 | |
Fabian Stamm | 922ed1e813 | |
Fabian Stamm | 1e2bb83447 | |
Fabian Stamm | 0453e461c9 | |
Fabian Stamm | 532107c479 | |
Fabian Stamm | 39628e6175 | |
Fabian Stamm | e814aacb86 | |
Fabian Stamm | bb01f7d62d | |
Fabian Stamm | 779e7e1478 | |
Fabian Stamm | 0e55b154ed | |
Fabian Stamm | 7c0d5949ab | |
Fabian Stamm | 05bef4fd49 | |
Fabian Stamm | d6b72f4fc7 | |
Fabian Stamm | 69aa9cb47e | |
Fabian Stamm | dd10cae1cd | |
Fabian Stamm | 6b4ad81940 | |
Fabian Stamm | 2c4c87927d | |
Fabian Stamm | e0ea7275f7 | |
Fabian Stamm | 51a8609880 | |
Fabian Stamm | 77fedd2815 | |
Fabian Stamm | e51069deab |
|
@ -0,0 +1,11 @@
|
|||
node_modules/
|
||||
Backend/node_modules
|
||||
Backend/keys
|
||||
Backend/logs
|
||||
Backend/lib
|
||||
Backend/doc
|
||||
Backend/config.ini
|
||||
Frontend/build
|
||||
Frontend/node_modules
|
||||
FrontendLegacy/node_modules
|
||||
FrontendLegacy/out
|
|
@ -1,3 +0,0 @@
|
|||
{
|
||||
"url": "https://drone.hibas123.de/OpenServer/OpenAuth_server/"
|
||||
}
|
27
.drone.yml
27
.drone.yml
|
@ -1,27 +0,0 @@
|
|||
kind: pipeline
|
||||
type: docker
|
||||
name: default
|
||||
|
||||
steps:
|
||||
- name: Build with node
|
||||
image: node:12
|
||||
commands:
|
||||
- npm install
|
||||
- npm run install
|
||||
- npm run build
|
||||
- name: Publish to docker
|
||||
image: plugins/docker
|
||||
settings:
|
||||
username:
|
||||
from_secret: docker_username
|
||||
password:
|
||||
from_secret: docker_password
|
||||
auto_tag: true
|
||||
repo: hibas123.azurecr.io/authserver
|
||||
registry: hibas123.azurecr.io
|
||||
debug: true
|
||||
when:
|
||||
branch: master
|
||||
event:
|
||||
exclude:
|
||||
- pull_request
|
|
@ -0,0 +1,37 @@
|
|||
# .github/workflows/ci.yml
|
||||
|
||||
name: CI
|
||||
|
||||
on:
|
||||
push:
|
||||
pull_request:
|
||||
branches: [main]
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
MY_DOCKER_USERNAME: ${{ secrets.MY_DOCKER_USERNAME }}
|
||||
MY_DOCKER_PASSWORD: ${{ secrets.MY_DOCKER_PASSWORD }}
|
||||
FORCE_COLOR: 1
|
||||
steps:
|
||||
- uses: https://github.com/earthly/actions-setup@v1
|
||||
with:
|
||||
version: v0.8.0
|
||||
- uses: actions/checkout@v4
|
||||
- name: Put back the git branch into git (Earthly uses it for tagging)
|
||||
run: |
|
||||
branch=""
|
||||
if [ -n "$GITHUB_HEAD_REF" ]; then
|
||||
branch="$GITHUB_HEAD_REF"
|
||||
else
|
||||
branch="${GITHUB_REF##*/}"
|
||||
fi
|
||||
git checkout -b "$branch" || true
|
||||
- name: Docker Login
|
||||
run: docker login git.hibas.dev --username "$MY_DOCKER_USERNAME" --password "$MY_DOCKER_PASSWORD"
|
||||
- name: Earthly version
|
||||
run: earthly --version
|
||||
- name: Run build
|
||||
run: earthly --push +docker-multi
|
||||
|
|
@ -9,4 +9,7 @@ logs/
|
|||
yarn-error\.log
|
||||
config.ini
|
||||
.env
|
||||
doc/
|
||||
doc/
|
||||
|
||||
.yarn/cache
|
||||
.yarn/install-state.gz
|
|
@ -1,3 +0,0 @@
|
|||
[submodule "views_repo"]
|
||||
path = views_repo
|
||||
url = ../OpenAuth_views
|
|
@ -1,16 +0,0 @@
|
|||
{
|
||||
// Use IntelliSense to learn about possible attributes.
|
||||
// Hover to view descriptions of existing attributes.
|
||||
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
|
||||
"version": "0.2.0",
|
||||
"configurations": [
|
||||
{
|
||||
"type": "pwa-node",
|
||||
"request": "launch",
|
||||
"name": "Launch Program",
|
||||
"program": "${workspaceFolder}/lib/index.js",
|
||||
"outFiles": ["${workspaceFolder}/**/*.js"],
|
||||
"preLaunchTask": "build"
|
||||
}
|
||||
]
|
||||
}
|
|
@ -1,22 +0,0 @@
|
|||
{
|
||||
// Unter https://go.microsoft.com/fwlink/?LinkId=733558
|
||||
// finden Sie Informationen zum Format von "tasks.json"
|
||||
"version": "2.0.0",
|
||||
"tasks": [
|
||||
{
|
||||
"type": "npm",
|
||||
"script": "build-ts",
|
||||
"group": "build",
|
||||
"problemMatcher": ["$tsc"],
|
||||
"presentation": {
|
||||
"echo": true,
|
||||
"reveal": "never",
|
||||
"focus": false,
|
||||
"panel": "shared",
|
||||
"showReuseMessage": true,
|
||||
"clear": false
|
||||
},
|
||||
"label": "build"
|
||||
}
|
||||
]
|
||||
}
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,9 @@
|
|||
nodeLinker: node-modules
|
||||
|
||||
npmRegistryServer: "https://npm.hibas123.de"
|
||||
|
||||
plugins:
|
||||
- path: .yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
|
||||
spec: "@yarnpkg/plugin-interactive-tools"
|
||||
|
||||
yarnPath: .yarn/releases/yarn-3.5.0.cjs
|
|
@ -0,0 +1 @@
|
|||
config.ini
|
|
@ -0,0 +1,6 @@
|
|||
{
|
||||
"name": "openauth",
|
||||
"description": "Open Auth REST API",
|
||||
"title": "Open Auth REST",
|
||||
"url": "/api"
|
||||
}
|
|
@ -1,15 +1,17 @@
|
|||
[database]
|
||||
host=localhost
|
||||
database=openauth
|
||||
|
||||
[core]
|
||||
name = OpenAuthService
|
||||
|
||||
[web]
|
||||
port = 3000
|
||||
|
||||
[mail]
|
||||
server = mail.example.com
|
||||
username = test
|
||||
password = test
|
||||
port = 595
|
||||
[database]
|
||||
host=localhost
|
||||
database=openauth
|
||||
|
||||
[core]
|
||||
name = OpenAuthService
|
||||
secret = dev
|
||||
url=http://localhost:3000
|
||||
|
||||
[web]
|
||||
port = 3000
|
||||
|
||||
[mail]
|
||||
server = mail.example.com
|
||||
username = test
|
||||
password = test
|
||||
port = 595
|
|
@ -38,5 +38,11 @@
|
|||
"Login token invalid": "Login token invalid",
|
||||
"No login token": "No login token",
|
||||
"You are not logged in or your login is expired (Login token invalid)": "You are not logged in or your login is expired (Login token invalid)",
|
||||
"You are not logged in or your login is expired (No special token)": "You are not logged in or your login is expired (No special token)"
|
||||
"You are not logged in or your login is expired (No special token)": "You are not logged in or your login is expired (No special token)",
|
||||
"Special token invalid": "Special token invalid",
|
||||
"You are not logged in or your login is expired (No login token)": "You are not logged in or your login is expired (No login token)",
|
||||
"": "",
|
||||
"You are not logged in or your login is expired ()": "You are not logged in or your login is expired ()",
|
||||
"Session not validated!": "Session not validated!",
|
||||
"Not logged in": "Not logged in"
|
||||
}
|
|
@ -0,0 +1,17 @@
|
|||
{
|
||||
"Login": "Login",
|
||||
"Username or Email": "Username or Email",
|
||||
"Password": "Password",
|
||||
"Next": "Next",
|
||||
"Invalid code": "Invalid code",
|
||||
"You are not logged in or your login is expired": "You are not logged in or your login is expired",
|
||||
"User not found": "User not found",
|
||||
"No special token": "No special token",
|
||||
"You are not logged in or your login is expired(No special token)": "You are not logged in or your login is expired(No special token)",
|
||||
"Special token invalid": "Special token invalid",
|
||||
"You are not logged in or your login is expired(Special token invalid)": "You are not logged in or your login is expired(Special token invalid)",
|
||||
"No login token": "No login token",
|
||||
"Login token invalid": "Login token invalid",
|
||||
"Authorize %s": "Authorize %s",
|
||||
"By clicking on ALLOW, you allow this app to access the requested recources.": "By clicking on ALLOW, you allow this app to access the requested recources."
|
||||
}
|
|
@ -0,0 +1,77 @@
|
|||
{
|
||||
"name": "@hibas123/openauth-backend",
|
||||
"main": "lib/index.js",
|
||||
"author": "Fabian Stamm <dev@fabianstamm.de>",
|
||||
"license": "MIT",
|
||||
"scripts": {
|
||||
"build": "run-s build-ts build-doc",
|
||||
"build-doc": "apidoc -i src/ -p apidoc/",
|
||||
"build-ts": "tsc",
|
||||
"start": "node lib/index.js",
|
||||
"dev": "nodemon -e ts --exec ts-node src/index.ts",
|
||||
"format": "prettier --write \"src/**\""
|
||||
},
|
||||
"pipelines": {
|
||||
"install": [
|
||||
"cd views && npm install",
|
||||
"git submodule init",
|
||||
"git submodule update",
|
||||
"cd views_repo && npm install"
|
||||
]
|
||||
},
|
||||
"devDependencies": {
|
||||
"@types/body-parser": "^1.19.2",
|
||||
"@types/compression": "^1.7.2",
|
||||
"@types/cookie-parser": "^1.4.3",
|
||||
"@types/dotenv": "^8.2.0",
|
||||
"@types/express": "^4.17.17",
|
||||
"@types/express-session": "^1.17.7",
|
||||
"@types/i18n": "^0.13.6",
|
||||
"@types/ini": "^1.3.31",
|
||||
"@types/jsonwebtoken": "^9.0.1",
|
||||
"@types/mongodb": "^4.0.7",
|
||||
"@types/node": "^18.15.11",
|
||||
"@types/node-rsa": "^1.1.1",
|
||||
"@types/qrcode": "^1.5.0",
|
||||
"@types/speakeasy": "^2.0.7",
|
||||
"@types/uuid": "^9.0.1",
|
||||
"apidoc": "^0.54.0",
|
||||
"concurrently": "^8.2.2",
|
||||
"nodemon": "^3.0.1",
|
||||
"prettier": "^2.8.7",
|
||||
"ts-node": "^10.9.1",
|
||||
"typescript": "^5.0.4"
|
||||
},
|
||||
"dependencies": {
|
||||
"@hibas123/config": "^1.1.2",
|
||||
"@hibas123/nodelogging": "^3.1.3",
|
||||
"@hibas123/nodeloggingserver_client": "^1.1.2",
|
||||
"@hibas123/openauth-internalapi": "workspace:^",
|
||||
"@hibas123/openauth-views-v1": "workspace:^",
|
||||
"@hibas123/safe_mongo": "2.0.1",
|
||||
"@simplewebauthn/server": "^7.2.0",
|
||||
"body-parser": "^1.20.2",
|
||||
"compression": "^1.7.4",
|
||||
"connect-mongo": "^5.0.0",
|
||||
"cookie-parser": "^1.4.6",
|
||||
"cors": "^2.8.5",
|
||||
"dotenv": "^16.0.3",
|
||||
"express": "^4.18.2",
|
||||
"express-session": "^1.17.3",
|
||||
"handlebars": "^4.7.7",
|
||||
"i18n": "^0.15.1",
|
||||
"ini": "^4.1.1",
|
||||
"joi": "^17.11.0",
|
||||
"jsonwebtoken": "^9.0.0",
|
||||
"moment": "^2.29.4",
|
||||
"mongodb": "^5.2.0",
|
||||
"node-rsa": "^1.1.1",
|
||||
"npm-run-all": "^4.1.5",
|
||||
"qrcode": "^1.5.3",
|
||||
"reflect-metadata": "^0.1.13",
|
||||
"speakeasy": "^2.0.0",
|
||||
"u2f": "^0.1.3",
|
||||
"uuid": "^9.0.1"
|
||||
},
|
||||
"packageManager": "yarn@3.5.0"
|
||||
}
|
|
@ -5,16 +5,15 @@ import Client from "../../models/client";
|
|||
import verify, { Types } from "../middlewares/verify";
|
||||
import { randomBytes } from "crypto";
|
||||
|
||||
|
||||
const ClientRouter: Router = Router();
|
||||
ClientRouter.route("/")
|
||||
/**
|
||||
* @api {get} /admin/client
|
||||
* @apiName AdminGetClients
|
||||
*
|
||||
*
|
||||
* @apiGroup admin_client
|
||||
* @apiPermission admin
|
||||
*
|
||||
*
|
||||
* @apiSuccess {Object[]} clients
|
||||
* @apiSuccess {String} clients._id The internally used id
|
||||
* @apiSuccess {String} clients.maintainer
|
||||
|
@ -26,24 +25,26 @@ ClientRouter.route("/")
|
|||
* @apiSuccess {String} clients.client_id Client ID used outside of DB
|
||||
* @apiSuccess {String} clients.client_secret
|
||||
*/
|
||||
.get(promiseMiddleware(async (req, res) => {
|
||||
let clients = await Client.find({});
|
||||
//ToDo check if user is required!
|
||||
res.json(clients);
|
||||
}))
|
||||
.get(
|
||||
promiseMiddleware(async (req, res) => {
|
||||
let clients = await Client.find({});
|
||||
//ToDo check if user is required!
|
||||
res.json(clients);
|
||||
})
|
||||
)
|
||||
/**
|
||||
* @api {get} /admin/client
|
||||
* @apiName AdminAddClients
|
||||
*
|
||||
*
|
||||
* @apiGroup admin_client
|
||||
* @apiPermission admin
|
||||
*
|
||||
*
|
||||
* @apiParam {Boolean} internal Is it an internal app
|
||||
* @apiParam {String} name
|
||||
* @apiParam {String} redirect_url
|
||||
* @apiParam {String} website
|
||||
* @apiParam {String} logo
|
||||
*
|
||||
*
|
||||
* @apiSuccess {Object[]} clients
|
||||
* @apiSuccess {String} clients._id The internally used id
|
||||
* @apiSuccess {String} clients.maintainer
|
||||
|
@ -55,62 +56,78 @@ ClientRouter.route("/")
|
|||
* @apiSuccess {String} clients.client_id Client ID used outside of DB
|
||||
* @apiSuccess {String} clients.client_secret
|
||||
*/
|
||||
.post(verify({
|
||||
internal: {
|
||||
type: Types.BOOLEAN,
|
||||
optional: true
|
||||
},
|
||||
name: {
|
||||
type: Types.STRING
|
||||
},
|
||||
redirect_url: {
|
||||
type: Types.STRING
|
||||
},
|
||||
website: {
|
||||
type: Types.STRING
|
||||
},
|
||||
logo: {
|
||||
type: Types.STRING,
|
||||
optional: true
|
||||
}
|
||||
}, true), promiseMiddleware(async (req, res) => {
|
||||
req.body.client_secret = randomBytes(32).toString("hex");
|
||||
let client = Client.new(req.body);
|
||||
client.maintainer = req.user._id;
|
||||
await Client.save(client)
|
||||
res.json(client);
|
||||
}))
|
||||
.post(
|
||||
verify(
|
||||
{
|
||||
internal: {
|
||||
type: Types.BOOLEAN,
|
||||
optional: true,
|
||||
},
|
||||
name: {
|
||||
type: Types.STRING,
|
||||
},
|
||||
redirect_url: {
|
||||
type: Types.STRING,
|
||||
},
|
||||
website: {
|
||||
type: Types.STRING,
|
||||
},
|
||||
logo: {
|
||||
type: Types.STRING,
|
||||
optional: true,
|
||||
},
|
||||
featured: {
|
||||
type: Types.BOOLEAN,
|
||||
optional: true,
|
||||
},
|
||||
description: {
|
||||
type: Types.STRING,
|
||||
optional: true,
|
||||
},
|
||||
},
|
||||
true
|
||||
),
|
||||
promiseMiddleware(async (req, res) => {
|
||||
req.body.client_secret = randomBytes(32).toString("hex");
|
||||
let client = Client.new(req.body);
|
||||
client.maintainer = req.user._id;
|
||||
await Client.save(client);
|
||||
res.json(client);
|
||||
})
|
||||
);
|
||||
|
||||
ClientRouter.route("/:id")
|
||||
/**
|
||||
* @api {delete} /admin/client/:id
|
||||
* @apiParam {String} id Client _id
|
||||
* @apiName AdminDeleteClient
|
||||
*
|
||||
*
|
||||
* @apiGroup admin_client
|
||||
* @apiPermission admin
|
||||
*
|
||||
*
|
||||
* @apiSuccess {Boolean} success
|
||||
*/
|
||||
.delete(promiseMiddleware(async (req, res) => {
|
||||
let { id } = req.params;
|
||||
await Client.delete(id);
|
||||
res.json({ success: true });
|
||||
}))
|
||||
.delete(
|
||||
promiseMiddleware(async (req, res) => {
|
||||
let { id } = req.params;
|
||||
await Client.delete(id);
|
||||
res.json({ success: true });
|
||||
})
|
||||
)
|
||||
/**
|
||||
* @api {put} /admin/client/:id
|
||||
* @apiParam {String} id Client _id
|
||||
* @apiName AdminUpdateClient
|
||||
*
|
||||
*
|
||||
* @apiGroup admin_client
|
||||
* @apiPermission admin
|
||||
*
|
||||
*
|
||||
* @apiParam {Boolean} internal Is it an internal app
|
||||
* @apiParam {String} name
|
||||
* @apiParam {String} redirect_url
|
||||
* @apiParam {String} website
|
||||
* @apiParam {String} logo
|
||||
*
|
||||
*
|
||||
* @apiSuccess {String} _id The internally used id
|
||||
* @apiSuccess {String} maintainer UserID of client maintainer
|
||||
* @apiSuccess {Boolean} internal Defines if it is a internal client
|
||||
|
@ -118,40 +135,57 @@ ClientRouter.route("/:id")
|
|||
* @apiSuccess {String} redirect_url Redirect URL after login
|
||||
* @apiSuccess {String} website Website of Client
|
||||
* @apiSuccess {String} logo The Logo of the Client (optional)
|
||||
* @apiSuccess {String} client_id Client ID used outside of DB
|
||||
* @apiSuccess {String} client_id Client ID used outside of DB
|
||||
* @apiSuccess {String} client_secret The client secret, that can be used to obtain token
|
||||
*/
|
||||
.put(verify({
|
||||
internal: {
|
||||
type: Types.BOOLEAN,
|
||||
optional: true
|
||||
},
|
||||
name: {
|
||||
type: Types.STRING,
|
||||
optional: true
|
||||
},
|
||||
redirect_url: {
|
||||
type: Types.STRING,
|
||||
optional: true
|
||||
},
|
||||
website: {
|
||||
type: Types.STRING,
|
||||
optional: true
|
||||
},
|
||||
logo: {
|
||||
type: Types.STRING,
|
||||
optional: true
|
||||
}
|
||||
}, true), promiseMiddleware(async (req, res) => {
|
||||
let { id } = req.query;
|
||||
let client = await Client.findById(id);
|
||||
if (!client) throw new RequestError(req.__("Client not found"), HttpStatusCode.BAD_REQUEST);
|
||||
for (let key in req.body) {
|
||||
client[key] = req.body[key];
|
||||
}
|
||||
await Client.save(client);
|
||||
res.json(client);
|
||||
}))
|
||||
.put(
|
||||
verify(
|
||||
{
|
||||
internal: {
|
||||
type: Types.BOOLEAN,
|
||||
optional: true,
|
||||
},
|
||||
name: {
|
||||
type: Types.STRING,
|
||||
optional: true,
|
||||
},
|
||||
redirect_url: {
|
||||
type: Types.STRING,
|
||||
optional: true,
|
||||
},
|
||||
website: {
|
||||
type: Types.STRING,
|
||||
optional: true,
|
||||
},
|
||||
logo: {
|
||||
type: Types.STRING,
|
||||
optional: true,
|
||||
},
|
||||
featured: {
|
||||
type: Types.BOOLEAN,
|
||||
optional: true,
|
||||
},
|
||||
description: {
|
||||
type: Types.STRING,
|
||||
optional: true,
|
||||
},
|
||||
},
|
||||
true
|
||||
),
|
||||
promiseMiddleware(async (req, res) => {
|
||||
let { id } = req.query as { [key: string]: string };
|
||||
let client = await Client.findById(id);
|
||||
if (!client)
|
||||
throw new RequestError(
|
||||
req.__("Client not found"),
|
||||
HttpStatusCode.BAD_REQUEST
|
||||
);
|
||||
for (let key in req.body) {
|
||||
client[key] = req.body[key];
|
||||
}
|
||||
await Client.save(client);
|
||||
res.json(client);
|
||||
})
|
||||
);
|
||||
|
||||
|
||||
export default ClientRouter;
|
||||
export default ClientRouter;
|
|
@ -9,12 +9,16 @@ import RequestError, { HttpStatusCode } from "../../helper/request_error";
|
|||
const AdminRoute: Router = Router();
|
||||
|
||||
AdminRoute.use(GetUserMiddleware(true, true), (req: Request, res, next) => {
|
||||
if (!req.isAdmin) throw new RequestError("You have no permission to access this API", HttpStatusCode.FORBIDDEN);
|
||||
else next()
|
||||
if (!req.isAdmin)
|
||||
throw new RequestError(
|
||||
"You have no permission to access this API",
|
||||
HttpStatusCode.FORBIDDEN
|
||||
);
|
||||
else next();
|
||||
});
|
||||
|
||||
AdminRoute.use("/client", ClientRoute);
|
||||
AdminRoute.use("/regcode", RegCodeRoute)
|
||||
AdminRoute.use("/user", UserRoute)
|
||||
AdminRoute.use("/regcode", RegCodeRoute);
|
||||
AdminRoute.use("/user", UserRoute);
|
||||
AdminRoute.use("/permission", PermissionRoute);
|
||||
export default AdminRoute;
|
||||
export default AdminRoute;
|
|
@ -1,111 +1,111 @@
|
|||
import { Request, Router } from "express";
|
||||
import { GetUserMiddleware } from "../middlewares/user";
|
||||
import RequestError, { HttpStatusCode } from "../../helper/request_error";
|
||||
import promiseMiddleware from "../../helper/promiseMiddleware";
|
||||
import Permission from "../../models/permissions";
|
||||
import verify, { Types } from "../middlewares/verify";
|
||||
import Client from "../../models/client";
|
||||
import { ObjectID } from "bson";
|
||||
|
||||
const PermissionRoute: Router = Router();
|
||||
PermissionRoute.route("/")
|
||||
/**
|
||||
* @api {get} /admin/permission
|
||||
* @apiName AdminGetPermissions
|
||||
*
|
||||
* @apiParam client Optionally filter by client _id
|
||||
*
|
||||
* @apiGroup admin_permission
|
||||
* @apiPermission admin
|
||||
*
|
||||
* @apiSuccess {Object[]} permissions
|
||||
* @apiSuccess {String} permissions._id The ID
|
||||
* @apiSuccess {String} permissions.name Permission name
|
||||
* @apiSuccess {String} permissions.description A description, that makes it clear to the user, what this Permission allows to do
|
||||
* @apiSuccess {String} permissions.client The ID of the owning client
|
||||
*/
|
||||
.get(
|
||||
promiseMiddleware(async (req, res) => {
|
||||
let query = {};
|
||||
if (req.query.client) {
|
||||
query = { client: new ObjectID(req.query.client) };
|
||||
}
|
||||
let permissions = await Permission.find(query);
|
||||
res.json(permissions);
|
||||
})
|
||||
)
|
||||
/**
|
||||
* @api {post} /admin/permission
|
||||
* @apiName AdminAddPermission
|
||||
*
|
||||
* @apiParam client The ID of the owning client
|
||||
* @apiParam name Permission name
|
||||
* @apiParam description A description, that makes it clear to the user, what this Permission allows to do
|
||||
*
|
||||
* @apiGroup admin_permission
|
||||
* @apiPermission admin
|
||||
*
|
||||
* @apiSuccess {Object[]} permissions
|
||||
* @apiSuccess {String} permissions._id The ID
|
||||
* @apiSuccess {String} permissions.name Permission name
|
||||
* @apiSuccess {String} permissions.description A description, that makes it clear to the user, what this Permission allows to do
|
||||
* @apiSuccess {String} permissions.client The ID of the owning client
|
||||
* @apiSuccess {String} permissions.grant_type The type of the permission. "user" | "client" granted
|
||||
*/
|
||||
.post(
|
||||
verify(
|
||||
{
|
||||
client: {
|
||||
type: Types.STRING
|
||||
},
|
||||
name: {
|
||||
type: Types.STRING
|
||||
},
|
||||
description: {
|
||||
type: Types.STRING
|
||||
},
|
||||
type: {
|
||||
type: Types.ENUM,
|
||||
values: ["user", "client"]
|
||||
}
|
||||
},
|
||||
true
|
||||
),
|
||||
promiseMiddleware(async (req, res) => {
|
||||
let client = await Client.findById(req.body.client);
|
||||
if (!client) {
|
||||
throw new RequestError(
|
||||
"Client not found",
|
||||
HttpStatusCode.BAD_REQUEST
|
||||
);
|
||||
}
|
||||
let permission = Permission.new({
|
||||
description: req.body.description,
|
||||
name: req.body.name,
|
||||
client: client._id,
|
||||
grant_type: req.body.type
|
||||
});
|
||||
await Permission.save(permission);
|
||||
res.json(permission);
|
||||
})
|
||||
)
|
||||
/**
|
||||
* @api {delete} /admin/permission
|
||||
* @apiName AdminDeletePermission
|
||||
*
|
||||
* @apiParam id The permission ID
|
||||
*
|
||||
* @apiGroup admin_permission
|
||||
* @apiPermission admin
|
||||
*
|
||||
* @apiSuccess {Boolean} success
|
||||
*/
|
||||
.delete(
|
||||
promiseMiddleware(async (req, res) => {
|
||||
let { id } = req.query;
|
||||
await Permission.delete(id);
|
||||
res.json({ success: true });
|
||||
})
|
||||
);
|
||||
|
||||
export default PermissionRoute;
|
||||
import { Request, Router } from "express";
|
||||
import { GetUserMiddleware } from "../middlewares/user";
|
||||
import RequestError, { HttpStatusCode } from "../../helper/request_error";
|
||||
import promiseMiddleware from "../../helper/promiseMiddleware";
|
||||
import Permission from "../../models/permissions";
|
||||
import verify, { Types } from "../middlewares/verify";
|
||||
import Client from "../../models/client";
|
||||
import { ObjectId } from "bson";
|
||||
|
||||
const PermissionRoute: Router = Router();
|
||||
PermissionRoute.route("/")
|
||||
/**
|
||||
* @api {get} /admin/permission
|
||||
* @apiName AdminGetPermissions
|
||||
*
|
||||
* @apiParam client Optionally filter by client _id
|
||||
*
|
||||
* @apiGroup admin_permission
|
||||
* @apiPermission admin
|
||||
*
|
||||
* @apiSuccess {Object[]} permissions
|
||||
* @apiSuccess {String} permissions._id The ID
|
||||
* @apiSuccess {String} permissions.name Permission name
|
||||
* @apiSuccess {String} permissions.description A description, that makes it clear to the user, what this Permission allows to do
|
||||
* @apiSuccess {String} permissions.client The ID of the owning client
|
||||
*/
|
||||
.get(
|
||||
promiseMiddleware(async (req, res) => {
|
||||
let query = {};
|
||||
if (req.query.client) {
|
||||
query = { client: new ObjectId(req.query.client as string) };
|
||||
}
|
||||
let permissions = await Permission.find(query);
|
||||
res.json(permissions);
|
||||
})
|
||||
)
|
||||
/**
|
||||
* @api {post} /admin/permission
|
||||
* @apiName AdminAddPermission
|
||||
*
|
||||
* @apiParam client The ID of the owning client
|
||||
* @apiParam name Permission name
|
||||
* @apiParam description A description, that makes it clear to the user, what this Permission allows to do
|
||||
*
|
||||
* @apiGroup admin_permission
|
||||
* @apiPermission admin
|
||||
*
|
||||
* @apiSuccess {Object[]} permissions
|
||||
* @apiSuccess {String} permissions._id The ID
|
||||
* @apiSuccess {String} permissions.name Permission name
|
||||
* @apiSuccess {String} permissions.description A description, that makes it clear to the user, what this Permission allows to do
|
||||
* @apiSuccess {String} permissions.client The ID of the owning client
|
||||
* @apiSuccess {String} permissions.grant_type The type of the permission. "user" | "client" granted
|
||||
*/
|
||||
.post(
|
||||
verify(
|
||||
{
|
||||
client: {
|
||||
type: Types.STRING,
|
||||
},
|
||||
name: {
|
||||
type: Types.STRING,
|
||||
},
|
||||
description: {
|
||||
type: Types.STRING,
|
||||
},
|
||||
type: {
|
||||
type: Types.ENUM,
|
||||
values: ["user", "client"],
|
||||
},
|
||||
},
|
||||
true
|
||||
),
|
||||
promiseMiddleware(async (req, res) => {
|
||||
let client = await Client.findById(req.body.client);
|
||||
if (!client) {
|
||||
throw new RequestError(
|
||||
"Client not found",
|
||||
HttpStatusCode.BAD_REQUEST
|
||||
);
|
||||
}
|
||||
let permission = Permission.new({
|
||||
description: req.body.description,
|
||||
name: req.body.name,
|
||||
client: client._id,
|
||||
grant_type: req.body.type,
|
||||
});
|
||||
await Permission.save(permission);
|
||||
res.json(permission);
|
||||
})
|
||||
)
|
||||
/**
|
||||
* @api {delete} /admin/permission
|
||||
* @apiName AdminDeletePermission
|
||||
*
|
||||
* @apiParam id The permission ID
|
||||
*
|
||||
* @apiGroup admin_permission
|
||||
* @apiPermission admin
|
||||
*
|
||||
* @apiSuccess {Boolean} success
|
||||
*/
|
||||
.delete(
|
||||
promiseMiddleware(async (req, res) => {
|
||||
let { id } = req.query as { [key: string]: string };
|
||||
await Permission.delete(id);
|
||||
res.json({ success: true });
|
||||
})
|
||||
);
|
||||
|
||||
export default PermissionRoute;
|
|
@ -10,54 +10,60 @@ const RegCodeRoute: Router = Router();
|
|||
RegCodeRoute.route("/")
|
||||
/**
|
||||
* @api {get} /admin/regcode
|
||||
* @apiName AdminGetRegcodes
|
||||
*
|
||||
* @apiName AdminGetRegcodes
|
||||
*
|
||||
* @apiGroup admin_regcode
|
||||
* @apiPermission admin
|
||||
*
|
||||
*
|
||||
* @apiSuccess {Object[]} regcodes
|
||||
* @apiSuccess {String} permissions._id The ID
|
||||
* @apiSuccess {String} permissions.token The Regcode Token
|
||||
* @apiSuccess {String} permissions.valid Defines if the Regcode is valid
|
||||
* @apiSuccess {String} permissions.validTill Expiration date of RegCode
|
||||
*/
|
||||
.get(promiseMiddleware(async (req, res) => {
|
||||
let regcodes = await RegCode.find({});
|
||||
res.json(regcodes);
|
||||
}))
|
||||
.get(
|
||||
promiseMiddleware(async (req, res) => {
|
||||
let regcodes = await RegCode.find({});
|
||||
res.json(regcodes);
|
||||
})
|
||||
)
|
||||
/**
|
||||
* @api {delete} /admin/regcode
|
||||
* @apiName AdminDeleteRegcode
|
||||
*
|
||||
*
|
||||
* @apiParam {String} id The id of the RegCode
|
||||
*
|
||||
*
|
||||
* @apiGroup admin_regcode
|
||||
* @apiPermission admin
|
||||
*
|
||||
*
|
||||
* @apiSuccess {Boolean} success
|
||||
*/
|
||||
.delete(promiseMiddleware(async (req, res) => {
|
||||
let { id } = req.query;
|
||||
await RegCode.delete(id);
|
||||
res.json({ success: true });
|
||||
}))
|
||||
.delete(
|
||||
promiseMiddleware(async (req, res) => {
|
||||
let { id } = req.query as { [key: string]: string };
|
||||
await RegCode.delete(id);
|
||||
res.json({ success: true });
|
||||
})
|
||||
)
|
||||
/**
|
||||
* @api {post} /admin/regcode
|
||||
* @apiName AdminAddRegcode
|
||||
*
|
||||
* @apiName AdminAddRegcode
|
||||
*
|
||||
* @apiGroup admin_regcode
|
||||
* @apiPermission admin
|
||||
*
|
||||
*
|
||||
* @apiSuccess {String} code The newly created code
|
||||
*/
|
||||
.post(promiseMiddleware(async (req, res) => {
|
||||
let regcode = RegCode.new({
|
||||
token: randomBytes(10).toString("hex"),
|
||||
valid: true,
|
||||
validTill: moment().add("1", "month").toDate()
|
||||
.post(
|
||||
promiseMiddleware(async (req, res) => {
|
||||
let regcode = RegCode.new({
|
||||
token: randomBytes(10).toString("hex"),
|
||||
valid: true,
|
||||
validTill: moment().add("1", "month").toDate(),
|
||||
});
|
||||
await RegCode.save(regcode);
|
||||
res.json({ code: regcode.token });
|
||||
})
|
||||
await RegCode.save(regcode);
|
||||
res.json({ code: regcode.token });
|
||||
}))
|
||||
);
|
||||
|
||||
export default RegCodeRoute;
|
||||
export default RegCodeRoute;
|
|
@ -9,15 +9,15 @@ import LoginToken from "../../models/login_token";
|
|||
|
||||
const UserRoute: Router = Router();
|
||||
UserRoute.use(GetUserMiddleware(true, true), (req: Request, res, next) => {
|
||||
if (!req.isAdmin) res.sendStatus(HttpStatusCode.FORBIDDEN)
|
||||
else next()
|
||||
})
|
||||
if (!req.isAdmin) res.sendStatus(HttpStatusCode.FORBIDDEN);
|
||||
else next();
|
||||
});
|
||||
|
||||
UserRoute.route("/")
|
||||
/**
|
||||
* @api {get} /admin/user
|
||||
* @apiName AdminGetUsers
|
||||
*
|
||||
* @apiName AdminGetUsers
|
||||
*
|
||||
* @apiGroup admin_user
|
||||
* @apiPermission admin
|
||||
* @apiSuccess {Object[]} user
|
||||
|
@ -29,57 +29,65 @@ UserRoute.route("/")
|
|||
* @apiSuccess {Number} user.gender 0 = none, 1 = male, 2 = female, 3 = other
|
||||
* @apiSuccess {Boolean} user.admin Is admin or not
|
||||
*/
|
||||
.get(promiseMiddleware(async (req, res) => {
|
||||
let users = await User.find({});
|
||||
users.forEach(e => delete e.password && delete e.salt && delete e.encryption_key);
|
||||
res.json(users);
|
||||
}))
|
||||
.get(
|
||||
promiseMiddleware(async (req, res) => {
|
||||
let users = await User.find({});
|
||||
users.forEach(
|
||||
(e) => delete e.password && delete e.salt && delete e.encryption_key
|
||||
);
|
||||
res.json(users);
|
||||
})
|
||||
)
|
||||
/**
|
||||
* @api {delete} /admin/user
|
||||
* @apiName AdminDeleteUser
|
||||
*
|
||||
* @apiName AdminDeleteUser
|
||||
*
|
||||
* @apiParam {String} id The User ID
|
||||
*
|
||||
*
|
||||
* @apiGroup admin_user
|
||||
* @apiPermission admin
|
||||
*
|
||||
*
|
||||
* @apiSuccess {Boolean} success
|
||||
*/
|
||||
.delete(promiseMiddleware(async (req, res) => {
|
||||
let { id } = req.query;
|
||||
let user = await User.findById(id);
|
||||
.delete(
|
||||
promiseMiddleware(async (req, res) => {
|
||||
let { id } = req.query as { [key: string]: string };
|
||||
let user = await User.findById(id);
|
||||
|
||||
await Promise.all([
|
||||
user.mails.map(mail => Mail.delete(mail)),
|
||||
[
|
||||
RefreshToken.deleteFilter({ user: user._id }),
|
||||
LoginToken.deleteFilter({ user: user._id })
|
||||
]
|
||||
])
|
||||
await Promise.all([
|
||||
user.mails.map((mail) => Mail.delete(mail)),
|
||||
[
|
||||
RefreshToken.deleteFilter({ user: user._id }),
|
||||
LoginToken.deleteFilter({ user: user._id }),
|
||||
],
|
||||
]);
|
||||
|
||||
await User.delete(user);
|
||||
res.json({ success: true });
|
||||
}))
|
||||
await User.delete(user);
|
||||
res.json({ success: true });
|
||||
})
|
||||
)
|
||||
/**
|
||||
* @api {put} /admin/user
|
||||
* @apiName AdminChangeUser
|
||||
*
|
||||
* @apiName AdminChangeUser
|
||||
*
|
||||
* @apiParam {String} id The User ID
|
||||
*
|
||||
*
|
||||
* @apiGroup admin_user
|
||||
* @apiPermission admin
|
||||
*
|
||||
*
|
||||
* @apiSuccess {Boolean} success
|
||||
*
|
||||
* @apiDescription Flipps the user role:
|
||||
* admin -> user
|
||||
*
|
||||
* @apiDescription Flipps the user role:
|
||||
* admin -> user
|
||||
* user -> admin
|
||||
*/
|
||||
.put(promiseMiddleware(async (req, res) => {
|
||||
let { id } = req.query;
|
||||
let user = await User.findById(id);
|
||||
user.admin = !user.admin;
|
||||
await User.save(user);
|
||||
res.json({ success: true })
|
||||
}))
|
||||
export default UserRoute;
|
||||
.put(
|
||||
promiseMiddleware(async (req, res) => {
|
||||
let { id } = req.query as { [key: string]: string };
|
||||
let user = await User.findById(id);
|
||||
user.admin = !user.admin;
|
||||
await User.save(user);
|
||||
res.json({ success: true });
|
||||
})
|
||||
);
|
||||
export default UserRoute;
|
|
@ -0,0 +1,110 @@
|
|||
import { Request, Response, Router } from "express";
|
||||
import Stacker from "../middlewares/stacker";
|
||||
import {
|
||||
GetClientAuthMiddleware,
|
||||
GetClientApiAuthMiddleware,
|
||||
} from "../middlewares/client";
|
||||
import { GetUserMiddleware } from "../middlewares/user";
|
||||
import { createJWT } from "../../keys";
|
||||
import Client from "../../models/client";
|
||||
import RequestError, { HttpStatusCode } from "../../helper/request_error";
|
||||
import config from "../../config";
|
||||
import Mail from "../../models/mail";
|
||||
|
||||
const ClientRouter = Router();
|
||||
|
||||
/**
|
||||
* @api {get} /client/user
|
||||
*
|
||||
* @apiDescription Can be used for simple authentication of user. It will redirect the user to the redirect URI with a very short lived jwt.
|
||||
*
|
||||
* @apiParam {String} redirect_uri URL to redirect to on success
|
||||
* @apiParam {String} state A optional state, that will be included in the JWT and redirect_uri as parameter
|
||||
*
|
||||
* @apiName ClientUser
|
||||
* @apiGroup client
|
||||
*
|
||||
* @apiPermission user_client Requires ClientID and Authenticated User
|
||||
*/
|
||||
ClientRouter.get(
|
||||
"/user",
|
||||
Stacker(
|
||||
GetClientAuthMiddleware(false),
|
||||
GetUserMiddleware(false, false),
|
||||
async (req: Request, res: Response) => {
|
||||
let { redirect_uri, state } = req.query;
|
||||
|
||||
if (redirect_uri !== req.client.redirect_url)
|
||||
throw new RequestError(
|
||||
"Invalid redirect URI",
|
||||
HttpStatusCode.BAD_REQUEST
|
||||
);
|
||||
|
||||
let jwt = await createJWT(
|
||||
{
|
||||
client: req.client.client_id,
|
||||
uid: req.user.uid,
|
||||
username: req.user.username,
|
||||
state: state,
|
||||
},
|
||||
{
|
||||
expiresIn: 30,
|
||||
issuer: config.core.url,
|
||||
algorithm: "RS256",
|
||||
subject: req.user.uid,
|
||||
audience: req.client.client_id,
|
||||
}
|
||||
); //after 30 seconds this token is invalid
|
||||
res.redirect(
|
||||
redirect_uri + "?jwt=" + jwt + (state ? `&state=${state}` : "")
|
||||
);
|
||||
}
|
||||
)
|
||||
);
|
||||
|
||||
ClientRouter.get(
|
||||
"/account",
|
||||
Stacker(GetClientApiAuthMiddleware(), async (req: Request, res) => {
|
||||
let mails = await Promise.all(
|
||||
req.user.mails.map((id) => Mail.findById(id))
|
||||
);
|
||||
|
||||
let mail = mails.find((e) => e.primary) || mails[0];
|
||||
|
||||
res.json({
|
||||
user: {
|
||||
username: req.user.username,
|
||||
name: req.user.name,
|
||||
email: mail,
|
||||
},
|
||||
});
|
||||
})
|
||||
);
|
||||
|
||||
/**
|
||||
* @api {get} /client/featured
|
||||
*
|
||||
* @apiDescription Get a list of clients, that want to be featured on the home page
|
||||
*
|
||||
* @apiName GetFeaturedClients
|
||||
* @apiGroup client
|
||||
*/
|
||||
ClientRouter.get(
|
||||
"/featured",
|
||||
Stacker(async (req: Request, res) => {
|
||||
let clients = await Client.find({
|
||||
featured: true,
|
||||
});
|
||||
|
||||
res.json({
|
||||
clients: clients.map(({ name, logo, website, description }) => ({
|
||||
name,
|
||||
logo,
|
||||
website,
|
||||
description,
|
||||
})),
|
||||
});
|
||||
})
|
||||
);
|
||||
|
||||
export default ClientRouter;
|
|
@ -1,98 +1,98 @@
|
|||
import { Request, Response } from "express";
|
||||
import Stacker from "../middlewares/stacker";
|
||||
import {
|
||||
ClientAuthMiddleware,
|
||||
GetClientAuthMiddleware
|
||||
} from "../middlewares/client";
|
||||
import Permission from "../../models/permissions";
|
||||
import User from "../../models/user";
|
||||
|
||||
import RequestError, { HttpStatusCode } from "../../helper/request_error";
|
||||
import Grant from "../../models/grants";
|
||||
import { ObjectID } from "mongodb";
|
||||
|
||||
export const GetPermissions = Stacker(
|
||||
GetClientAuthMiddleware(true),
|
||||
async (req: Request, res: Response) => {
|
||||
const { user, permission } = req.query;
|
||||
|
||||
let permissions: { id: string; name: string; description: string }[];
|
||||
let users: string[];
|
||||
|
||||
if (user) {
|
||||
const grant = await Grant.findOne({
|
||||
client: req.client._id,
|
||||
user: user
|
||||
});
|
||||
|
||||
permissions = await Promise.all(
|
||||
grant.permissions.map(perm => Permission.findById(perm))
|
||||
).then(res =>
|
||||
res
|
||||
.filter(e => e.grant_type === "client")
|
||||
.map(e => {
|
||||
return {
|
||||
id: e._id.toHexString(),
|
||||
name: e.name,
|
||||
description: e.description
|
||||
};
|
||||
})
|
||||
);
|
||||
}
|
||||
|
||||
if (permission) {
|
||||
const grants = await Grant.find({
|
||||
client: req.client._id,
|
||||
permissions: new ObjectID(permission)
|
||||
});
|
||||
|
||||
users = grants.map(grant => grant.user.toHexString());
|
||||
}
|
||||
|
||||
res.json({ permissions, users });
|
||||
}
|
||||
);
|
||||
|
||||
export const PostPermissions = Stacker(
|
||||
GetClientAuthMiddleware(true),
|
||||
async (req: Request, res: Response) => {
|
||||
const { permission, uid } = req.body;
|
||||
|
||||
const user = await User.findOne({ uid });
|
||||
if (!user) {
|
||||
throw new RequestError("User not found!", HttpStatusCode.BAD_REQUEST);
|
||||
}
|
||||
|
||||
const permissionDoc = await Permission.findById(permission);
|
||||
if (!permissionDoc || !permissionDoc.client.equals(req.client._id)) {
|
||||
throw new RequestError(
|
||||
"Permission not found!",
|
||||
HttpStatusCode.BAD_REQUEST
|
||||
);
|
||||
}
|
||||
|
||||
let grant = await Grant.findOne({
|
||||
client: req.client._id,
|
||||
user: req.user._id
|
||||
});
|
||||
|
||||
if (!grant) {
|
||||
grant = Grant.new({
|
||||
client: req.client._id,
|
||||
user: req.user._id,
|
||||
permissions: []
|
||||
});
|
||||
}
|
||||
|
||||
//TODO: Fix clients getting user data without consent, when a grant is created and no additional permissions are requested, since for now, it is only checked for grant existance to make client access user data
|
||||
|
||||
if (grant.permissions.indexOf(permission) < 0)
|
||||
grant.permissions.push(permission);
|
||||
|
||||
await Grant.save(grant);
|
||||
|
||||
res.json({
|
||||
success: true
|
||||
});
|
||||
}
|
||||
);
|
||||
import { Request, Response } from "express";
|
||||
import Stacker from "../middlewares/stacker";
|
||||
import {
|
||||
ClientAuthMiddleware,
|
||||
GetClientAuthMiddleware,
|
||||
} from "../middlewares/client";
|
||||
import Permission from "../../models/permissions";
|
||||
import User from "../../models/user";
|
||||
|
||||
import RequestError, { HttpStatusCode } from "../../helper/request_error";
|
||||
import Grant from "../../models/grants";
|
||||
import { ObjectId } from "mongodb";
|
||||
|
||||
export const GetPermissions = Stacker(
|
||||
GetClientAuthMiddleware(true),
|
||||
async (req: Request, res: Response) => {
|
||||
const { user, permission } = req.query as { [key: string]: string };
|
||||
|
||||
let permissions: { id: string; name: string; description: string }[];
|
||||
let users: string[];
|
||||
|
||||
if (user) {
|
||||
const grant = await Grant.findOne({
|
||||
client: req.client._id,
|
||||
user: new ObjectId(user),
|
||||
});
|
||||
|
||||
permissions = await Promise.all(
|
||||
grant.permissions.map((perm) => Permission.findById(perm))
|
||||
).then((res) =>
|
||||
res
|
||||
.filter((e) => e.grant_type === "client")
|
||||
.map((e) => {
|
||||
return {
|
||||
id: e._id.toHexString(),
|
||||
name: e.name,
|
||||
description: e.description,
|
||||
};
|
||||
})
|
||||
);
|
||||
}
|
||||
|
||||
if (permission) {
|
||||
const grants = await Grant.find({
|
||||
client: req.client._id,
|
||||
permissions: new ObjectId(permission),
|
||||
});
|
||||
|
||||
users = grants.map((grant) => grant.user.toHexString());
|
||||
}
|
||||
|
||||
res.json({ permissions, users });
|
||||
}
|
||||
);
|
||||
|
||||
export const PostPermissions = Stacker(
|
||||
GetClientAuthMiddleware(true),
|
||||
async (req: Request, res: Response) => {
|
||||
const { permission, uid } = req.body;
|
||||
|
||||
const user = await User.findOne({ uid });
|
||||
if (!user) {
|
||||
throw new RequestError("User not found!", HttpStatusCode.BAD_REQUEST);
|
||||
}
|
||||
|
||||
const permissionDoc = await Permission.findById(permission);
|
||||
if (!permissionDoc || !permissionDoc.client.equals(req.client._id)) {
|
||||
throw new RequestError(
|
||||
"Permission not found!",
|
||||
HttpStatusCode.BAD_REQUEST
|
||||
);
|
||||
}
|
||||
|
||||
let grant = await Grant.findOne({
|
||||
client: req.client._id,
|
||||
user: req.user._id,
|
||||
});
|
||||
|
||||
if (!grant) {
|
||||
grant = Grant.new({
|
||||
client: req.client._id,
|
||||
user: req.user._id,
|
||||
permissions: [],
|
||||
});
|
||||
}
|
||||
|
||||
//TODO: Fix clients getting user data without consent, when a grant is created and no additional permissions are requested, since for now, it is only checked for grant existance to make client access user data
|
||||
|
||||
if (grant.permissions.indexOf(permission) < 0)
|
||||
grant.permissions.push(permission);
|
||||
|
||||
await Grant.save(grant);
|
||||
|
||||
res.json({
|
||||
success: true,
|
||||
});
|
||||
}
|
||||
);
|
|
@ -0,0 +1,50 @@
|
|||
import * as express from "express";
|
||||
import AdminRoute from "./admin";
|
||||
import UserRoute from "./user";
|
||||
import InternalRoute from "./internal";
|
||||
import ClientRouter from "./client";
|
||||
import cors from "cors";
|
||||
import OAuthRoute from "./oauth";
|
||||
import config from "../config";
|
||||
import JRPCEndpoint from "./jrpc";
|
||||
|
||||
const ApiRouter: express.IRouter = express.Router();
|
||||
ApiRouter.use("/admin", AdminRoute);
|
||||
ApiRouter.use(cors());
|
||||
ApiRouter.use("/user", UserRoute);
|
||||
ApiRouter.use("/internal", InternalRoute);
|
||||
ApiRouter.use("/oauth", OAuthRoute);
|
||||
|
||||
ApiRouter.use("/client", ClientRouter);
|
||||
|
||||
/**
|
||||
* @api {post} /jrpc
|
||||
* @apiName InternalJRPCEndpoint
|
||||
*
|
||||
* @apiGroup user
|
||||
* @apiPermission none
|
||||
*
|
||||
* @apiErrorExample {Object} Error-Response:
|
||||
{
|
||||
error: [
|
||||
{
|
||||
message: "Some Error",
|
||||
field: "username"
|
||||
}
|
||||
],
|
||||
status: 400
|
||||
}
|
||||
*/
|
||||
ApiRouter.post("/jrpc", JRPCEndpoint);
|
||||
|
||||
// Legacy reasons (deprecated)
|
||||
ApiRouter.use("/", ClientRouter);
|
||||
|
||||
ApiRouter.get("/config.json", (req, res) => {
|
||||
return res.json({
|
||||
name: config.core.name,
|
||||
url: config.core.url,
|
||||
});
|
||||
});
|
||||
|
||||
export default ApiRouter;
|
|
@ -6,10 +6,10 @@ const InternalRoute: Router = Router();
|
|||
/**
|
||||
* @api {get} /internal/oauth
|
||||
* @apiName ClientInteralOAuth
|
||||
*
|
||||
*
|
||||
* @apiGroup client_internal
|
||||
* @apiPermission client_internal Only ClientID
|
||||
*
|
||||
*
|
||||
* @apiParam {String} redirect_uri Redirect URI called after success
|
||||
* @apiParam {String} state State will be set in RedirectURI for the client to check
|
||||
*/
|
||||
|
@ -18,13 +18,13 @@ InternalRoute.get("/oauth", OAuthInternalApp);
|
|||
/**
|
||||
* @api {post} /internal/password
|
||||
* @apiName ClientInteralPassword
|
||||
*
|
||||
*
|
||||
* @apiGroup client_internal
|
||||
* @apiPermission client_internal Requires ClientID and Secret
|
||||
*
|
||||
*
|
||||
* @apiParam {String} username Username (either username or UID)
|
||||
* @apiParam {String} uid User ID (either username or UID)
|
||||
* @apiParam {String} password Hashed and Salted according to specification
|
||||
*/
|
||||
InternalRoute.post("/password", PasswordAuth)
|
||||
export default InternalRoute;
|
||||
InternalRoute.post("/password", PasswordAuth);
|
||||
export default InternalRoute;
|
|
@ -1,29 +1,39 @@
|
|||
import { Request, Response, NextFunction } from "express";
|
||||
import Stacker from "../middlewares/stacker";
|
||||
import { GetClientAuthMiddleware } from "../middlewares/client";
|
||||
import { UserMiddleware } from "../middlewares/user";
|
||||
import RequestError, { HttpStatusCode } from "../../helper/request_error";
|
||||
import ClientCode from "../../models/client_code";
|
||||
import moment = require("moment");
|
||||
import { randomBytes } from "crypto";
|
||||
export const OAuthInternalApp = Stacker(GetClientAuthMiddleware(false, true), UserMiddleware,
|
||||
async (req: Request, res: Response) => {
|
||||
let { redirect_uri, state } = req.query
|
||||
if (!redirect_uri) {
|
||||
throw new RequestError("No redirect url set!", HttpStatusCode.BAD_REQUEST);
|
||||
}
|
||||
|
||||
let sep = redirect_uri.indexOf("?") < 0 ? "?" : "&";
|
||||
|
||||
let code = ClientCode.new({
|
||||
user: req.user._id,
|
||||
client: req.client._id,
|
||||
validTill: moment().add(30, "minutes").toDate(),
|
||||
code: randomBytes(16).toString("hex"),
|
||||
permissions: []
|
||||
});
|
||||
await ClientCode.save(code);
|
||||
|
||||
res.redirect(redirect_uri + sep + "code=" + code.code + (state ? "&state=" + state : ""));
|
||||
res.end();
|
||||
});
|
||||
import { Request, Response, NextFunction } from "express";
|
||||
import Stacker from "../middlewares/stacker";
|
||||
import { GetClientAuthMiddleware } from "../middlewares/client";
|
||||
import { UserMiddleware } from "../middlewares/user";
|
||||
import RequestError, { HttpStatusCode } from "../../helper/request_error";
|
||||
import ClientCode from "../../models/client_code";
|
||||
import moment = require("moment");
|
||||
import { randomBytes } from "crypto";
|
||||
export const OAuthInternalApp = Stacker(
|
||||
GetClientAuthMiddleware(false, true),
|
||||
UserMiddleware,
|
||||
async (req: Request, res: Response) => {
|
||||
let { redirect_uri, state } = req.query as { [key: string]: string };
|
||||
if (!redirect_uri) {
|
||||
throw new RequestError(
|
||||
"No redirect url set!",
|
||||
HttpStatusCode.BAD_REQUEST
|
||||
);
|
||||
}
|
||||
|
||||
let redurl = new URL(redirect_uri);
|
||||
|
||||
let code = ClientCode.new({
|
||||
user: req.user._id,
|
||||
client: req.client._id,
|
||||
validTill: moment().add(30, "minutes").toDate(),
|
||||
code: randomBytes(16).toString("hex"),
|
||||
permissions: [],
|
||||
});
|
||||
await ClientCode.save(code);
|
||||
|
||||
redurl.searchParams.set("code", code.code);
|
||||
if (state)
|
||||
redurl.searchParams.set("state", state);
|
||||
|
||||
res.redirect(redurl.href);
|
||||
res.end();
|
||||
}
|
||||
);
|
|
@ -0,0 +1,35 @@
|
|||
import { Request, Response, NextFunction } from "express";
|
||||
import { GetClientAuthMiddleware } from "../middlewares/client";
|
||||
import Stacker from "../middlewares/stacker";
|
||||
import RequestError, { HttpStatusCode } from "../../helper/request_error";
|
||||
import User from "../../models/user";
|
||||
|
||||
const PasswordAuth = Stacker(
|
||||
GetClientAuthMiddleware(true, true),
|
||||
async (req: Request, res: Response) => {
|
||||
let {
|
||||
username,
|
||||
password,
|
||||
uid,
|
||||
}: { username: string; password: string; uid: string } = req.body;
|
||||
let query: any = { password: password };
|
||||
if (username) {
|
||||
query.username = username.toLowerCase();
|
||||
} else if (uid) {
|
||||
query.uid = uid;
|
||||
} else {
|
||||
throw new RequestError(
|
||||
req.__("No username or uid set"),
|
||||
HttpStatusCode.BAD_REQUEST
|
||||
);
|
||||
}
|
||||
|
||||
let user = await User.findOne(query);
|
||||
if (!user) {
|
||||
res.json({ error: req.__("Password or username wrong") });
|
||||
} else {
|
||||
res.json({ success: true, uid: user.uid });
|
||||
}
|
||||
}
|
||||
);
|
||||
export default PasswordAuth;
|
|
@ -0,0 +1,38 @@
|
|||
import { Format } from "@hibas123/logging";
|
||||
import Logging from "@hibas123/nodelogging";
|
||||
import { Server, } from "@hibas123/openauth-internalapi";
|
||||
import { RequestObject, ResponseObject } from "@hibas123/openauth-internalapi/lib/service_base";
|
||||
import { Request, Response } from "express";
|
||||
import Stacker from "../middlewares/stacker";
|
||||
import AccountService from "./services/account";
|
||||
import LoginService from "./services/login";
|
||||
import SecurityService from "./services/security";
|
||||
import TFAService from "./services/twofactor";
|
||||
|
||||
export type SessionContext = Request;
|
||||
|
||||
const provider = new Server.ServiceProvider<SessionContext>();
|
||||
provider.addService(new AccountService());
|
||||
provider.addService(new SecurityService());
|
||||
provider.addService(new TFAService());
|
||||
provider.addService(new LoginService());
|
||||
|
||||
const JRPCEndpoint = Stacker(
|
||||
async (req: Request, res: Response) => {
|
||||
let jrpcreq = req.body as RequestObject;
|
||||
let startTime = process.hrtime.bigint();
|
||||
const session = provider.getSession((data: ResponseObject) => {
|
||||
let time = process.hrtime.bigint() - startTime;
|
||||
let state = data.error ? Format.red(`err(${data.error.message})`) : Format.green("OK");
|
||||
|
||||
Logging.getChild("JRPC").log(jrpcreq.method, state, "-", (Number(time / 10000n) / 100) + "ms");
|
||||
|
||||
res.json(data);
|
||||
}, req);
|
||||
|
||||
|
||||
session.onMessage(jrpcreq);
|
||||
}
|
||||
);
|
||||
|
||||
export default JRPCEndpoint;
|
|
@ -0,0 +1,52 @@
|
|||
import { Profile, ContactInfo, Gender, Server, UserRegisterInfo } from "@hibas123/openauth-internalapi";
|
||||
import type { SessionContext } from "../index";
|
||||
import Mail from "../../../models/mail";
|
||||
import User from "../../../models/user";
|
||||
import { RequireLogin } from "../../../helper/login";
|
||||
|
||||
export default class AccountService extends Server.AccountService<SessionContext> {
|
||||
Register(regcode: string, info: UserRegisterInfo, ctx: SessionContext): Promise<void> {
|
||||
throw new Error("Method not implemented.");
|
||||
}
|
||||
|
||||
@RequireLogin()
|
||||
async GetProfile(ctx: SessionContext): Promise<Profile> {
|
||||
if (!ctx.user) throw new Error("Not logged in");
|
||||
|
||||
|
||||
return {
|
||||
id: ctx.user.uid,
|
||||
username: ctx.user.username,
|
||||
name: ctx.user.name,
|
||||
birthday: ctx.user.birthday?.valueOf(),
|
||||
gender: ctx.user.gender as number as Gender,
|
||||
}
|
||||
}
|
||||
|
||||
@RequireLogin()
|
||||
async UpdateProfile(info: Profile, ctx: SessionContext): Promise<void> {
|
||||
if (!ctx.user) throw new Error("Not logged in");
|
||||
|
||||
ctx.user.name = info.name;
|
||||
ctx.user.birthday = new Date(info.birthday);
|
||||
ctx.user.gender = info.gender as number;
|
||||
|
||||
await User.save(ctx.user);
|
||||
}
|
||||
|
||||
@RequireLogin()
|
||||
async GetContactInfos(ctx: SessionContext): Promise<ContactInfo> {
|
||||
if (!ctx.user) throw new Error("Not logged in");
|
||||
|
||||
let mails = await Promise.all(
|
||||
ctx.user.mails.map((mail) => Mail.findById(mail))
|
||||
);
|
||||
|
||||
let contact = {
|
||||
mail: mails.filter((e) => !!e),
|
||||
phone: ctx.user.phones,
|
||||
};
|
||||
|
||||
return contact;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,265 @@
|
|||
import { Server, LoginState, TFAOption, TFAType } from "@hibas123/openauth-internalapi";
|
||||
import type { SessionContext } from "../index";
|
||||
import Logging from "@hibas123/nodelogging";
|
||||
import User, { IUser } from "../../../models/user";
|
||||
import moment from "moment";
|
||||
import crypto from "node:crypto";
|
||||
import TwoFactor, { ITwoFactor, IWebAuthn } from "../../../models/twofactor";
|
||||
import speakeasy from "speakeasy";
|
||||
import { generateAuthenticationOptions, verifyAuthenticationResponse } from "@simplewebauthn/server";
|
||||
import config from "../../../config";
|
||||
|
||||
//FIXME: There are a lot of uneccessary database requests happening here. Since this is not a "hot" path, it should not matter to much, but it should be fixed nontheless.
|
||||
|
||||
export default class LoginService extends Server.LoginService<SessionContext> {
|
||||
private async getUser(username: string): Promise<IUser> {
|
||||
let user = await User.findOne({ username: username.toLowerCase() });
|
||||
if (!user) {
|
||||
throw new Error("User not found");
|
||||
}
|
||||
return user;
|
||||
}
|
||||
|
||||
private async getLoginState(ctx: SessionContext): Promise<LoginState> {
|
||||
if (ctx.user && ctx.session.validated) {
|
||||
return {
|
||||
success: true
|
||||
}
|
||||
} else if (ctx.session.login_state) {
|
||||
//TODO: Check login_state expiration or so
|
||||
if (ctx.session.login_state.username) {
|
||||
let user = await this.getUser(ctx.session.login_state.username);
|
||||
if (!ctx.session.login_state.password_correct) {
|
||||
let passwordSalt = user.salt;
|
||||
return {
|
||||
success: false,
|
||||
username: ctx.session.login_state.username,
|
||||
password: false,
|
||||
passwordSalt: passwordSalt,
|
||||
}
|
||||
} else {
|
||||
let tfa = await this.getTwoFactors(await this.getUser(ctx.session.login_state.username))
|
||||
if (tfa.length <= 0) {
|
||||
ctx.session.user_id = user._id.toString();
|
||||
ctx.session.login_state = undefined;
|
||||
Logging.warn("This should have been set somewhere else!");
|
||||
return {
|
||||
success: true,
|
||||
}
|
||||
} else {
|
||||
return {
|
||||
success: false,
|
||||
username: ctx.session.login_state.username,
|
||||
password: true,
|
||||
requireTwoFactor: tfa,
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
return {
|
||||
success: false,
|
||||
username: undefined,
|
||||
password: false,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private async getTwoFactors(user: IUser): Promise<TFAOption[]> {
|
||||
let twofactors = await TwoFactor.find({
|
||||
user: user._id,
|
||||
valid: true
|
||||
})
|
||||
|
||||
return twofactors.map<TFAOption>(tf => {
|
||||
return {
|
||||
id: tf._id.toString(),
|
||||
name: tf.name,
|
||||
tfatype: tf.type as number,
|
||||
}
|
||||
})
|
||||
|
||||
}
|
||||
|
||||
private async enableSession(ctx: SessionContext) {
|
||||
let user = await this.getUser(ctx.session.login_state.username);
|
||||
ctx.user = user;
|
||||
ctx.session.user_id = user._id.toString();
|
||||
ctx.session.login_state = undefined;
|
||||
ctx.session.validated = true;
|
||||
}
|
||||
|
||||
GetState(ctx: SessionContext): Promise<LoginState> {
|
||||
return this.getLoginState(ctx);
|
||||
}
|
||||
|
||||
async Start(username: string, ctx: SessionContext): Promise<LoginState> {
|
||||
let user = await this.getUser(username);
|
||||
|
||||
ctx.session.login_state = {
|
||||
username: username,
|
||||
password_correct: false,
|
||||
}
|
||||
|
||||
return this.getLoginState(ctx);
|
||||
}
|
||||
|
||||
async UsePassword(password_hash: string, date: number, ctx: SessionContext): Promise<LoginState> {
|
||||
if (!ctx.session.login_state) {
|
||||
throw new Error("No login state. Call Start() first.");
|
||||
}
|
||||
|
||||
let user = await this.getUser(ctx.session.login_state.username);
|
||||
|
||||
if (date <= 0) {
|
||||
if (user.password !== password_hash) {
|
||||
throw new Error("Password incorrect");
|
||||
}
|
||||
} else {
|
||||
if (
|
||||
!moment(date).isBetween(
|
||||
moment().subtract(1, "minute"),
|
||||
moment().add(1, "minute")
|
||||
)
|
||||
) {
|
||||
throw new Error("Date incorrect. Please check your devices time!");
|
||||
} else {
|
||||
let upw = crypto
|
||||
.createHash("sha512")
|
||||
.update(user.password + date.toString())
|
||||
.digest("hex");
|
||||
|
||||
if (upw !== password_hash) {
|
||||
throw new Error("Password incorrect");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
ctx.session.login_state.password_correct = true;
|
||||
|
||||
let tfas = await this.getTwoFactors(user);
|
||||
if (tfas.length <= 0) {
|
||||
await this.enableSession(ctx);
|
||||
}
|
||||
|
||||
return this.getLoginState(ctx);
|
||||
}
|
||||
|
||||
|
||||
private async getAndCheckTFA<T extends ITwoFactor>(id: string, shouldType: TFAType, ctx: SessionContext): Promise<T> {
|
||||
if (!ctx.session.login_state) {
|
||||
throw new Error("No login state. Call Start() first.");
|
||||
}
|
||||
|
||||
let user = await this.getUser(ctx.session.login_state.username);
|
||||
|
||||
let tfa = await TwoFactor.findById(id);
|
||||
if (!tfa || tfa.user.toString() != user._id.toString()) {
|
||||
throw new Error("Two factor not found");
|
||||
}
|
||||
|
||||
if (tfa.type != shouldType as number) {
|
||||
throw new Error("Two factor is not the correct type!");
|
||||
}
|
||||
|
||||
if (!tfa.valid) {
|
||||
throw new Error("Two factor is not valid");
|
||||
}
|
||||
|
||||
if (tfa.expires && moment().isAfter(moment(tfa.expires))) {
|
||||
throw new Error("Two factor is expired");
|
||||
}
|
||||
|
||||
return tfa as T;
|
||||
}
|
||||
|
||||
async UseTOTP(id: string, code: string, ctx: SessionContext): Promise<LoginState> {
|
||||
let tfa = await this.getAndCheckTFA(id, TFAType.TOTP, ctx);
|
||||
|
||||
let valid = speakeasy.totp.verify({
|
||||
secret: tfa.data,
|
||||
encoding: "base32",
|
||||
token: code,
|
||||
});
|
||||
|
||||
if (!valid) {
|
||||
throw new Error("Code incorrect");
|
||||
}
|
||||
|
||||
await this.enableSession(ctx);
|
||||
|
||||
return this.getLoginState(ctx);
|
||||
}
|
||||
async UseBackupCode(id: string, code: string, ctx: SessionContext): Promise<LoginState> {
|
||||
let tfa = await this.getAndCheckTFA(id, TFAType.BACKUP_CODE, ctx);
|
||||
|
||||
if (tfa.data.indexOf(code) < 0) {
|
||||
throw new Error("Code incorrect");
|
||||
}
|
||||
|
||||
tfa.data = tfa.data.filter(c => c != code);
|
||||
|
||||
await TwoFactor.save(tfa);
|
||||
//TODO: handle the case where the last backup code is used
|
||||
|
||||
await this.enableSession(ctx);
|
||||
|
||||
return this.getLoginState(ctx);
|
||||
}
|
||||
|
||||
async GetWebAuthnChallenge(id: string, ctx: SessionContext): Promise<string> {
|
||||
let tfa = await this.getAndCheckTFA<IWebAuthn>(id, TFAType.WEBAUTHN, ctx);
|
||||
|
||||
const rpID = new URL(config.core.url).hostname;
|
||||
|
||||
let options = generateAuthenticationOptions({
|
||||
timeout: 60000,
|
||||
userVerification: "discouraged",
|
||||
rpID,
|
||||
allowCredentials: [{
|
||||
id: tfa.data.device.credentialID.buffer,
|
||||
type: "public-key",
|
||||
transports: tfa.data.device.transports
|
||||
}]
|
||||
})
|
||||
|
||||
ctx.session.login_state.webauthn_challenge = options.challenge;
|
||||
|
||||
Logging.debug("Challenge", options, tfa, tfa.data.device.credentialID);
|
||||
|
||||
return JSON.stringify(options);
|
||||
}
|
||||
|
||||
async UseWebAuthn(id: string, response: string, ctx: SessionContext): Promise<LoginState> {
|
||||
let tfa = await this.getAndCheckTFA<IWebAuthn>(id, TFAType.WEBAUTHN, ctx);
|
||||
|
||||
if (!ctx.session.login_state.webauthn_challenge) {
|
||||
throw new Error("No webauthn challenge");
|
||||
}
|
||||
|
||||
let rpID = new URL(config.core.url).hostname;
|
||||
|
||||
let verification = await verifyAuthenticationResponse({
|
||||
response: JSON.parse(response),
|
||||
authenticator: {
|
||||
counter: tfa.data.device.counter,
|
||||
credentialID: tfa.data.device.credentialID.buffer,
|
||||
credentialPublicKey: tfa.data.device.credentialPublicKey.buffer,
|
||||
transports: tfa.data.device.transports
|
||||
},
|
||||
expectedChallenge: ctx.session.login_state.webauthn_challenge,
|
||||
expectedOrigin: config.core.url,
|
||||
expectedRPID: rpID,
|
||||
requireUserVerification: false
|
||||
})
|
||||
|
||||
if (verification.verified) {
|
||||
tfa.data.device.counter = verification.authenticationInfo.newCounter;
|
||||
await TwoFactor.save(tfa);
|
||||
}
|
||||
|
||||
await this.enableSession(ctx);
|
||||
|
||||
return this.getLoginState(ctx);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,35 @@
|
|||
import { Server, Session } from "@hibas123/openauth-internalapi";
|
||||
import type { SessionContext } from "../index";
|
||||
import Logging from "@hibas123/nodelogging";
|
||||
import { RequireLogin } from "../../../helper/login";
|
||||
import crypto from "node:crypto";
|
||||
import User from "../../../models/user";
|
||||
|
||||
export default class SecurityService extends Server.SecurityService<SessionContext> {
|
||||
@RequireLogin()
|
||||
async GetSessions(ctx: SessionContext): Promise<Session[]> {
|
||||
return []
|
||||
throw new Error("Method not implemented.");
|
||||
}
|
||||
@RequireLogin()
|
||||
async RevokeSession(id: string, ctx: SessionContext): Promise<void> {
|
||||
throw new Error("Method not implemented.");
|
||||
}
|
||||
|
||||
@RequireLogin()
|
||||
async ChangePassword(old_pw: string, new_pw: string, ctx: SessionContext): Promise<void> {
|
||||
let old_pw_hash = crypto.createHash("sha512").update(ctx.user.salt + old_pw).digest("hex");
|
||||
|
||||
if (old_pw_hash != ctx.user.password) {
|
||||
throw new Error("Wrong password");
|
||||
}
|
||||
|
||||
let salt = crypto.randomBytes(32).toString("base64");
|
||||
let password_hash = crypto.createHash("sha512").update(salt + new_pw).digest("hex");
|
||||
|
||||
ctx.user.salt = salt;
|
||||
ctx.user.password = password_hash;
|
||||
|
||||
await User.save(ctx.user);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,194 @@
|
|||
import { TFANewTOTP, Server, TFAOption, UserRegisterInfo, TFAWebAuthRegister } from "@hibas123/openauth-internalapi";
|
||||
import type { SessionContext } from "../index";
|
||||
import TwoFactorModel, { ITOTP, IWebAuthn, TFATypes } from "../../../models/twofactor";
|
||||
import moment = require("moment");
|
||||
import * as speakeasy from "speakeasy";
|
||||
import * as qrcode from "qrcode";
|
||||
import config from "../../../config";
|
||||
import { generateRegistrationOptions, verifyRegistrationResponse } from '@simplewebauthn/server';
|
||||
import type { RegistrationResponseJSON } from '@simplewebauthn/typescript-types';
|
||||
import Logging from "@hibas123/nodelogging";
|
||||
import { Binary } from "mongodb";
|
||||
import { RequireLogin } from "../../../helper/login";
|
||||
|
||||
|
||||
export default class TFAService extends Server.TFAService<SessionContext> {
|
||||
@RequireLogin()
|
||||
AddBackupCodes(name: string, ctx: SessionContext): Promise<string[]> {
|
||||
throw new Error("Method not implemented.");
|
||||
}
|
||||
|
||||
@RequireLogin()
|
||||
RemoveBackupCodes(id: string, ctx: SessionContext): Promise<void> {
|
||||
throw new Error("Method not implemented.");
|
||||
}
|
||||
|
||||
@RequireLogin()
|
||||
async GetOptions(ctx: SessionContext): Promise<TFAOption[]> {
|
||||
let twofactor = await TwoFactorModel.find({ user: ctx.user._id, valid: true });
|
||||
let expired = twofactor.filter((e) =>
|
||||
e.expires ? moment().isAfter(moment(e.expires)) : false
|
||||
);
|
||||
await Promise.all(
|
||||
expired.map((e) => {
|
||||
e.valid = false;
|
||||
return TwoFactorModel.save(e);
|
||||
})
|
||||
);
|
||||
|
||||
twofactor = twofactor.filter((e) => e.valid);
|
||||
let tfa = twofactor.map<TFAOption>((e) => {
|
||||
return {
|
||||
id: e._id.toString(),
|
||||
name: e.name,
|
||||
tfatype: e.type as number,
|
||||
expires: e.expires?.valueOf()
|
||||
};
|
||||
});
|
||||
|
||||
return tfa;
|
||||
}
|
||||
|
||||
@RequireLogin()
|
||||
async Delete(id: string, ctx: SessionContext): Promise<void> {
|
||||
let twofactor = await TwoFactorModel.findById(id);
|
||||
if (!twofactor || !twofactor.user.equals(ctx.user._id))
|
||||
throw new Error("Invalid ID");
|
||||
|
||||
twofactor.valid = false;
|
||||
await TwoFactorModel.save(twofactor);
|
||||
}
|
||||
|
||||
@RequireLogin()
|
||||
async AddTOTP(name: string, ctx: SessionContext): Promise<TFANewTOTP> {
|
||||
//Generating new
|
||||
let secret = speakeasy.generateSecret({
|
||||
name: config.core.name,
|
||||
issuer: config.core.name,
|
||||
otpauth_url: true
|
||||
});
|
||||
|
||||
let twofactor = TwoFactorModel.new(<ITOTP>{
|
||||
name: name,
|
||||
user: ctx.user._id,
|
||||
type: TFATypes.TOTP,
|
||||
valid: false,
|
||||
data: secret.base32,
|
||||
});
|
||||
|
||||
let dataurl = await qrcode.toDataURL(secret.otpauth_url);
|
||||
await TwoFactorModel.save(twofactor);
|
||||
|
||||
return {
|
||||
id: twofactor._id.toString(),
|
||||
qr: dataurl,
|
||||
secret: secret.base32
|
||||
}
|
||||
}
|
||||
|
||||
@RequireLogin()
|
||||
async VerifyTOTP(id: string, code: string, ctx: SessionContext): Promise<void> {
|
||||
let twofactor = await TwoFactorModel.findById(id);
|
||||
if (!twofactor || !twofactor.user.equals(ctx.user._id))
|
||||
throw new Error("Invalid ID");
|
||||
|
||||
let verified = speakeasy.totp.verify({
|
||||
secret: twofactor.data,
|
||||
encoding: "base32",
|
||||
token: code,
|
||||
});
|
||||
|
||||
if (!verified) throw new Error("Invalid code");
|
||||
|
||||
twofactor.valid = true;
|
||||
twofactor.expires = undefined;
|
||||
|
||||
await TwoFactorModel.save(twofactor);
|
||||
}
|
||||
|
||||
@RequireLogin()
|
||||
async AddWebauthn(name: string, ctx: SessionContext): Promise<TFAWebAuthRegister> {
|
||||
// TODO: Get already registered options
|
||||
|
||||
const rpID = new URL(config.core.url).hostname;
|
||||
const options = generateRegistrationOptions({
|
||||
rpName: config.core.name,
|
||||
rpID,
|
||||
userID: ctx.user.uid,
|
||||
userName: ctx.user.username,
|
||||
attestationType: 'direct',
|
||||
userDisplayName: ctx.user.name,
|
||||
excludeCredentials: [],
|
||||
authenticatorSelection: {
|
||||
userVerification: "required",
|
||||
requireResidentKey: false,
|
||||
residentKey: "discouraged",
|
||||
authenticatorAttachment: "cross-platform"
|
||||
}
|
||||
})
|
||||
|
||||
|
||||
const twofactor = TwoFactorModel.new({
|
||||
name,
|
||||
type: TFATypes.WEBAUTHN,
|
||||
user: ctx.user._id,
|
||||
valid: false,
|
||||
data: {
|
||||
challenge: options.challenge
|
||||
}
|
||||
});
|
||||
|
||||
await TwoFactorModel.save(twofactor);
|
||||
|
||||
Logging.debug(twofactor);
|
||||
|
||||
return {
|
||||
id: twofactor._id.toString(),
|
||||
challenge: JSON.stringify(options)
|
||||
};
|
||||
}
|
||||
|
||||
@RequireLogin()
|
||||
async VerifyWebAuthn(id: string, registration: string, ctx: SessionContext): Promise<void> {
|
||||
let twofactor = await TwoFactorModel.findById(id) as IWebAuthn;
|
||||
if (!twofactor || !twofactor.user.equals(ctx.user._id))
|
||||
throw new Error("Invalid ID");
|
||||
|
||||
const rpID = new URL(config.core.url).hostname;
|
||||
|
||||
const response = JSON.parse(registration) as RegistrationResponseJSON;
|
||||
|
||||
let verification = await verifyRegistrationResponse({
|
||||
response,
|
||||
expectedChallenge: twofactor.data.challenge,
|
||||
expectedOrigin: config.core.url,
|
||||
expectedRPID: rpID,
|
||||
requireUserVerification: true,
|
||||
});
|
||||
|
||||
if (verification.verified) {
|
||||
const { credentialPublicKey, credentialID, counter } = verification.registrationInfo;
|
||||
|
||||
//TODO: Check if already registered!
|
||||
// TwoFactorModel.find({
|
||||
// data: {
|
||||
// }
|
||||
// })
|
||||
|
||||
twofactor.data = {
|
||||
device: {
|
||||
credentialPublicKey: new Binary(credentialPublicKey),
|
||||
credentialID: new Binary(credentialID),
|
||||
counter: verification.registrationInfo.counter,
|
||||
transports: response.response.transports as any[]
|
||||
}
|
||||
}
|
||||
|
||||
twofactor.valid = true;
|
||||
|
||||
await TwoFactorModel.save(twofactor);
|
||||
} else {
|
||||
throw new Error("Invalid response");
|
||||
}
|
||||
}
|
||||
}
|
|
@ -5,8 +5,13 @@ import { validateJWT } from "../../keys";
|
|||
import User from "../../models/user";
|
||||
import Mail from "../../models/mail";
|
||||
import { OAuthJWT } from "../../helper/jwt";
|
||||
import Logging from "@hibas123/nodelogging";
|
||||
|
||||
export function GetClientAuthMiddleware(checksecret = true, internal = false, checksecret_if_available = false) {
|
||||
export function GetClientAuthMiddleware(
|
||||
checksecret = true,
|
||||
internal = false,
|
||||
checksecret_if_available = false
|
||||
) {
|
||||
return async (req: Request, res: Response, next: NextFunction) => {
|
||||
try {
|
||||
let client_id = req.query.client_id || req.body.client_id;
|
||||
|
@ -24,19 +29,29 @@ export function GetClientAuthMiddleware(checksecret = true, internal = false, ch
|
|||
}
|
||||
|
||||
if (!client_id || (!client_secret && checksecret)) {
|
||||
throw new RequestError("No client credentials", HttpStatusCode.BAD_REQUEST);
|
||||
throw new RequestError(
|
||||
"No client credentials",
|
||||
HttpStatusCode.BAD_REQUEST
|
||||
);
|
||||
}
|
||||
let w = { client_id: client_id, client_secret: client_secret };
|
||||
if (!checksecret && !(checksecret_if_available && client_secret)) delete w.client_secret;
|
||||
if (!checksecret && !(checksecret_if_available && client_secret))
|
||||
delete w.client_secret;
|
||||
|
||||
let client = await Client.findOne(w)
|
||||
let client = await Client.findOne(w);
|
||||
|
||||
if (!client) {
|
||||
throw new RequestError("Invalid client_id" + (checksecret ? "or client_secret" : ""), HttpStatusCode.BAD_REQUEST);
|
||||
throw new RequestError(
|
||||
"Invalid client_id" + (checksecret ? "or client_secret" : ""),
|
||||
HttpStatusCode.BAD_REQUEST
|
||||
);
|
||||
}
|
||||
|
||||
if (internal && !client.internal) {
|
||||
throw new RequestError(req.__("Client has no permission for access"), HttpStatusCode.FORBIDDEN)
|
||||
throw new RequestError(
|
||||
req.__("Client has no permission for access"),
|
||||
HttpStatusCode.FORBIDDEN
|
||||
);
|
||||
}
|
||||
req.client = client;
|
||||
next();
|
||||
|
@ -44,7 +59,7 @@ export function GetClientAuthMiddleware(checksecret = true, internal = false, ch
|
|||
if (next) next(e);
|
||||
else throw e;
|
||||
}
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
export const ClientAuthMiddleware = GetClientAuthMiddleware();
|
||||
|
@ -52,10 +67,17 @@ export const ClientAuthMiddleware = GetClientAuthMiddleware();
|
|||
export function GetClientApiAuthMiddleware(permissions?: string[]) {
|
||||
return async (req: Request, res: Response, next: NextFunction) => {
|
||||
try {
|
||||
const invalid_err = new RequestError(req.__("You are not logged in or your login is expired"), HttpStatusCode.UNAUTHORIZED);
|
||||
let token: string = req.query.access_token || req.headers.authorization;
|
||||
if (!token)
|
||||
const invalid_err = new RequestError(
|
||||
req.__("Unauthorized"),
|
||||
HttpStatusCode.UNAUTHORIZED
|
||||
);
|
||||
let token =
|
||||
(req.query.access_token as string) ||
|
||||
(req.headers.authorization as string);
|
||||
if (!token) {
|
||||
Logging.debug("No token found. Searched in query (access_token) and header (authorization)");
|
||||
throw invalid_err;
|
||||
}
|
||||
|
||||
if (token.toLowerCase().startsWith("bearer "))
|
||||
token = token.substring(7);
|
||||
|
@ -64,20 +86,31 @@ export function GetClientApiAuthMiddleware(permissions?: string[]) {
|
|||
try {
|
||||
data = await validateJWT(token);
|
||||
} catch (err) {
|
||||
throw invalid_err
|
||||
Logging.debug("Invalid JWT", err.message);
|
||||
throw invalid_err;
|
||||
}
|
||||
|
||||
let user = await User.findOne({ uid: data.user });
|
||||
|
||||
if (!user)
|
||||
if (!user) {
|
||||
Logging.debug("User not found");
|
||||
throw invalid_err;
|
||||
}
|
||||
|
||||
let client = await Client.findOne({ client_id: data.application })
|
||||
if (!client)
|
||||
let client = await Client.findOne({ client_id: data.application });
|
||||
if (!client) {
|
||||
Logging.debug("Client not found");
|
||||
throw invalid_err;
|
||||
}
|
||||
|
||||
if (permissions && (!data.permissions || !permissions.every(e => data.permissions.indexOf(e) >= 0)))
|
||||
if (
|
||||
permissions &&
|
||||
(!data.permissions ||
|
||||
!permissions.every((e) => data.permissions.indexOf(e) >= 0))
|
||||
) {
|
||||
Logging.debug("Invalid permissions");
|
||||
throw invalid_err;
|
||||
}
|
||||
|
||||
req.user = user;
|
||||
req.client = client;
|
||||
|
@ -86,5 +119,5 @@ export function GetClientApiAuthMiddleware(permissions?: string[]) {
|
|||
if (next) next(e);
|
||||
else throw e;
|
||||
}
|
||||
}
|
||||
};
|
||||
}
|
|
@ -4,23 +4,25 @@ import promiseMiddleware from "../../helper/promiseMiddleware";
|
|||
type RH = (req: Request, res: Response, next?: NextFunction) => any;
|
||||
|
||||
function call(handler: RH, req: Request, res: Response) {
|
||||
return new Promise((yes, no) => {
|
||||
return new Promise<void>((yes, no) => {
|
||||
let p = handler(req, res, (err) => {
|
||||
if (err) no(err);
|
||||
else yes();
|
||||
})
|
||||
if (p && p.catch) p.catch(err => no(err));
|
||||
})
|
||||
});
|
||||
if (p && p.catch) p.catch((err) => no(err));
|
||||
});
|
||||
}
|
||||
|
||||
const Stacker = (...handler: RH[]) => {
|
||||
return promiseMiddleware(async (req: Request, res: Response, next: NextFunction) => {
|
||||
let hc = handler.concat();
|
||||
while (hc.length > 0) {
|
||||
let h = hc.shift();
|
||||
await call(h, req, res);
|
||||
return promiseMiddleware(
|
||||
async (req: Request, res: Response, next: NextFunction) => {
|
||||
let hc = handler.concat();
|
||||
while (hc.length > 0) {
|
||||
let h = hc.shift();
|
||||
await call(h, req, res);
|
||||
}
|
||||
next();
|
||||
}
|
||||
next();
|
||||
});
|
||||
}
|
||||
export default Stacker;
|
||||
);
|
||||
};
|
||||
export default Stacker;
|
|
@ -1,11 +1,10 @@
|
|||
import { NextFunction, Request, Response } from "express";
|
||||
import LoginToken, { CheckToken } from "../../models/login_token";
|
||||
import Logging from "@hibas123/nodelogging";
|
||||
import RequestError, { HttpStatusCode } from "../../helper/request_error";
|
||||
import User from "../../models/user";
|
||||
import promiseMiddleware from "../../helper/promiseMiddleware";
|
||||
import { requireLoginState } from "../../helper/login";
|
||||
|
||||
class Invalid extends Error {}
|
||||
class Invalid extends Error { }
|
||||
|
||||
/**
|
||||
* Returns customized Middleware function, that could also be called directly
|
||||
|
@ -22,7 +21,7 @@ export function GetUserMiddleware(
|
|||
redirect_uri?: string,
|
||||
validated = true
|
||||
) {
|
||||
return promiseMiddleware(async function(
|
||||
return promiseMiddleware(async function (
|
||||
req: Request,
|
||||
res: Response,
|
||||
next?: NextFunction
|
||||
|
@ -31,63 +30,28 @@ export function GetUserMiddleware(
|
|||
throw new Invalid(req.__(message));
|
||||
};
|
||||
try {
|
||||
let { login, special } = req.query;
|
||||
if (!login) {
|
||||
login = req.cookies.login;
|
||||
special = req.cookies.special;
|
||||
if (!requireLoginState(req, validated, special_required)) {
|
||||
invalid("Not logged in");
|
||||
}
|
||||
if (!login) invalid("No login token");
|
||||
if (!special && special_required) invalid("No special token");
|
||||
|
||||
let token = await LoginToken.findOne({ token: login, valid: true });
|
||||
if (!(await CheckToken(token, validated)))
|
||||
invalid("Login token invalid");
|
||||
|
||||
let user = await User.findById(token.user);
|
||||
if (!user) {
|
||||
token.valid = false;
|
||||
await LoginToken.save(token);
|
||||
invalid("Login token invalid");
|
||||
}
|
||||
|
||||
let special_token;
|
||||
if (special) {
|
||||
Logging.debug("Special found");
|
||||
special_token = await LoginToken.findOne({
|
||||
token: special,
|
||||
special: true,
|
||||
valid: true,
|
||||
user: token.user
|
||||
});
|
||||
if (!(await CheckToken(special_token, validated)))
|
||||
invalid("Special token invalid");
|
||||
req.special = true;
|
||||
}
|
||||
|
||||
req.user = user;
|
||||
req.isAdmin = user.admin;
|
||||
req.token = {
|
||||
login: token,
|
||||
special: special_token
|
||||
};
|
||||
|
||||
if (next) next();
|
||||
return true;
|
||||
} catch (e) {
|
||||
Logging.getChild("UserMiddleware").warn(e);
|
||||
if (e instanceof Invalid) {
|
||||
if (req.method === "GET" && !json) {
|
||||
res.status(HttpStatusCode.UNAUTHORIZED);
|
||||
res.redirect(
|
||||
"/login?base64=true&state=" +
|
||||
Buffer.from(
|
||||
redirect_uri ? redirect_uri : req.originalUrl
|
||||
).toString("base64")
|
||||
Buffer.from(
|
||||
redirect_uri ? redirect_uri : req.originalUrl
|
||||
).toString("base64")
|
||||
);
|
||||
} else {
|
||||
throw new RequestError(
|
||||
req.__(
|
||||
"You are not logged in or your login is expired" +
|
||||
` (${e.message})`
|
||||
` (${e.message})`
|
||||
),
|
||||
HttpStatusCode.UNAUTHORIZED,
|
||||
undefined,
|
|
@ -1,6 +1,9 @@
|
|||
import { Request, Response, NextFunction } from "express"
|
||||
import { Logging } from "@hibas123/nodelogging";
|
||||
import { isBoolean, isString, isNumber, isObject, isDate, isArray, isSymbol } from "util";
|
||||
import { Request, Response, NextFunction } from "express";
|
||||
import Logging from "@hibas123/nodelogging";
|
||||
import {
|
||||
isString,
|
||||
isDate,
|
||||
} from "util";
|
||||
import RequestError, { HttpStatusCode } from "../../helper/request_error";
|
||||
|
||||
export enum Types {
|
||||
|
@ -11,39 +14,41 @@ export enum Types {
|
|||
OBJECT,
|
||||
DATE,
|
||||
ARRAY,
|
||||
ENUM
|
||||
ENUM,
|
||||
}
|
||||
|
||||
function isEmail(value: any): boolean {
|
||||
return /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/.test(value)
|
||||
return /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/.test(
|
||||
value
|
||||
);
|
||||
}
|
||||
|
||||
export interface CheckObject {
|
||||
type: Types
|
||||
query?: boolean
|
||||
optional?: boolean
|
||||
type: Types;
|
||||
query?: boolean;
|
||||
optional?: boolean;
|
||||
|
||||
/**
|
||||
* Only when Type.ENUM
|
||||
*
|
||||
*
|
||||
* values to check before
|
||||
*/
|
||||
values?: string[]
|
||||
values?: string[];
|
||||
|
||||
/**
|
||||
* Only when Type.STRING
|
||||
*/
|
||||
notempty?: boolean // Only STRING
|
||||
notempty?: boolean; // Only STRING
|
||||
}
|
||||
|
||||
export interface Checks {
|
||||
[index: string]: CheckObject// | Types
|
||||
[index: string]: CheckObject; // | Types
|
||||
}
|
||||
|
||||
// req: Request, res: Response, next: NextFunction
|
||||
export default function (fields: Checks, noadditional = false) {
|
||||
return (req: Request, res: Response, next: NextFunction) => {
|
||||
let errors: { message: string, field: string }[] = []
|
||||
let errors: { message: string; field: string }[] = [];
|
||||
|
||||
function check(data: any, field_name: string, field: CheckObject) {
|
||||
if (data !== undefined && data !== null) {
|
||||
|
@ -55,71 +60,83 @@ export default function (fields: Checks, noadditional = false) {
|
|||
}
|
||||
break;
|
||||
case Types.NUMBER:
|
||||
if (isNumber(data)) return;
|
||||
if (typeof data == "number") return;
|
||||
break;
|
||||
case Types.EMAIL:
|
||||
if (isEmail(data)) return;
|
||||
break;
|
||||
case Types.BOOLEAN:
|
||||
if (isBoolean(data)) return;
|
||||
if (typeof data == "boolean") return;
|
||||
break;
|
||||
case Types.OBJECT:
|
||||
if (isObject(data)) return;
|
||||
if (typeof data == "object") return;
|
||||
break;
|
||||
case Types.ARRAY:
|
||||
if (isArray(data)) return;
|
||||
if (Array.isArray(data)) return;
|
||||
break;
|
||||
case Types.DATE:
|
||||
if (isDate(data)) return;
|
||||
break;
|
||||
case Types.ENUM:
|
||||
if (isString(data)) {
|
||||
if (typeof data == "string") {
|
||||
if (field.values.indexOf(data) >= 0) return;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
Logging.error(`Invalid type to check: ${field.type} ${Types[field.type]}`)
|
||||
Logging.error(
|
||||
`Invalid type to check: ${field.type} ${Types[field.type]}`
|
||||
);
|
||||
}
|
||||
errors.push({
|
||||
message: res.__("Field {{field}} has wrong type. It should be from type {{type}}", { field: field_name, type: Types[field.type].toLowerCase() }),
|
||||
field: field_name
|
||||
})
|
||||
message: res.__(
|
||||
"Field {{field}} has wrong type. It should be from type {{type}}",
|
||||
{ field: field_name, type: Types[field.type].toLowerCase() }
|
||||
),
|
||||
field: field_name,
|
||||
});
|
||||
} else {
|
||||
if (!field.optional) errors.push({
|
||||
message: res.__("Field {{field}} is not defined", { field: field_name }),
|
||||
field: field_name
|
||||
})
|
||||
if (!field.optional)
|
||||
errors.push({
|
||||
message: res.__("Field {{field}} is not defined", {
|
||||
field: field_name,
|
||||
}),
|
||||
field: field_name,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
for (let field_name in fields) {
|
||||
let field = fields[field_name]
|
||||
let data = fields[field_name].query ? req.query[field_name] : req.body[field_name]
|
||||
check(data, field_name, field)
|
||||
let field = fields[field_name];
|
||||
let data = fields[field_name].query
|
||||
? req.query[field_name]
|
||||
: req.body[field_name];
|
||||
check(data, field_name, field);
|
||||
}
|
||||
|
||||
if (noadditional) { //Checks if the data given has additional parameters
|
||||
if (noadditional) {
|
||||
//Checks if the data given has additional parameters
|
||||
let should = Object.keys(fields);
|
||||
should = should.filter(e => !fields[e].query); //Query parameters should not exist on body
|
||||
should = should.filter((e) => !fields[e].query); //Query parameters should not exist on body
|
||||
let has = Object.keys(req.body);
|
||||
|
||||
has.every(e => {
|
||||
has.every((e) => {
|
||||
if (should.indexOf(e) >= 0) {
|
||||
return true;
|
||||
} else {
|
||||
errors.push({
|
||||
message: res.__("Field {{field}} should not be there", { field: e }),
|
||||
field: e
|
||||
})
|
||||
message: res.__("Field {{field}} should not be there", {
|
||||
field: e,
|
||||
}),
|
||||
field: e,
|
||||
});
|
||||
return false;
|
||||
}
|
||||
})
|
||||
});
|
||||
}
|
||||
|
||||
if (errors.length > 0) {
|
||||
let err = new RequestError(errors, HttpStatusCode.BAD_REQUEST, true);
|
||||
next(err);
|
||||
} else
|
||||
next()
|
||||
}
|
||||
}
|
||||
} else next();
|
||||
};
|
||||
}
|
|
@ -1,246 +1,249 @@
|
|||
import Stacker from "../middlewares/stacker";
|
||||
import { GetUserMiddleware } from "../middlewares/user";
|
||||
import { Request, Response } from "express";
|
||||
import Client from "../../models/client";
|
||||
import Logging from "@hibas123/nodelogging";
|
||||
import Permission, { IPermission } from "../../models/permissions";
|
||||
import ClientCode from "../../models/client_code";
|
||||
import moment = require("moment");
|
||||
import { randomBytes } from "crypto";
|
||||
// import { ObjectID } from "bson";
|
||||
import Grant, { IGrant } from "../../models/grants";
|
||||
import GetAuthPage from "../../views/authorize";
|
||||
import { ObjectID } from "mongodb";
|
||||
|
||||
// const AuthRoute = Stacker(GetUserMiddleware(true), async (req: Request, res: Response) => {
|
||||
// let { response_type, client_id, redirect_uri, scope, state, nored } = req.query;
|
||||
// const sendError = (type) => {
|
||||
// if (redirect_uri === "$local")
|
||||
// redirect_uri = "/code";
|
||||
// res.redirect(redirect_uri += `?error=${type}&state=${state}`);
|
||||
// }
|
||||
// /**
|
||||
// * error
|
||||
// REQUIRED. A single ASCII [USASCII] error code from the
|
||||
// following:
|
||||
// invalid_request
|
||||
// The request is missing a required parameter, includes an
|
||||
// invalid parameter value, includes a parameter more than
|
||||
// once, or is otherwise malformed.
|
||||
// unauthorized_client
|
||||
// The client is not authorized to request an authorization
|
||||
// code using this method.
|
||||
// access_denied
|
||||
// The resource owner or authorization server denied the
|
||||
// request.
|
||||
// */
|
||||
// try {
|
||||
|
||||
// if (response_type !== "code") {
|
||||
// return sendError("unsupported_response_type");
|
||||
// } else {
|
||||
// let client = await Client.findOne({ client_id: client_id })
|
||||
// if (!client) {
|
||||
// return sendError("unauthorized_client")
|
||||
// }
|
||||
|
||||
// if (redirect_uri && client.redirect_url !== redirect_uri) {
|
||||
// Logging.log(redirect_uri, client.redirect_url);
|
||||
// return res.send("Invalid redirect_uri. Please check the integrity of the site requesting and contact the administrator of the page, you want to authorize!");
|
||||
// }
|
||||
|
||||
// let permissions: IPermission[] = [];
|
||||
// if (scope) {
|
||||
// let perms = (<string>scope).split(";").filter(e => e !== "read_user").map(p => new ObjectID(p));
|
||||
// permissions = await Permission.find({ _id: { $in: perms } })
|
||||
|
||||
// if (permissions.length != perms.length) {
|
||||
// return sendError("invalid_scope");
|
||||
// }
|
||||
// }
|
||||
|
||||
// let code = ClientCode.new({
|
||||
// user: req.user._id,
|
||||
// client: client._id,
|
||||
// permissions: permissions.map(p => p._id),
|
||||
// validTill: moment().add(30, "minutes").toDate(),
|
||||
// code: randomBytes(16).toString("hex")
|
||||
// });
|
||||
// await ClientCode.save(code);
|
||||
|
||||
// let redir = client.redirect_url === "$local" ? "/code" : client.redirect_url;
|
||||
|
||||
// let ruri = redir + `?code=${code.code}&state=${state}`;
|
||||
// if (nored === "true") {
|
||||
// res.json({
|
||||
// redirect_uri: ruri
|
||||
// })
|
||||
// } else {
|
||||
// res.redirect(ruri);
|
||||
// }
|
||||
// }
|
||||
// } catch (err) {
|
||||
// Logging.error(err);
|
||||
// sendError("server_error")
|
||||
// }
|
||||
// })
|
||||
|
||||
const GetAuthRoute = (view = false) =>
|
||||
Stacker(GetUserMiddleware(false), async (req: Request, res: Response) => {
|
||||
let {
|
||||
response_type,
|
||||
client_id,
|
||||
redirect_uri,
|
||||
scope,
|
||||
state,
|
||||
nored
|
||||
} = req.query;
|
||||
const sendError = type => {
|
||||
if (redirect_uri === "$local") redirect_uri = "/code";
|
||||
res.redirect((redirect_uri += `?error=${type}${state ? "&state=" + state : ""}`));
|
||||
};
|
||||
|
||||
const scopes = scope.split(";");
|
||||
|
||||
Logging.debug("Scopes:", scope);
|
||||
|
||||
try {
|
||||
if (response_type !== "code") {
|
||||
return sendError("unsupported_response_type");
|
||||
} else {
|
||||
let client = await Client.findOne({ client_id: client_id });
|
||||
if (!client) {
|
||||
return sendError("unauthorized_client");
|
||||
}
|
||||
|
||||
if (redirect_uri && client.redirect_url !== redirect_uri) {
|
||||
Logging.log(redirect_uri, client.redirect_url);
|
||||
return res.send(
|
||||
"Invalid redirect_uri. Please check the integrity of the site requesting and contact the administrator of the page, you want to authorize!"
|
||||
);
|
||||
}
|
||||
|
||||
let permissions: IPermission[] = [];
|
||||
let proms: PromiseLike<void>[] = [];
|
||||
if (scopes) {
|
||||
for (let perm of scopes.filter(e => e !== "read_user")) {
|
||||
let oid = undefined;
|
||||
try {
|
||||
oid = new ObjectID(perm);
|
||||
} catch (err) {
|
||||
Logging.error(err);
|
||||
continue;
|
||||
}
|
||||
proms.push(
|
||||
Permission.findById(oid).then(p => {
|
||||
if (!p) return Promise.reject(new Error());
|
||||
permissions.push(p);
|
||||
})
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
let err = undefined;
|
||||
await Promise.all(proms).catch(e => {
|
||||
err = e;
|
||||
});
|
||||
|
||||
if (err) {
|
||||
Logging.error(err);
|
||||
return sendError("invalid_scope");
|
||||
}
|
||||
|
||||
let grant: IGrant | undefined = await Grant.findOne({
|
||||
client: client._id,
|
||||
user: req.user._id
|
||||
});
|
||||
|
||||
Logging.debug("Grant", grant, permissions);
|
||||
|
||||
let missing_permissions: IPermission[] = [];
|
||||
|
||||
if (grant) {
|
||||
missing_permissions = grant.permissions
|
||||
.map(perm => permissions.find(p => p._id.equals(perm)))
|
||||
.filter(e => !!e);
|
||||
} else {
|
||||
missing_permissions = permissions;
|
||||
}
|
||||
|
||||
let client_granted_perm = missing_permissions.filter(
|
||||
e => e.grant_type == "client"
|
||||
);
|
||||
if (client_granted_perm.length > 0) {
|
||||
return sendError("no_permission");
|
||||
}
|
||||
|
||||
if (!grant && missing_permissions.length > 0) {
|
||||
await new Promise<void>((yes, no) =>
|
||||
GetUserMiddleware(false, true)(req, res, (err?: Error) =>
|
||||
err ? no(err) : yes()
|
||||
)
|
||||
); // Maybe unresolved when redirect is happening
|
||||
|
||||
if (view) {
|
||||
res.send(
|
||||
GetAuthPage(
|
||||
req.__,
|
||||
client.name,
|
||||
permissions.map(perm => {
|
||||
return {
|
||||
name: perm.name,
|
||||
description: perm.description,
|
||||
logo: client.logo
|
||||
};
|
||||
})
|
||||
)
|
||||
);
|
||||
return;
|
||||
} else {
|
||||
if ((req.body.allow = "true")) {
|
||||
if (!grant)
|
||||
grant = Grant.new({
|
||||
client: client._id,
|
||||
user: req.user._id,
|
||||
permissions: []
|
||||
});
|
||||
|
||||
grant.permissions.push(
|
||||
...missing_permissions.map(e => e._id)
|
||||
);
|
||||
await Grant.save(grant);
|
||||
} else {
|
||||
return sendError("access_denied");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
let code = ClientCode.new({
|
||||
user: req.user._id,
|
||||
client: client._id,
|
||||
permissions: permissions.map(p => p._id),
|
||||
validTill: moment()
|
||||
.add(30, "minutes")
|
||||
.toDate(),
|
||||
code: randomBytes(16).toString("hex")
|
||||
});
|
||||
await ClientCode.save(code);
|
||||
|
||||
let redir =
|
||||
client.redirect_url === "$local" ? "/code" : client.redirect_url;
|
||||
let ruri = redir + `?code=${code.code}${state ? "&state=" + state : ""}`;
|
||||
if (nored === "true") {
|
||||
res.json({
|
||||
redirect_uri: ruri
|
||||
});
|
||||
} else {
|
||||
res.redirect(ruri);
|
||||
}
|
||||
}
|
||||
} catch (err) {
|
||||
Logging.error(err);
|
||||
sendError("server_error");
|
||||
}
|
||||
});
|
||||
|
||||
export default GetAuthRoute;
|
||||
import Stacker from "../middlewares/stacker";
|
||||
import { GetUserMiddleware } from "../middlewares/user";
|
||||
import { Request, Response } from "express";
|
||||
import Client from "../../models/client";
|
||||
import Logging from "@hibas123/nodelogging";
|
||||
import Permission, { IPermission } from "../../models/permissions";
|
||||
import ClientCode from "../../models/client_code";
|
||||
import moment = require("moment");
|
||||
import { randomBytes } from "crypto";
|
||||
// import { ObjectId } from "bson";
|
||||
import Grant, { IGrant } from "../../models/grants";
|
||||
import GetAuthPage from "../../views/authorize";
|
||||
import { ObjectId } from "mongodb";
|
||||
|
||||
// const AuthRoute = Stacker(GetUserMiddleware(true), async (req: Request, res: Response) => {
|
||||
// let { response_type, client_id, redirect_uri, scope, state, nored } = req.query;
|
||||
// const sendError = (type) => {
|
||||
// if (redirect_uri === "$local")
|
||||
// redirect_uri = "/code";
|
||||
// res.redirect(redirect_uri += `?error=${type}&state=${state}`);
|
||||
// }
|
||||
// /**
|
||||
// * error
|
||||
// REQUIRED. A single ASCII [USASCII] error code from the
|
||||
// following:
|
||||
// invalid_request
|
||||
// The request is missing a required parameter, includes an
|
||||
// invalid parameter value, includes a parameter more than
|
||||
// once, or is otherwise malformed.
|
||||
// unauthorized_client
|
||||
// The client is not authorized to request an authorization
|
||||
// code using this method.
|
||||
// access_denied
|
||||
// The resource owner or authorization server denied the
|
||||
// request.
|
||||
// */
|
||||
// try {
|
||||
|
||||
// if (response_type !== "code") {
|
||||
// return sendError("unsupported_response_type");
|
||||
// } else {
|
||||
// let client = await Client.findOne({ client_id: client_id })
|
||||
// if (!client) {
|
||||
// return sendError("unauthorized_client")
|
||||
// }
|
||||
|
||||
// if (redirect_uri && client.redirect_url !== redirect_uri) {
|
||||
// Logging.log(redirect_uri, client.redirect_url);
|
||||
// return res.send("Invalid redirect_uri. Please check the integrity of the site requesting and contact the administrator of the page, you want to authorize!");
|
||||
// }
|
||||
|
||||
// let permissions: IPermission[] = [];
|
||||
// if (scope) {
|
||||
// let perms = (<string>scope).split(";").filter(e => e !== "read_user").map(p => new ObjectId(p));
|
||||
// permissions = await Permission.find({ _id: { $in: perms } })
|
||||
|
||||
// if (permissions.length != perms.length) {
|
||||
// return sendError("invalid_scope");
|
||||
// }
|
||||
// }
|
||||
|
||||
// let code = ClientCode.new({
|
||||
// user: req.user._id,
|
||||
// client: client._id,
|
||||
// permissions: permissions.map(p => p._id),
|
||||
// validTill: moment().add(30, "minutes").toDate(),
|
||||
// code: randomBytes(16).toString("hex")
|
||||
// });
|
||||
// await ClientCode.save(code);
|
||||
|
||||
// let redir = client.redirect_url === "$local" ? "/code" : client.redirect_url;
|
||||
|
||||
// let ruri = redir + `?code=${code.code}&state=${state}`;
|
||||
// if (nored === "true") {
|
||||
// res.json({
|
||||
// redirect_uri: ruri
|
||||
// })
|
||||
// } else {
|
||||
// res.redirect(ruri);
|
||||
// }
|
||||
// }
|
||||
// } catch (err) {
|
||||
// Logging.error(err);
|
||||
// sendError("server_error")
|
||||
// }
|
||||
// })
|
||||
|
||||
const GetAuthRoute = (view = false) =>
|
||||
Stacker(GetUserMiddleware(false), async (req: Request, res: Response) => {
|
||||
let {
|
||||
response_type,
|
||||
client_id,
|
||||
redirect_uri,
|
||||
scope = "",
|
||||
state,
|
||||
nored,
|
||||
} = req.query as { [key: string]: string };
|
||||
const sendError = (type) => {
|
||||
if (redirect_uri === "$local") redirect_uri = "/code";
|
||||
res.redirect(
|
||||
(redirect_uri += `?error=${type}${state ? "&state=" + state : ""}`)
|
||||
);
|
||||
};
|
||||
|
||||
const scopes = scope.split(";").filter((e: string) => e !== "");
|
||||
|
||||
Logging.debug("Scopes:", scope);
|
||||
|
||||
try {
|
||||
if (response_type !== "code") {
|
||||
return sendError("unsupported_response_type");
|
||||
} else {
|
||||
let client = await Client.findOne({ client_id: client_id });
|
||||
if (!client) {
|
||||
return sendError("unauthorized_client");
|
||||
}
|
||||
|
||||
if (redirect_uri && client.redirect_url !== redirect_uri) {
|
||||
Logging.log(redirect_uri, client.redirect_url);
|
||||
return res.send(
|
||||
"Invalid redirect_uri. Please check the integrity of the site requesting and contact the administrator of the page, you want to authorize!"
|
||||
);
|
||||
}
|
||||
|
||||
let permissions: IPermission[] = [];
|
||||
let proms: PromiseLike<void>[] = [];
|
||||
if (scopes) {
|
||||
for (let perm of scopes.filter((e) => e !== "read_user")) {
|
||||
let oid = undefined;
|
||||
try {
|
||||
oid = new ObjectId(perm);
|
||||
} catch (err) {
|
||||
Logging.error(err);
|
||||
continue;
|
||||
}
|
||||
proms.push(
|
||||
Permission.findById(oid).then((p) => {
|
||||
if (!p) return Promise.reject(new Error());
|
||||
permissions.push(p);
|
||||
})
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
let err = undefined;
|
||||
await Promise.all(proms).catch((e) => {
|
||||
err = e;
|
||||
});
|
||||
|
||||
if (err) {
|
||||
Logging.error(err);
|
||||
return sendError("invalid_scope");
|
||||
}
|
||||
|
||||
let grant: IGrant | undefined = await Grant.findOne({
|
||||
client: client._id,
|
||||
user: req.user._id,
|
||||
});
|
||||
|
||||
Logging.debug("Grant", grant, permissions);
|
||||
|
||||
let missing_permissions: IPermission[] = [];
|
||||
|
||||
if (grant) {
|
||||
missing_permissions = grant.permissions
|
||||
.map((perm) => permissions.find((p) => p._id.equals(perm)))
|
||||
.filter((e) => !!e);
|
||||
} else {
|
||||
missing_permissions = permissions;
|
||||
}
|
||||
|
||||
let client_granted_perm = missing_permissions.filter(
|
||||
(e) => e.grant_type == "client"
|
||||
);
|
||||
if (client_granted_perm.length > 0) {
|
||||
return sendError("no_permission");
|
||||
}
|
||||
|
||||
if (!grant && missing_permissions.length > 0) {
|
||||
await new Promise<void>((yes, no) =>
|
||||
GetUserMiddleware(false, true)(
|
||||
req,
|
||||
res,
|
||||
(err?: Error | string) => (err ? no(err) : yes())
|
||||
)
|
||||
); // Maybe unresolved when redirect is happening
|
||||
|
||||
if (view) {
|
||||
res.send(
|
||||
GetAuthPage(
|
||||
req.__,
|
||||
client.name,
|
||||
permissions.map((perm) => {
|
||||
return {
|
||||
name: perm.name,
|
||||
description: perm.description,
|
||||
logo: client.logo,
|
||||
};
|
||||
})
|
||||
)
|
||||
);
|
||||
return;
|
||||
} else {
|
||||
if ((req.body.allow = "true")) {
|
||||
if (!grant)
|
||||
grant = Grant.new({
|
||||
client: client._id,
|
||||
user: req.user._id,
|
||||
permissions: [],
|
||||
});
|
||||
|
||||
grant.permissions.push(
|
||||
...missing_permissions.map((e) => e._id)
|
||||
);
|
||||
await Grant.save(grant);
|
||||
} else {
|
||||
return sendError("access_denied");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
let code = ClientCode.new({
|
||||
user: req.user._id,
|
||||
client: client._id,
|
||||
permissions: permissions.map((p) => p._id),
|
||||
validTill: moment().add(30, "minutes").toDate(),
|
||||
code: randomBytes(16).toString("hex"),
|
||||
});
|
||||
await ClientCode.save(code);
|
||||
|
||||
let redir =
|
||||
client.redirect_url === "$local" ? "/code" : client.redirect_url;
|
||||
let ruri =
|
||||
redir + `?code=${code.code}${state ? "&state=" + state : ""}`;
|
||||
if (nored === "true") {
|
||||
res.json({
|
||||
redirect_uri: ruri,
|
||||
});
|
||||
} else {
|
||||
res.redirect(ruri);
|
||||
}
|
||||
}
|
||||
} catch (err) {
|
||||
Logging.error(err);
|
||||
sendError("server_error");
|
||||
}
|
||||
});
|
||||
|
||||
export default GetAuthRoute;
|
|
@ -3,15 +3,16 @@ import GetAuthRoute from "./auth";
|
|||
import JWTRoute from "./jwt";
|
||||
import Public from "./public";
|
||||
import RefreshTokenRoute from "./refresh";
|
||||
import ProfileRoute from "./profile";
|
||||
|
||||
const OAuthRoue: Router = Router();
|
||||
const OAuthRoute: Router = Router();
|
||||
/**
|
||||
* @api {post} /oauth/auth
|
||||
* @apiName OAuthAuth
|
||||
*
|
||||
*
|
||||
* @apiGroup oauth
|
||||
* @apiPermission user Special required
|
||||
*
|
||||
*
|
||||
* @apiParam {String} response_type must be "code" others are not supported
|
||||
* @apiParam {String} client_id ClientID
|
||||
* @apiParam {String} redirect_uri The URI to redirect with code
|
||||
|
@ -19,45 +20,54 @@ const OAuthRoue: Router = Router();
|
|||
* @apiParam {String} state State, that will be passed to redirect_uri for client
|
||||
* @apiParam {String} nored Deactivates the Redirect response from server and instead returns the redirect URI in JSON response
|
||||
*/
|
||||
OAuthRoue.post("/auth", GetAuthRoute(false));
|
||||
OAuthRoute.post("/auth", GetAuthRoute(false));
|
||||
|
||||
/**
|
||||
* @api {get} /oauth/jwt
|
||||
* @apiName OAuthJwt
|
||||
*
|
||||
*
|
||||
* @apiGroup oauth
|
||||
* @apiPermission none
|
||||
*
|
||||
*
|
||||
* @apiParam {String} refreshtoken
|
||||
*
|
||||
*
|
||||
* @apiSuccess {String} token The JWT that allowes the application to access the recources granted for refresh token
|
||||
*/
|
||||
OAuthRoue.get("/jwt", JWTRoute)
|
||||
OAuthRoute.get("/jwt", JWTRoute);
|
||||
|
||||
/**
|
||||
* @api {get} /oauth/public
|
||||
* @apiName OAuthPublic
|
||||
*
|
||||
*
|
||||
* @apiGroup oauth
|
||||
* @apiPermission none
|
||||
*
|
||||
*
|
||||
* @apiSuccess {String} public_key The applications public_key. Used to verify JWT.
|
||||
*/
|
||||
OAuthRoue.get("/public", Public)
|
||||
OAuthRoute.get("/public", Public);
|
||||
|
||||
/**
|
||||
* @api {get} /oauth/refresh
|
||||
* @apiName OAuthRefreshGet
|
||||
*
|
||||
*
|
||||
* @apiGroup oauth
|
||||
*/
|
||||
OAuthRoue.get("/refresh", RefreshTokenRoute);
|
||||
OAuthRoute.get("/refresh", RefreshTokenRoute);
|
||||
|
||||
/**
|
||||
* @api {post} /oauth/refresh
|
||||
* @apiName OAuthRefreshPost
|
||||
*
|
||||
* @apiGroup oauth
|
||||
*/
|
||||
OAuthRoute.post("/refresh", RefreshTokenRoute);
|
||||
|
||||
/**
|
||||
* @api {get} /oauth/profile
|
||||
* @apiName OAuthProfile
|
||||
*
|
||||
* @apiGroup oauth
|
||||
*/
|
||||
OAuthRoue.post("/refresh", RefreshTokenRoute);
|
||||
export default OAuthRoue;
|
||||
OAuthRoute.get("/profile", ProfileRoute);
|
||||
|
||||
export default OAuthRoute;
|
|
@ -7,22 +7,37 @@ import Client from "../../models/client";
|
|||
import { getAccessTokenJWT } from "../../helper/jwt";
|
||||
|
||||
const JWTRoute = promiseMiddleware(async (req: Request, res: Response) => {
|
||||
let { refreshtoken } = req.query;
|
||||
if (!refreshtoken) throw new RequestError(req.__("Refresh token not set"), HttpStatusCode.BAD_REQUEST);
|
||||
let { refreshtoken } = req.query as { [key: string]: string };
|
||||
if (!refreshtoken)
|
||||
throw new RequestError(
|
||||
req.__("Refresh token not set"),
|
||||
HttpStatusCode.BAD_REQUEST
|
||||
);
|
||||
|
||||
let token = await RefreshToken.findOne({ token: refreshtoken });
|
||||
if (!token) throw new RequestError(req.__("Invalid token"), HttpStatusCode.BAD_REQUEST);
|
||||
if (!token)
|
||||
throw new RequestError(
|
||||
req.__("Invalid token"),
|
||||
HttpStatusCode.BAD_REQUEST
|
||||
);
|
||||
|
||||
let user = await User.findById(token.user);
|
||||
if (!user) {
|
||||
token.valid = false;
|
||||
await RefreshToken.save(token);
|
||||
throw new RequestError(req.__("Invalid token"), HttpStatusCode.BAD_REQUEST);
|
||||
throw new RequestError(
|
||||
req.__("Invalid token"),
|
||||
HttpStatusCode.BAD_REQUEST
|
||||
);
|
||||
}
|
||||
|
||||
let client = await Client.findById(token.client);
|
||||
|
||||
let jwt = await getAccessTokenJWT({ user, permissions: token.permissions, client });
|
||||
let jwt = await getAccessTokenJWT({
|
||||
user,
|
||||
permissions: token.permissions,
|
||||
client,
|
||||
});
|
||||
res.json({ token: jwt });
|
||||
})
|
||||
export default JWTRoute;
|
||||
});
|
||||
export default JWTRoute;
|
|
@ -0,0 +1,38 @@
|
|||
import Mail from "../../models/mail";
|
||||
import { GetClientApiAuthMiddleware } from "../middlewares/client";
|
||||
import Stacker from "../middlewares/stacker";
|
||||
import { Request, Response } from "express";
|
||||
import Logging from "@hibas123/nodelogging";
|
||||
|
||||
export default Stacker(GetClientApiAuthMiddleware(), async (req: Request, res) => {
|
||||
const mode = req.query.mode;
|
||||
let mails = await Promise.all(
|
||||
req.user.mails.map((id) => Mail.findById(id))
|
||||
);
|
||||
|
||||
let mail = mails.find((e) => e.primary) || mails[0];
|
||||
|
||||
let base_response = {
|
||||
user_id: req.user.uid,
|
||||
id: req.user.uid,
|
||||
ID: req.user.uid,
|
||||
sub: req.user.uid,
|
||||
email: mail.mail,
|
||||
username: req.user.username,
|
||||
displayName: req.user.name,
|
||||
displayNameClaim: req.user.name,
|
||||
}
|
||||
|
||||
if (mode == "nextcloud") {
|
||||
Logging.debug("Profile in Nextcloud mode");
|
||||
base_response["ocs"] = {
|
||||
data: {
|
||||
id: base_response.user_id,
|
||||
email: base_response.email,
|
||||
"display-name": base_response.displayName,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
res.json(base_response);
|
||||
})
|
|
@ -2,5 +2,5 @@ import { Request, Response } from "express";
|
|||
import { public_key } from "../../keys";
|
||||
|
||||
export default function Public(req: Request, res: Response) {
|
||||
res.json({ public_key: public_key })
|
||||
}
|
||||
res.json({ public_key: public_key });
|
||||
}
|
|
@ -0,0 +1,122 @@
|
|||
import { Request, Response } from "express";
|
||||
import RequestError, { HttpStatusCode } from "../../helper/request_error";
|
||||
import User from "../../models/user";
|
||||
import Client from "../../models/client";
|
||||
import {
|
||||
getAccessTokenJWT,
|
||||
getIDToken,
|
||||
AccessTokenJWTExp,
|
||||
} from "../../helper/jwt";
|
||||
import Stacker from "../middlewares/stacker";
|
||||
import { GetClientAuthMiddleware } from "../middlewares/client";
|
||||
import ClientCode from "../../models/client_code";
|
||||
import Mail from "../../models/mail";
|
||||
import { randomBytes } from "crypto";
|
||||
import moment = require("moment");
|
||||
// import { JWTExpDur } from "../../keys";
|
||||
import RefreshToken from "../../models/refresh_token";
|
||||
import { getEncryptionKey } from "../../helper/user_key";
|
||||
import { refreshTokenValidTime } from "../../config";
|
||||
|
||||
// TODO:
|
||||
/*
|
||||
For example, the authorization server could employ refresh token
|
||||
rotation in which a new refresh token is issued with every access
|
||||
token refresh response. The previous refresh token is invalidated but retained by the authorization server. If a refresh token is
|
||||
compromised and subsequently used by both the attacker and the
|
||||
legitimate client, one of them will present an invalidated refresh
|
||||
token, which will inform the authorization server of the breach.
|
||||
*/
|
||||
|
||||
const RefreshTokenRoute = Stacker(
|
||||
GetClientAuthMiddleware(false, false, true),
|
||||
async (req: Request, res: Response) => {
|
||||
let grant_type = req.query.grant_type || req.body.grant_type;
|
||||
if (!grant_type || grant_type === "authorization_code") {
|
||||
let code = req.query.code || req.body.code;
|
||||
let nonce = req.query.nonce || req.body.nonce;
|
||||
|
||||
let c = await ClientCode.findOne({ code: code });
|
||||
if (!c || moment(c.validTill).isBefore()) {
|
||||
throw new RequestError(
|
||||
req.__("Invalid code"),
|
||||
HttpStatusCode.BAD_REQUEST
|
||||
);
|
||||
}
|
||||
|
||||
let client = await Client.findById(c.client);
|
||||
|
||||
let user = await User.findById(c.user);
|
||||
let mails = await Promise.all(user.mails.map((m) => Mail.findOne(m)));
|
||||
|
||||
let token = RefreshToken.new({
|
||||
user: c.user,
|
||||
client: c.client,
|
||||
permissions: c.permissions,
|
||||
token: randomBytes(16).toString("hex"),
|
||||
valid: true,
|
||||
validTill: moment().add(refreshTokenValidTime).toDate(),
|
||||
});
|
||||
await RefreshToken.save(token);
|
||||
await ClientCode.delete(c);
|
||||
|
||||
let mail = mails.find((e) => e.primary);
|
||||
if (!mail) mail = mails[0];
|
||||
|
||||
res.json({
|
||||
refresh_token: token.token,
|
||||
token: token.token,
|
||||
access_token: await getAccessTokenJWT({
|
||||
client: client,
|
||||
user: user,
|
||||
permissions: c.permissions,
|
||||
}),
|
||||
token_type: "bearer",
|
||||
expires_in: AccessTokenJWTExp.asSeconds(),
|
||||
profile: {
|
||||
uid: user.uid,
|
||||
email: mail ? mail.mail : "",
|
||||
name: user.name,
|
||||
enc_key: getEncryptionKey(user, client),
|
||||
},
|
||||
id_token: getIDToken(user, client.client_id, nonce),
|
||||
});
|
||||
} else if (grant_type === "refresh_token") {
|
||||
let refresh_token = req.query.refresh_token || req.body.refresh_token;
|
||||
if (!refresh_token)
|
||||
throw new RequestError(
|
||||
req.__("refresh_token not set"),
|
||||
HttpStatusCode.BAD_REQUEST
|
||||
);
|
||||
|
||||
let token = await RefreshToken.findOne({ token: refresh_token });
|
||||
if (!token || !token.valid || moment(token.validTill).isBefore())
|
||||
throw new RequestError(
|
||||
req.__("Invalid token"),
|
||||
HttpStatusCode.BAD_REQUEST
|
||||
);
|
||||
|
||||
token.validTill = moment().add(refreshTokenValidTime).toDate();
|
||||
await RefreshToken.save(token);
|
||||
|
||||
let user = await User.findById(token.user);
|
||||
let client = await Client.findById(token.client);
|
||||
let jwt = await getAccessTokenJWT({
|
||||
user,
|
||||
client,
|
||||
permissions: token.permissions,
|
||||
});
|
||||
res.json({
|
||||
access_token: jwt,
|
||||
expires_in: AccessTokenJWTExp.asSeconds(),
|
||||
});
|
||||
} else {
|
||||
throw new RequestError(
|
||||
"invalid grant_type",
|
||||
HttpStatusCode.BAD_REQUEST
|
||||
);
|
||||
}
|
||||
}
|
||||
);
|
||||
|
||||
export default RefreshTokenRoute;
|
|
@ -0,0 +1,39 @@
|
|||
import { Router } from "express";
|
||||
import Register from "./register";
|
||||
import OAuthRoute from "./oauth";
|
||||
|
||||
const UserRoute: Router = Router();
|
||||
|
||||
/**
|
||||
* @api {post} /user/register
|
||||
* @apiName UserRegister
|
||||
*
|
||||
* @apiGroup user
|
||||
* @apiPermission none
|
||||
*
|
||||
* @apiParam {String} mail EMail linked to this Account
|
||||
* @apiParam {String} username The new Username
|
||||
* @apiParam {String} password Password hashed and salted like specification
|
||||
* @apiParam {String} salt The Salt used for password hashing
|
||||
* @apiParam {String} regcode The regcode, that should be used
|
||||
* @apiParam {String} gender Gender can be: "male", "female", "other", "none"
|
||||
* @apiParam {String} name The real name of the User
|
||||
*
|
||||
* @apiSuccess {Boolean} success
|
||||
*
|
||||
* @apiErrorExample {Object} Error-Response:
|
||||
{
|
||||
error: [
|
||||
{
|
||||
message: "Some Error",
|
||||
field: "username"
|
||||
}
|
||||
],
|
||||
status: 400
|
||||
}
|
||||
*/
|
||||
UserRoute.post("/register", Register);
|
||||
|
||||
UserRoute.use("/oauth", OAuthRoute);
|
||||
|
||||
export default UserRoute;
|
|
@ -0,0 +1,21 @@
|
|||
import RequestError, { HttpStatusCode } from "../../../helper/request_error";
|
||||
import Client, { IClient } from "../../../models/client";
|
||||
|
||||
export async function getClientWithOrigin(client_id: string, origin: string) {
|
||||
const client = await Client.findOne({
|
||||
client_id,
|
||||
});
|
||||
|
||||
const clientNotFoundError = new RequestError(
|
||||
"Client not found!",
|
||||
HttpStatusCode.BAD_REQUEST
|
||||
);
|
||||
|
||||
if (!client) throw clientNotFoundError;
|
||||
|
||||
const clientUrl = new URL(client.redirect_url);
|
||||
|
||||
if (clientUrl.hostname !== origin) throw clientNotFoundError;
|
||||
|
||||
return client;
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
import { Router } from "express";
|
||||
import { GetJWTByUser } from "./jwt";
|
||||
import { GetPermissionsForAuthRequest } from "./permissions";
|
||||
import { GetTokenByUser } from "./refresh_token";
|
||||
|
||||
const router = Router();
|
||||
|
||||
router.get("/jwt", GetJWTByUser);
|
||||
router.get("/permissions", GetPermissionsForAuthRequest);
|
||||
router.get("/refresh_token", GetTokenByUser);
|
||||
|
||||
export default router;
|
|
@ -0,0 +1,25 @@
|
|||
import { Request, Response } from "express";
|
||||
import Stacker from "../../middlewares/stacker";
|
||||
import { GetUserMiddleware } from "../../middlewares/user";
|
||||
import { URL } from "url";
|
||||
import Client from "../../../models/client";
|
||||
import RequestError, { HttpStatusCode } from "../../../helper/request_error";
|
||||
import { getAccessTokenJWT } from "../../../helper/jwt";
|
||||
import { getClientWithOrigin } from "./_helper";
|
||||
|
||||
export const GetJWTByUser = Stacker(
|
||||
GetUserMiddleware(true, false),
|
||||
async (req: Request, res: Response) => {
|
||||
const { client_id, origin } = req.query as { [key: string]: string };
|
||||
|
||||
const client = await getClientWithOrigin(client_id, origin);
|
||||
|
||||
const jwt = await getAccessTokenJWT({
|
||||
user: req.user,
|
||||
client: client,
|
||||
permissions: [],
|
||||
});
|
||||
|
||||
res.json({ jwt });
|
||||
}
|
||||
);
|
|
@ -0,0 +1,38 @@
|
|||
import { Request, Response } from "express";
|
||||
import Stacker from "../../middlewares/stacker";
|
||||
import { GetUserMiddleware } from "../../middlewares/user";
|
||||
import { URL } from "url";
|
||||
import Client from "../../../models/client";
|
||||
import RequestError, { HttpStatusCode } from "../../../helper/request_error";
|
||||
import { randomBytes } from "crypto";
|
||||
import moment = require("moment");
|
||||
import RefreshToken from "../../../models/refresh_token";
|
||||
import { refreshTokenValidTime } from "../../../config";
|
||||
import { getClientWithOrigin } from "./_helper";
|
||||
import Permission from "../../../models/permissions";
|
||||
|
||||
export const GetPermissionsForAuthRequest = Stacker(
|
||||
GetUserMiddleware(true, false),
|
||||
async (req: Request, res: Response) => {
|
||||
const { client_id, origin, permissions } = req.query as {
|
||||
[key: string]: string;
|
||||
};
|
||||
|
||||
const client = await getClientWithOrigin(client_id, origin);
|
||||
|
||||
const perm = permissions.split(",").filter((e) => !!e);
|
||||
|
||||
const resolved = await Promise.all(
|
||||
perm.map((p) => Permission.findById(p))
|
||||
);
|
||||
|
||||
if (resolved.some((e) => e.grant_type !== "user")) {
|
||||
throw new RequestError(
|
||||
"Invalid Permission requested",
|
||||
HttpStatusCode.BAD_REQUEST
|
||||
);
|
||||
}
|
||||
|
||||
res.json({ permissions: resolved });
|
||||
}
|
||||
);
|
|
@ -0,0 +1,49 @@
|
|||
import { Request, Response } from "express";
|
||||
import Stacker from "../../middlewares/stacker";
|
||||
import { GetUserMiddleware } from "../../middlewares/user";
|
||||
import { URL } from "url";
|
||||
import Client from "../../../models/client";
|
||||
import RequestError, { HttpStatusCode } from "../../../helper/request_error";
|
||||
import { randomBytes } from "crypto";
|
||||
import moment = require("moment");
|
||||
import RefreshToken from "../../../models/refresh_token";
|
||||
import { refreshTokenValidTime } from "../../../config";
|
||||
import { getClientWithOrigin } from "./_helper";
|
||||
import Permission from "../../../models/permissions";
|
||||
|
||||
export const GetTokenByUser = Stacker(
|
||||
GetUserMiddleware(true, false),
|
||||
async (req: Request, res: Response) => {
|
||||
const { client_id, origin, permissions } = req.query as {
|
||||
[key: string]: string;
|
||||
};
|
||||
|
||||
const client = await getClientWithOrigin(client_id, origin);
|
||||
|
||||
const perm = permissions.split(",").filter((e) => !!e);
|
||||
|
||||
const resolved = await Promise.all(
|
||||
perm.map((p) => Permission.findById(p))
|
||||
);
|
||||
|
||||
if (resolved.some((e) => e.grant_type !== "user")) {
|
||||
throw new RequestError(
|
||||
"Invalid Permission requested",
|
||||
HttpStatusCode.BAD_REQUEST
|
||||
);
|
||||
}
|
||||
|
||||
let token = RefreshToken.new({
|
||||
user: req.user._id,
|
||||
client: client._id,
|
||||
permissions: resolved.map((e) => e._id),
|
||||
token: randomBytes(16).toString("hex"),
|
||||
valid: true,
|
||||
validTill: moment().add(refreshTokenValidTime).toDate(),
|
||||
});
|
||||
|
||||
await RefreshToken.save(token);
|
||||
|
||||
res.json({ token });
|
||||
}
|
||||
);
|
|
@ -0,0 +1,155 @@
|
|||
import { Request, Response, Router } from "express";
|
||||
import Stacker from "../middlewares/stacker";
|
||||
import verify, { Types } from "../middlewares/verify";
|
||||
import promiseMiddleware from "../../helper/promiseMiddleware";
|
||||
import User, { Gender } from "../../models/user";
|
||||
import { HttpStatusCode } from "../../helper/request_error";
|
||||
import Mail from "../../models/mail";
|
||||
import RegCode from "../../models/regcodes";
|
||||
|
||||
const Register = Stacker(
|
||||
verify({
|
||||
mail: {
|
||||
type: Types.EMAIL,
|
||||
notempty: true,
|
||||
},
|
||||
username: {
|
||||
type: Types.STRING,
|
||||
notempty: true,
|
||||
},
|
||||
password: {
|
||||
type: Types.STRING,
|
||||
notempty: true,
|
||||
},
|
||||
salt: {
|
||||
type: Types.STRING,
|
||||
notempty: true,
|
||||
},
|
||||
regcode: {
|
||||
type: Types.STRING,
|
||||
notempty: true,
|
||||
},
|
||||
gender: {
|
||||
type: Types.STRING,
|
||||
notempty: true,
|
||||
},
|
||||
name: {
|
||||
type: Types.STRING,
|
||||
notempty: true,
|
||||
},
|
||||
// birthday: {
|
||||
// type: Types.DATE
|
||||
// }
|
||||
}),
|
||||
promiseMiddleware(async (req: Request, res: Response) => {
|
||||
let {
|
||||
username,
|
||||
password,
|
||||
salt,
|
||||
mail,
|
||||
gender,
|
||||
name,
|
||||
birthday,
|
||||
regcode,
|
||||
} = req.body;
|
||||
let u = await User.findOne({ username: username.toLowerCase() });
|
||||
if (u) {
|
||||
let err = {
|
||||
message: [
|
||||
{
|
||||
message: req.__("Username taken"),
|
||||
field: "username",
|
||||
},
|
||||
],
|
||||
status: HttpStatusCode.BAD_REQUEST,
|
||||
nolog: true,
|
||||
};
|
||||
throw err;
|
||||
}
|
||||
|
||||
let m = await Mail.findOne({ mail: mail });
|
||||
if (m) {
|
||||
let err = {
|
||||
message: [
|
||||
{
|
||||
message: req.__("Mail linked with other account"),
|
||||
field: "mail",
|
||||
},
|
||||
],
|
||||
status: HttpStatusCode.BAD_REQUEST,
|
||||
nolog: true,
|
||||
};
|
||||
throw err;
|
||||
}
|
||||
|
||||
let regc = await RegCode.findOne({ token: regcode });
|
||||
if (!regc) {
|
||||
let err = {
|
||||
message: [
|
||||
{
|
||||
message: req.__("Invalid registration code"),
|
||||
field: "regcode",
|
||||
},
|
||||
],
|
||||
status: HttpStatusCode.BAD_REQUEST,
|
||||
nolog: true,
|
||||
};
|
||||
throw err;
|
||||
}
|
||||
|
||||
if (!regc.valid) {
|
||||
let err = {
|
||||
message: [
|
||||
{
|
||||
message: req.__("Registration code already used"),
|
||||
field: "regcode",
|
||||
},
|
||||
],
|
||||
status: HttpStatusCode.BAD_REQUEST,
|
||||
nolog: true,
|
||||
};
|
||||
throw err;
|
||||
}
|
||||
|
||||
let g = -1;
|
||||
switch (gender) {
|
||||
case "male":
|
||||
g = Gender.male;
|
||||
break;
|
||||
case "female":
|
||||
g = Gender.female;
|
||||
break;
|
||||
case "other":
|
||||
g = Gender.other;
|
||||
break;
|
||||
default:
|
||||
g = Gender.none;
|
||||
break;
|
||||
}
|
||||
|
||||
let user = User.new({
|
||||
username: username.toLowerCase(),
|
||||
password: password,
|
||||
salt: salt,
|
||||
gender: g,
|
||||
name: name,
|
||||
// birthday: birthday,
|
||||
admin: false,
|
||||
});
|
||||
|
||||
regc.valid = false;
|
||||
await RegCode.save(regc);
|
||||
|
||||
let ml = Mail.new({
|
||||
mail: mail,
|
||||
primary: true,
|
||||
});
|
||||
|
||||
await Mail.save(ml);
|
||||
|
||||
user.mails.push(ml._id);
|
||||
await User.save(user);
|
||||
res.json({ success: true });
|
||||
})
|
||||
);
|
||||
export default Register;
|
|
@ -0,0 +1,91 @@
|
|||
import { parse } from "@hibas123/config";
|
||||
import Logging from "@hibas123/nodelogging";
|
||||
import * as dotenv from "dotenv";
|
||||
import moment = require("moment");
|
||||
|
||||
export const refreshTokenValidTime = moment.duration(6, "month");
|
||||
|
||||
dotenv.config();
|
||||
|
||||
export interface DatabaseConfig {
|
||||
host: string;
|
||||
database: string;
|
||||
username?: string;
|
||||
password?: string;
|
||||
}
|
||||
|
||||
export interface WebConfig {
|
||||
port: string;
|
||||
secure: "true" | "false" | undefined;
|
||||
}
|
||||
|
||||
export interface CoreConfig {
|
||||
name: string;
|
||||
url: string;
|
||||
dev: boolean;
|
||||
secret: string;
|
||||
}
|
||||
|
||||
export interface Config {
|
||||
core: CoreConfig;
|
||||
database: DatabaseConfig;
|
||||
web: WebConfig;
|
||||
}
|
||||
|
||||
const config = (parse(
|
||||
{
|
||||
core: {
|
||||
dev: {
|
||||
default: false,
|
||||
type: Boolean,
|
||||
},
|
||||
name: {
|
||||
type: String,
|
||||
default: "Open Auth",
|
||||
},
|
||||
url: String,
|
||||
secret: {
|
||||
type: String,
|
||||
optional: false,
|
||||
description: "Cookie secret"
|
||||
}
|
||||
},
|
||||
database: {
|
||||
database: {
|
||||
type: String,
|
||||
default: "openauth",
|
||||
},
|
||||
host: {
|
||||
type: String,
|
||||
default: "localhost",
|
||||
},
|
||||
username: {
|
||||
type: String,
|
||||
optional: true,
|
||||
},
|
||||
password: {
|
||||
type: String,
|
||||
optional: true,
|
||||
},
|
||||
},
|
||||
web: {
|
||||
port: {
|
||||
type: Number,
|
||||
default: 3004,
|
||||
},
|
||||
secure: {
|
||||
type: Boolean,
|
||||
default: false,
|
||||
},
|
||||
},
|
||||
},
|
||||
"config.ini"
|
||||
) as any) as Config;
|
||||
|
||||
if (process.env.DEV === "true") config.core.dev = true;
|
||||
if (config.core.dev)
|
||||
Logging.warning(
|
||||
"DEV mode active. This can cause major performance issues, data loss and vulnerabilities! "
|
||||
);
|
||||
|
||||
export default config;
|
|
@ -0,0 +1,21 @@
|
|||
import SafeMongo from "@hibas123/safe_mongo";
|
||||
import Config from "./config";
|
||||
|
||||
|
||||
const host = Config.database.host || "localhost";
|
||||
// const port = Config.database.port || "27017";
|
||||
const port = "27017";
|
||||
const database = Config.database.database || "openauth";
|
||||
const url = new URL(`mongodb://${host}:${port}/${database}`);
|
||||
|
||||
const user = Config.database.username || undefined;
|
||||
const passwd = Config.database.password || undefined;
|
||||
|
||||
if (user) {
|
||||
url.username = user;
|
||||
if (passwd) url.password = passwd;
|
||||
}
|
||||
|
||||
|
||||
const DB = new SafeMongo(url.href, database);
|
||||
export default DB;
|
|
@ -0,0 +1,23 @@
|
|||
import { IUser } from "./models/user";
|
||||
import { IClient } from "./models/client";
|
||||
|
||||
declare module "express" {
|
||||
interface Request {
|
||||
user: IUser;
|
||||
client: IClient;
|
||||
isAdmin: boolean;
|
||||
special: boolean;
|
||||
}
|
||||
}
|
||||
|
||||
declare module 'express-session' {
|
||||
interface SessionData {
|
||||
user_id: string;
|
||||
validated: boolean;
|
||||
login_state: {
|
||||
username: string;
|
||||
password_correct: boolean;
|
||||
webauthn_challenge?: any;
|
||||
};
|
||||
}
|
||||
}
|
|
@ -0,0 +1,60 @@
|
|||
import { IUser, Gender } from "../models/user";
|
||||
import { ObjectId } from "bson";
|
||||
import { createJWT } from "../keys";
|
||||
import { IClient } from "../models/client";
|
||||
import config from "../config";
|
||||
import moment = require("moment");
|
||||
|
||||
export interface OAuthJWT {
|
||||
user: string;
|
||||
username: string;
|
||||
permissions: string[];
|
||||
application: string;
|
||||
}
|
||||
|
||||
const issuer = config.core.url;
|
||||
|
||||
export const IDTokenJWTExp = moment.duration(30, "m").asSeconds();
|
||||
export function getIDToken(user: IUser, client_id: string, nonce: string) {
|
||||
return createJWT(
|
||||
{
|
||||
user: user.uid,
|
||||
name: user.name,
|
||||
nickname: user.username,
|
||||
username: user.username,
|
||||
preferred_username: user.username,
|
||||
gender: Gender[user.gender],
|
||||
nonce,
|
||||
},
|
||||
{
|
||||
expiresIn: IDTokenJWTExp,
|
||||
issuer,
|
||||
algorithm: "RS256",
|
||||
subject: user.uid,
|
||||
audience: client_id,
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
export const AccessTokenJWTExp = moment.duration(6, "h");
|
||||
export function getAccessTokenJWT(token: {
|
||||
user: IUser;
|
||||
permissions: ObjectId[];
|
||||
client: IClient;
|
||||
}) {
|
||||
return createJWT(
|
||||
<OAuthJWT>{
|
||||
user: token.user.uid,
|
||||
username: token.user.username,
|
||||
permissions: token.permissions.map((p) => p.toHexString()),
|
||||
application: token.client.client_id,
|
||||
},
|
||||
{
|
||||
expiresIn: AccessTokenJWTExp.asSeconds(),
|
||||
issuer,
|
||||
algorithm: "RS256",
|
||||
subject: token.user.uid,
|
||||
audience: token.client.client_id,
|
||||
}
|
||||
);
|
||||
}
|
|
@ -0,0 +1,29 @@
|
|||
import { SessionContext } from "../api/jrpc";
|
||||
|
||||
export function requireLoginState(ctx: SessionContext, validated: boolean = true, special: boolean = false): boolean {
|
||||
if (!ctx.user) return false;
|
||||
if (validated && !ctx.session.validated) return false;
|
||||
|
||||
if (special) {
|
||||
//TODO: Implement something...
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
export function RequireLogin(validated = true, special = false) {
|
||||
return function (target: any, propertyKey: string, descriptor: PropertyDescriptor) {
|
||||
let original = descriptor.value;
|
||||
|
||||
descriptor.value = function (...args: any[]) {
|
||||
let ctx = args[args.length - 1] as SessionContext;
|
||||
if (!ctx) throw new Error("Invalid request");
|
||||
|
||||
if (!requireLoginState(ctx, validated, special)) {
|
||||
throw new Error("Not logged in");
|
||||
}
|
||||
|
||||
return original.apply(this, args);
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,7 @@
|
|||
import { Request, Response, NextFunction } from "express";
|
||||
|
||||
export default (
|
||||
fn: (req: Request, res: Response, next: NextFunction) => Promise<any>
|
||||
) => (req: Request, res: Response, next: NextFunction) => {
|
||||
Promise.resolve(fn(req, res, next)).catch(next);
|
||||
};
|
|
@ -2,4 +2,4 @@ import { randomBytes } from "crypto";
|
|||
|
||||
export function randomString(length: number) {
|
||||
return randomBytes(length).toString("base64").slice(0, length);
|
||||
}
|
||||
}
|
|
@ -1,388 +1,390 @@
|
|||
|
||||
/**
|
||||
* Hypertext Transfer Protocol (HTTP) response status codes.
|
||||
* @see {@link https://en.wikipedia.org/wiki/List_of_HTTP_status_codes}
|
||||
*/
|
||||
export enum HttpStatusCode {
|
||||
|
||||
/**
|
||||
* The server has received the request headers and the client should proceed to send the request body
|
||||
* (in the case of a request for which a body needs to be sent; for example, a POST request).
|
||||
* Sending a large request body to a server after a request has been rejected for inappropriate headers would be inefficient.
|
||||
* To have a server check the request's headers, a client must send Expect: 100-continue as a header in its initial request
|
||||
* and receive a 100 Continue status code in response before sending the body. The response 417 Expectation Failed indicates the request should not be continued.
|
||||
*/
|
||||
CONTINUE = 100,
|
||||
|
||||
/**
|
||||
* The requester has asked the server to switch protocols and the server has agreed to do so.
|
||||
*/
|
||||
SWITCHING_PROTOCOLS = 101,
|
||||
|
||||
/**
|
||||
* A WebDAV request may contain many sub-requests involving file operations, requiring a long time to complete the request.
|
||||
* This code indicates that the server has received and is processing the request, but no response is available yet.
|
||||
* This prevents the client from timing out and assuming the request was lost.
|
||||
*/
|
||||
PROCESSING = 102,
|
||||
|
||||
/**
|
||||
* Standard response for successful HTTP requests.
|
||||
* The actual response will depend on the request method used.
|
||||
* In a GET request, the response will contain an entity corresponding to the requested resource.
|
||||
* In a POST request, the response will contain an entity describing or containing the result of the action.
|
||||
*/
|
||||
OK = 200,
|
||||
|
||||
/**
|
||||
* The request has been fulfilled, resulting in the creation of a new resource.
|
||||
*/
|
||||
CREATED = 201,
|
||||
|
||||
/**
|
||||
* The request has been accepted for processing, but the processing has not been completed.
|
||||
* The request might or might not be eventually acted upon, and may be disallowed when processing occurs.
|
||||
*/
|
||||
ACCEPTED = 202,
|
||||
|
||||
/**
|
||||
* SINCE HTTP/1.1
|
||||
* The server is a transforming proxy that received a 200 OK from its origin,
|
||||
* but is returning a modified version of the origin's response.
|
||||
*/
|
||||
NON_AUTHORITATIVE_INFORMATION = 203,
|
||||
|
||||
/**
|
||||
* The server successfully processed the request and is not returning any content.
|
||||
*/
|
||||
NO_CONTENT = 204,
|
||||
|
||||
/**
|
||||
* The server successfully processed the request, but is not returning any content.
|
||||
* Unlike a 204 response, this response requires that the requester reset the document view.
|
||||
*/
|
||||
RESET_CONTENT = 205,
|
||||
|
||||
/**
|
||||
* The server is delivering only part of the resource (byte serving) due to a range header sent by the client.
|
||||
* The range header is used by HTTP clients to enable resuming of interrupted downloads,
|
||||
* or split a download into multiple simultaneous streams.
|
||||
*/
|
||||
PARTIAL_CONTENT = 206,
|
||||
|
||||
/**
|
||||
* The message body that follows is an XML message and can contain a number of separate response codes,
|
||||
* depending on how many sub-requests were made.
|
||||
*/
|
||||
MULTI_STATUS = 207,
|
||||
|
||||
/**
|
||||
* The members of a DAV binding have already been enumerated in a preceding part of the (multistatus) response,
|
||||
* and are not being included again.
|
||||
*/
|
||||
ALREADY_REPORTED = 208,
|
||||
|
||||
/**
|
||||
* The server has fulfilled a request for the resource,
|
||||
* and the response is a representation of the result of one or more instance-manipulations applied to the current instance.
|
||||
*/
|
||||
IM_USED = 226,
|
||||
|
||||
/**
|
||||
* Indicates multiple options for the resource from which the client may choose (via agent-driven content negotiation).
|
||||
* For example, this code could be used to present multiple video format options,
|
||||
* to list files with different filename extensions, or to suggest word-sense disambiguation.
|
||||
*/
|
||||
MULTIPLE_CHOICES = 300,
|
||||
|
||||
/**
|
||||
* This and all future requests should be directed to the given URI.
|
||||
*/
|
||||
MOVED_PERMANENTLY = 301,
|
||||
|
||||
/**
|
||||
* This is an example of industry practice contradicting the standard.
|
||||
* The HTTP/1.0 specification (RFC 1945) required the client to perform a temporary redirect
|
||||
* (the original describing phrase was "Moved Temporarily"), but popular browsers implemented 302
|
||||
* with the functionality of a 303 See Other. Therefore, HTTP/1.1 added status codes 303 and 307
|
||||
* to distinguish between the two behaviours. However, some Web applications and frameworks
|
||||
* use the 302 status code as if it were the 303.
|
||||
*/
|
||||
FOUND = 302,
|
||||
|
||||
/**
|
||||
* SINCE HTTP/1.1
|
||||
* The response to the request can be found under another URI using a GET method.
|
||||
* When received in response to a POST (or PUT/DELETE), the client should presume that
|
||||
* the server has received the data and should issue a redirect with a separate GET message.
|
||||
*/
|
||||
SEE_OTHER = 303,
|
||||
|
||||
/**
|
||||
* Indicates that the resource has not been modified since the version specified by the request headers If-Modified-Since or If-None-Match.
|
||||
* In such case, there is no need to retransmit the resource since the client still has a previously-downloaded copy.
|
||||
*/
|
||||
NOT_MODIFIED = 304,
|
||||
|
||||
/**
|
||||
* SINCE HTTP/1.1
|
||||
* The requested resource is available only through a proxy, the address for which is provided in the response.
|
||||
* Many HTTP clients (such as Mozilla and Internet Explorer) do not correctly handle responses with this status code, primarily for security reasons.
|
||||
*/
|
||||
USE_PROXY = 305,
|
||||
|
||||
/**
|
||||
* No longer used. Originally meant "Subsequent requests should use the specified proxy."
|
||||
*/
|
||||
SWITCH_PROXY = 306,
|
||||
|
||||
/**
|
||||
* SINCE HTTP/1.1
|
||||
* In this case, the request should be repeated with another URI; however, future requests should still use the original URI.
|
||||
* In contrast to how 302 was historically implemented, the request method is not allowed to be changed when reissuing the original request.
|
||||
* For example, a POST request should be repeated using another POST request.
|
||||
*/
|
||||
TEMPORARY_REDIRECT = 307,
|
||||
|
||||
/**
|
||||
* The request and all future requests should be repeated using another URI.
|
||||
* 307 and 308 parallel the behaviors of 302 and 301, but do not allow the HTTP method to change.
|
||||
* So, for example, submitting a form to a permanently redirected resource may continue smoothly.
|
||||
*/
|
||||
PERMANENT_REDIRECT = 308,
|
||||
|
||||
/**
|
||||
* The server cannot or will not process the request due to an apparent client error
|
||||
* (e.g., malformed request syntax, too large size, invalid request message framing, or deceptive request routing).
|
||||
*/
|
||||
BAD_REQUEST = 400,
|
||||
|
||||
/**
|
||||
* Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet
|
||||
* been provided. The response must include a WWW-Authenticate header field containing a challenge applicable to the
|
||||
* requested resource. See Basic access authentication and Digest access authentication. 401 semantically means
|
||||
* "unauthenticated",i.e. the user does not have the necessary credentials.
|
||||
*/
|
||||
UNAUTHORIZED = 401,
|
||||
|
||||
/**
|
||||
* Reserved for future use. The original intention was that this code might be used as part of some form of digital
|
||||
* cash or micro payment scheme, but that has not happened, and this code is not usually used.
|
||||
* Google Developers API uses this status if a particular developer has exceeded the daily limit on requests.
|
||||
*/
|
||||
PAYMENT_REQUIRED = 402,
|
||||
|
||||
/**
|
||||
* The request was valid, but the server is refusing action.
|
||||
* The user might not have the necessary permissions for a resource.
|
||||
*/
|
||||
FORBIDDEN = 403,
|
||||
|
||||
/**
|
||||
* The requested resource could not be found but may be available in the future.
|
||||
* Subsequent requests by the client are permissible.
|
||||
*/
|
||||
NOT_FOUND = 404,
|
||||
|
||||
/**
|
||||
* A request method is not supported for the requested resource;
|
||||
* for example, a GET request on a form that requires data to be presented via POST, or a PUT request on a read-only resource.
|
||||
*/
|
||||
METHOD_NOT_ALLOWED = 405,
|
||||
|
||||
/**
|
||||
* The requested resource is capable of generating only content not acceptable according to the Accept headers sent in the request.
|
||||
*/
|
||||
NOT_ACCEPTABLE = 406,
|
||||
|
||||
/**
|
||||
* The client must first authenticate itself with the proxy.
|
||||
*/
|
||||
PROXY_AUTHENTICATION_REQUIRED = 407,
|
||||
|
||||
/**
|
||||
* The server timed out waiting for the request.
|
||||
* According to HTTP specifications:
|
||||
* "The client did not produce a request within the time that the server was prepared to wait. The client MAY repeat the request without modifications at any later time."
|
||||
*/
|
||||
REQUEST_TIMEOUT = 408,
|
||||
|
||||
/**
|
||||
* Indicates that the request could not be processed because of conflict in the request,
|
||||
* such as an edit conflict between multiple simultaneous updates.
|
||||
*/
|
||||
CONFLICT = 409,
|
||||
|
||||
/**
|
||||
* Indicates that the resource requested is no longer available and will not be available again.
|
||||
* This should be used when a resource has been intentionally removed and the resource should be purged.
|
||||
* Upon receiving a 410 status code, the client should not request the resource in the future.
|
||||
* Clients such as search engines should remove the resource from their indices.
|
||||
* Most use cases do not require clients and search engines to purge the resource, and a "404 Not Found" may be used instead.
|
||||
*/
|
||||
GONE = 410,
|
||||
|
||||
/**
|
||||
* The request did not specify the length of its content, which is required by the requested resource.
|
||||
*/
|
||||
LENGTH_REQUIRED = 411,
|
||||
|
||||
/**
|
||||
* The server does not meet one of the preconditions that the requester put on the request.
|
||||
*/
|
||||
PRECONDITION_FAILED = 412,
|
||||
|
||||
/**
|
||||
* The request is larger than the server is willing or able to process. Previously called "Request Entity Too Large".
|
||||
*/
|
||||
PAYLOAD_TOO_LARGE = 413,
|
||||
|
||||
/**
|
||||
* The URI provided was too long for the server to process. Often the result of too much data being encoded as a query-string of a GET request,
|
||||
* in which case it should be converted to a POST request.
|
||||
* Called "Request-URI Too Long" previously.
|
||||
*/
|
||||
URI_TOO_LONG = 414,
|
||||
|
||||
/**
|
||||
* The request entity has a media type which the server or resource does not support.
|
||||
* For example, the client uploads an image as image/svg+xml, but the server requires that images use a different format.
|
||||
*/
|
||||
UNSUPPORTED_MEDIA_TYPE = 415,
|
||||
|
||||
/**
|
||||
* The client has asked for a portion of the file (byte serving), but the server cannot supply that portion.
|
||||
* For example, if the client asked for a part of the file that lies beyond the end of the file.
|
||||
* Called "Requested Range Not Satisfiable" previously.
|
||||
*/
|
||||
RANGE_NOT_SATISFIABLE = 416,
|
||||
|
||||
/**
|
||||
* The server cannot meet the requirements of the Expect request-header field.
|
||||
*/
|
||||
EXPECTATION_FAILED = 417,
|
||||
|
||||
/**
|
||||
* This code was defined in 1998 as one of the traditional IETF April Fools' jokes, in RFC 2324, Hyper Text Coffee Pot Control Protocol,
|
||||
* and is not expected to be implemented by actual HTTP servers. The RFC specifies this code should be returned by
|
||||
* teapots requested to brew coffee. This HTTP status is used as an Easter egg in some websites, including Google.com.
|
||||
*/
|
||||
I_AM_A_TEAPOT = 418,
|
||||
|
||||
/**
|
||||
* The request was directed at a server that is not able to produce a response (for example because a connection reuse).
|
||||
*/
|
||||
MISDIRECTED_REQUEST = 421,
|
||||
|
||||
/**
|
||||
* The request was well-formed but was unable to be followed due to semantic errors.
|
||||
*/
|
||||
UNPROCESSABLE_ENTITY = 422,
|
||||
|
||||
/**
|
||||
* The resource that is being accessed is locked.
|
||||
*/
|
||||
LOCKED = 423,
|
||||
|
||||
/**
|
||||
* The request failed due to failure of a previous request (e.g., a PROPPATCH).
|
||||
*/
|
||||
FAILED_DEPENDENCY = 424,
|
||||
|
||||
/**
|
||||
* The client should switch to a different protocol such as TLS/1.0, given in the Upgrade header field.
|
||||
*/
|
||||
UPGRADE_REQUIRED = 426,
|
||||
|
||||
/**
|
||||
* The origin server requires the request to be conditional.
|
||||
* Intended to prevent "the 'lost update' problem, where a client
|
||||
* GETs a resource's state, modifies it, and PUTs it back to the server,
|
||||
* when meanwhile a third party has modified the state on the server, leading to a conflict."
|
||||
*/
|
||||
PRECONDITION_REQUIRED = 428,
|
||||
|
||||
/**
|
||||
* The user has sent too many requests in a given amount of time. Intended for use with rate-limiting schemes.
|
||||
*/
|
||||
TOO_MANY_REQUESTS = 429,
|
||||
|
||||
/**
|
||||
* The server is unwilling to process the request because either an individual header field,
|
||||
* or all the header fields collectively, are too large.
|
||||
*/
|
||||
REQUEST_HEADER_FIELDS_TOO_LARGE = 431,
|
||||
|
||||
/**
|
||||
* A server operator has received a legal demand to deny access to a resource or to a set of resources
|
||||
* that includes the requested resource. The code 451 was chosen as a reference to the novel Fahrenheit 451.
|
||||
*/
|
||||
UNAVAILABLE_FOR_LEGAL_REASONS = 451,
|
||||
|
||||
/**
|
||||
* A generic error message, given when an unexpected condition was encountered and no more specific message is suitable.
|
||||
*/
|
||||
INTERNAL_SERVER_ERROR = 500,
|
||||
|
||||
/**
|
||||
* The server either does not recognize the request method, or it lacks the ability to fulfill the request.
|
||||
* Usually this implies future availability (e.g., a new feature of a web-service API).
|
||||
*/
|
||||
NOT_IMPLEMENTED = 501,
|
||||
|
||||
/**
|
||||
* The server was acting as a gateway or proxy and received an invalid response from the upstream server.
|
||||
*/
|
||||
BAD_GATEWAY = 502,
|
||||
|
||||
/**
|
||||
* The server is currently unavailable (because it is overloaded or down for maintenance).
|
||||
* Generally, this is a temporary state.
|
||||
*/
|
||||
SERVICE_UNAVAILABLE = 503,
|
||||
|
||||
/**
|
||||
* The server was acting as a gateway or proxy and did not receive a timely response from the upstream server.
|
||||
*/
|
||||
GATEWAY_TIMEOUT = 504,
|
||||
|
||||
/**
|
||||
* The server does not support the HTTP protocol version used in the request
|
||||
*/
|
||||
HTTP_VERSION_NOT_SUPPORTED = 505,
|
||||
|
||||
/**
|
||||
* Transparent content negotiation for the request results in a circular reference.
|
||||
*/
|
||||
VARIANT_ALSO_NEGOTIATES = 506,
|
||||
|
||||
/**
|
||||
* The server is unable to store the representation needed to complete the request.
|
||||
*/
|
||||
INSUFFICIENT_STORAGE = 507,
|
||||
|
||||
/**
|
||||
* The server detected an infinite loop while processing the request.
|
||||
*/
|
||||
LOOP_DETECTED = 508,
|
||||
|
||||
/**
|
||||
* Further extensions to the request are required for the server to fulfill it.
|
||||
*/
|
||||
NOT_EXTENDED = 510,
|
||||
|
||||
/**
|
||||
* The client needs to authenticate to gain network access.
|
||||
* Intended for use by intercepting proxies used to control access to the network (e.g., "captive portals" used
|
||||
* to require agreement to Terms of Service before granting full Internet access via a Wi-Fi hotspot).
|
||||
*/
|
||||
NETWORK_AUTHENTICATION_REQUIRED = 511
|
||||
}
|
||||
|
||||
|
||||
export default class RequestError extends Error {
|
||||
constructor(message: any, public status: HttpStatusCode, public nolog: boolean = false, public additional: any = undefined) {
|
||||
super("")
|
||||
this.message = message;
|
||||
}
|
||||
}
|
||||
/**
|
||||
* Hypertext Transfer Protocol (HTTP) response status codes.
|
||||
* @see {@link https://en.wikipedia.org/wiki/List_of_HTTP_status_codes}
|
||||
*/
|
||||
export enum HttpStatusCode {
|
||||
/**
|
||||
* The server has received the request headers and the client should proceed to send the request body
|
||||
* (in the case of a request for which a body needs to be sent; for example, a POST request).
|
||||
* Sending a large request body to a server after a request has been rejected for inappropriate headers would be inefficient.
|
||||
* To have a server check the request's headers, a client must send Expect: 100-continue as a header in its initial request
|
||||
* and receive a 100 Continue status code in response before sending the body. The response 417 Expectation Failed indicates the request should not be continued.
|
||||
*/
|
||||
CONTINUE = 100,
|
||||
|
||||
/**
|
||||
* The requester has asked the server to switch protocols and the server has agreed to do so.
|
||||
*/
|
||||
SWITCHING_PROTOCOLS = 101,
|
||||
|
||||
/**
|
||||
* A WebDAV request may contain many sub-requests involving file operations, requiring a long time to complete the request.
|
||||
* This code indicates that the server has received and is processing the request, but no response is available yet.
|
||||
* This prevents the client from timing out and assuming the request was lost.
|
||||
*/
|
||||
PROCESSING = 102,
|
||||
|
||||
/**
|
||||
* Standard response for successful HTTP requests.
|
||||
* The actual response will depend on the request method used.
|
||||
* In a GET request, the response will contain an entity corresponding to the requested resource.
|
||||
* In a POST request, the response will contain an entity describing or containing the result of the action.
|
||||
*/
|
||||
OK = 200,
|
||||
|
||||
/**
|
||||
* The request has been fulfilled, resulting in the creation of a new resource.
|
||||
*/
|
||||
CREATED = 201,
|
||||
|
||||
/**
|
||||
* The request has been accepted for processing, but the processing has not been completed.
|
||||
* The request might or might not be eventually acted upon, and may be disallowed when processing occurs.
|
||||
*/
|
||||
ACCEPTED = 202,
|
||||
|
||||
/**
|
||||
* SINCE HTTP/1.1
|
||||
* The server is a transforming proxy that received a 200 OK from its origin,
|
||||
* but is returning a modified version of the origin's response.
|
||||
*/
|
||||
NON_AUTHORITATIVE_INFORMATION = 203,
|
||||
|
||||
/**
|
||||
* The server successfully processed the request and is not returning any content.
|
||||
*/
|
||||
NO_CONTENT = 204,
|
||||
|
||||
/**
|
||||
* The server successfully processed the request, but is not returning any content.
|
||||
* Unlike a 204 response, this response requires that the requester reset the document view.
|
||||
*/
|
||||
RESET_CONTENT = 205,
|
||||
|
||||
/**
|
||||
* The server is delivering only part of the resource (byte serving) due to a range header sent by the client.
|
||||
* The range header is used by HTTP clients to enable resuming of interrupted downloads,
|
||||
* or split a download into multiple simultaneous streams.
|
||||
*/
|
||||
PARTIAL_CONTENT = 206,
|
||||
|
||||
/**
|
||||
* The message body that follows is an XML message and can contain a number of separate response codes,
|
||||
* depending on how many sub-requests were made.
|
||||
*/
|
||||
MULTI_STATUS = 207,
|
||||
|
||||
/**
|
||||
* The members of a DAV binding have already been enumerated in a preceding part of the (multistatus) response,
|
||||
* and are not being included again.
|
||||
*/
|
||||
ALREADY_REPORTED = 208,
|
||||
|
||||
/**
|
||||
* The server has fulfilled a request for the resource,
|
||||
* and the response is a representation of the result of one or more instance-manipulations applied to the current instance.
|
||||
*/
|
||||
IM_USED = 226,
|
||||
|
||||
/**
|
||||
* Indicates multiple options for the resource from which the client may choose (via agent-driven content negotiation).
|
||||
* For example, this code could be used to present multiple video format options,
|
||||
* to list files with different filename extensions, or to suggest word-sense disambiguation.
|
||||
*/
|
||||
MULTIPLE_CHOICES = 300,
|
||||
|
||||
/**
|
||||
* This and all future requests should be directed to the given URI.
|
||||
*/
|
||||
MOVED_PERMANENTLY = 301,
|
||||
|
||||
/**
|
||||
* This is an example of industry practice contradicting the standard.
|
||||
* The HTTP/1.0 specification (RFC 1945) required the client to perform a temporary redirect
|
||||
* (the original describing phrase was "Moved Temporarily"), but popular browsers implemented 302
|
||||
* with the functionality of a 303 See Other. Therefore, HTTP/1.1 added status codes 303 and 307
|
||||
* to distinguish between the two behaviours. However, some Web applications and frameworks
|
||||
* use the 302 status code as if it were the 303.
|
||||
*/
|
||||
FOUND = 302,
|
||||
|
||||
/**
|
||||
* SINCE HTTP/1.1
|
||||
* The response to the request can be found under another URI using a GET method.
|
||||
* When received in response to a POST (or PUT/DELETE), the client should presume that
|
||||
* the server has received the data and should issue a redirect with a separate GET message.
|
||||
*/
|
||||
SEE_OTHER = 303,
|
||||
|
||||
/**
|
||||
* Indicates that the resource has not been modified since the version specified by the request headers If-Modified-Since or If-None-Match.
|
||||
* In such case, there is no need to retransmit the resource since the client still has a previously-downloaded copy.
|
||||
*/
|
||||
NOT_MODIFIED = 304,
|
||||
|
||||
/**
|
||||
* SINCE HTTP/1.1
|
||||
* The requested resource is available only through a proxy, the address for which is provided in the response.
|
||||
* Many HTTP clients (such as Mozilla and Internet Explorer) do not correctly handle responses with this status code, primarily for security reasons.
|
||||
*/
|
||||
USE_PROXY = 305,
|
||||
|
||||
/**
|
||||
* No longer used. Originally meant "Subsequent requests should use the specified proxy."
|
||||
*/
|
||||
SWITCH_PROXY = 306,
|
||||
|
||||
/**
|
||||
* SINCE HTTP/1.1
|
||||
* In this case, the request should be repeated with another URI; however, future requests should still use the original URI.
|
||||
* In contrast to how 302 was historically implemented, the request method is not allowed to be changed when reissuing the original request.
|
||||
* For example, a POST request should be repeated using another POST request.
|
||||
*/
|
||||
TEMPORARY_REDIRECT = 307,
|
||||
|
||||
/**
|
||||
* The request and all future requests should be repeated using another URI.
|
||||
* 307 and 308 parallel the behaviors of 302 and 301, but do not allow the HTTP method to change.
|
||||
* So, for example, submitting a form to a permanently redirected resource may continue smoothly.
|
||||
*/
|
||||
PERMANENT_REDIRECT = 308,
|
||||
|
||||
/**
|
||||
* The server cannot or will not process the request due to an apparent client error
|
||||
* (e.g., malformed request syntax, too large size, invalid request message framing, or deceptive request routing).
|
||||
*/
|
||||
BAD_REQUEST = 400,
|
||||
|
||||
/**
|
||||
* Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet
|
||||
* been provided. The response must include a WWW-Authenticate header field containing a challenge applicable to the
|
||||
* requested resource. See Basic access authentication and Digest access authentication. 401 semantically means
|
||||
* "unauthenticated",i.e. the user does not have the necessary credentials.
|
||||
*/
|
||||
UNAUTHORIZED = 401,
|
||||
|
||||
/**
|
||||
* Reserved for future use. The original intention was that this code might be used as part of some form of digital
|
||||
* cash or micro payment scheme, but that has not happened, and this code is not usually used.
|
||||
* Google Developers API uses this status if a particular developer has exceeded the daily limit on requests.
|
||||
*/
|
||||
PAYMENT_REQUIRED = 402,
|
||||
|
||||
/**
|
||||
* The request was valid, but the server is refusing action.
|
||||
* The user might not have the necessary permissions for a resource.
|
||||
*/
|
||||
FORBIDDEN = 403,
|
||||
|
||||
/**
|
||||
* The requested resource could not be found but may be available in the future.
|
||||
* Subsequent requests by the client are permissible.
|
||||
*/
|
||||
NOT_FOUND = 404,
|
||||
|
||||
/**
|
||||
* A request method is not supported for the requested resource;
|
||||
* for example, a GET request on a form that requires data to be presented via POST, or a PUT request on a read-only resource.
|
||||
*/
|
||||
METHOD_NOT_ALLOWED = 405,
|
||||
|
||||
/**
|
||||
* The requested resource is capable of generating only content not acceptable according to the Accept headers sent in the request.
|
||||
*/
|
||||
NOT_ACCEPTABLE = 406,
|
||||
|
||||
/**
|
||||
* The client must first authenticate itself with the proxy.
|
||||
*/
|
||||
PROXY_AUTHENTICATION_REQUIRED = 407,
|
||||
|
||||
/**
|
||||
* The server timed out waiting for the request.
|
||||
* According to HTTP specifications:
|
||||
* "The client did not produce a request within the time that the server was prepared to wait. The client MAY repeat the request without modifications at any later time."
|
||||
*/
|
||||
REQUEST_TIMEOUT = 408,
|
||||
|
||||
/**
|
||||
* Indicates that the request could not be processed because of conflict in the request,
|
||||
* such as an edit conflict between multiple simultaneous updates.
|
||||
*/
|
||||
CONFLICT = 409,
|
||||
|
||||
/**
|
||||
* Indicates that the resource requested is no longer available and will not be available again.
|
||||
* This should be used when a resource has been intentionally removed and the resource should be purged.
|
||||
* Upon receiving a 410 status code, the client should not request the resource in the future.
|
||||
* Clients such as search engines should remove the resource from their indices.
|
||||
* Most use cases do not require clients and search engines to purge the resource, and a "404 Not Found" may be used instead.
|
||||
*/
|
||||
GONE = 410,
|
||||
|
||||
/**
|
||||
* The request did not specify the length of its content, which is required by the requested resource.
|
||||
*/
|
||||
LENGTH_REQUIRED = 411,
|
||||
|
||||
/**
|
||||
* The server does not meet one of the preconditions that the requester put on the request.
|
||||
*/
|
||||
PRECONDITION_FAILED = 412,
|
||||
|
||||
/**
|
||||
* The request is larger than the server is willing or able to process. Previously called "Request Entity Too Large".
|
||||
*/
|
||||
PAYLOAD_TOO_LARGE = 413,
|
||||
|
||||
/**
|
||||
* The URI provided was too long for the server to process. Often the result of too much data being encoded as a query-string of a GET request,
|
||||
* in which case it should be converted to a POST request.
|
||||
* Called "Request-URI Too Long" previously.
|
||||
*/
|
||||
URI_TOO_LONG = 414,
|
||||
|
||||
/**
|
||||
* The request entity has a media type which the server or resource does not support.
|
||||
* For example, the client uploads an image as image/svg+xml, but the server requires that images use a different format.
|
||||
*/
|
||||
UNSUPPORTED_MEDIA_TYPE = 415,
|
||||
|
||||
/**
|
||||
* The client has asked for a portion of the file (byte serving), but the server cannot supply that portion.
|
||||
* For example, if the client asked for a part of the file that lies beyond the end of the file.
|
||||
* Called "Requested Range Not Satisfiable" previously.
|
||||
*/
|
||||
RANGE_NOT_SATISFIABLE = 416,
|
||||
|
||||
/**
|
||||
* The server cannot meet the requirements of the Expect request-header field.
|
||||
*/
|
||||
EXPECTATION_FAILED = 417,
|
||||
|
||||
/**
|
||||
* This code was defined in 1998 as one of the traditional IETF April Fools' jokes, in RFC 2324, Hyper Text Coffee Pot Control Protocol,
|
||||
* and is not expected to be implemented by actual HTTP servers. The RFC specifies this code should be returned by
|
||||
* teapots requested to brew coffee. This HTTP status is used as an Easter egg in some websites, including Google.com.
|
||||
*/
|
||||
I_AM_A_TEAPOT = 418,
|
||||
|
||||
/**
|
||||
* The request was directed at a server that is not able to produce a response (for example because a connection reuse).
|
||||
*/
|
||||
MISDIRECTED_REQUEST = 421,
|
||||
|
||||
/**
|
||||
* The request was well-formed but was unable to be followed due to semantic errors.
|
||||
*/
|
||||
UNPROCESSABLE_ENTITY = 422,
|
||||
|
||||
/**
|
||||
* The resource that is being accessed is locked.
|
||||
*/
|
||||
LOCKED = 423,
|
||||
|
||||
/**
|
||||
* The request failed due to failure of a previous request (e.g., a PROPPATCH).
|
||||
*/
|
||||
FAILED_DEPENDENCY = 424,
|
||||
|
||||
/**
|
||||
* The client should switch to a different protocol such as TLS/1.0, given in the Upgrade header field.
|
||||
*/
|
||||
UPGRADE_REQUIRED = 426,
|
||||
|
||||
/**
|
||||
* The origin server requires the request to be conditional.
|
||||
* Intended to prevent "the 'lost update' problem, where a client
|
||||
* GETs a resource's state, modifies it, and PUTs it back to the server,
|
||||
* when meanwhile a third party has modified the state on the server, leading to a conflict."
|
||||
*/
|
||||
PRECONDITION_REQUIRED = 428,
|
||||
|
||||
/**
|
||||
* The user has sent too many requests in a given amount of time. Intended for use with rate-limiting schemes.
|
||||
*/
|
||||
TOO_MANY_REQUESTS = 429,
|
||||
|
||||
/**
|
||||
* The server is unwilling to process the request because either an individual header field,
|
||||
* or all the header fields collectively, are too large.
|
||||
*/
|
||||
REQUEST_HEADER_FIELDS_TOO_LARGE = 431,
|
||||
|
||||
/**
|
||||
* A server operator has received a legal demand to deny access to a resource or to a set of resources
|
||||
* that includes the requested resource. The code 451 was chosen as a reference to the novel Fahrenheit 451.
|
||||
*/
|
||||
UNAVAILABLE_FOR_LEGAL_REASONS = 451,
|
||||
|
||||
/**
|
||||
* A generic error message, given when an unexpected condition was encountered and no more specific message is suitable.
|
||||
*/
|
||||
INTERNAL_SERVER_ERROR = 500,
|
||||
|
||||
/**
|
||||
* The server either does not recognize the request method, or it lacks the ability to fulfill the request.
|
||||
* Usually this implies future availability (e.g., a new feature of a web-service API).
|
||||
*/
|
||||
NOT_IMPLEMENTED = 501,
|
||||
|
||||
/**
|
||||
* The server was acting as a gateway or proxy and received an invalid response from the upstream server.
|
||||
*/
|
||||
BAD_GATEWAY = 502,
|
||||
|
||||
/**
|
||||
* The server is currently unavailable (because it is overloaded or down for maintenance).
|
||||
* Generally, this is a temporary state.
|
||||
*/
|
||||
SERVICE_UNAVAILABLE = 503,
|
||||
|
||||
/**
|
||||
* The server was acting as a gateway or proxy and did not receive a timely response from the upstream server.
|
||||
*/
|
||||
GATEWAY_TIMEOUT = 504,
|
||||
|
||||
/**
|
||||
* The server does not support the HTTP protocol version used in the request
|
||||
*/
|
||||
HTTP_VERSION_NOT_SUPPORTED = 505,
|
||||
|
||||
/**
|
||||
* Transparent content negotiation for the request results in a circular reference.
|
||||
*/
|
||||
VARIANT_ALSO_NEGOTIATES = 506,
|
||||
|
||||
/**
|
||||
* The server is unable to store the representation needed to complete the request.
|
||||
*/
|
||||
INSUFFICIENT_STORAGE = 507,
|
||||
|
||||
/**
|
||||
* The server detected an infinite loop while processing the request.
|
||||
*/
|
||||
LOOP_DETECTED = 508,
|
||||
|
||||
/**
|
||||
* Further extensions to the request are required for the server to fulfill it.
|
||||
*/
|
||||
NOT_EXTENDED = 510,
|
||||
|
||||
/**
|
||||
* The client needs to authenticate to gain network access.
|
||||
* Intended for use by intercepting proxies used to control access to the network (e.g., "captive portals" used
|
||||
* to require agreement to Terms of Service before granting full Internet access via a Wi-Fi hotspot).
|
||||
*/
|
||||
NETWORK_AUTHENTICATION_REQUIRED = 511,
|
||||
}
|
||||
|
||||
export default class RequestError extends Error {
|
||||
constructor(
|
||||
message: any,
|
||||
public status: HttpStatusCode,
|
||||
public nolog: boolean = false,
|
||||
public additional: any = undefined
|
||||
) {
|
||||
super("");
|
||||
this.message = message;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,18 @@
|
|||
// import * as crypto from "crypto-js"
|
||||
import { IUser } from "../models/user";
|
||||
import { IClient } from "../models/client";
|
||||
import * as crypto from "crypto";
|
||||
|
||||
function sha512(text: string) {
|
||||
let hash = crypto.createHash("sha512");
|
||||
hash.update(text);
|
||||
return hash.digest("base64");
|
||||
}
|
||||
|
||||
export function getEncryptionKey(user: IUser, client: IClient) {
|
||||
return sha512(
|
||||
sha512(user.encryption_key) +
|
||||
sha512(client._id.toHexString()) +
|
||||
sha512(client.client_id)
|
||||
);
|
||||
}
|
|
@ -0,0 +1,90 @@
|
|||
import Logging from "@hibas123/nodelogging";
|
||||
import config from "./config";
|
||||
|
||||
// import NLS from "@hibas123/nodeloggingserver_client";
|
||||
// if (config.logging) {
|
||||
// let s = NLS(Logging, config.logging.server, config.logging.appid, config.logging.token);
|
||||
// s.send(`[${new Date().toLocaleTimeString()}] Starting application`);
|
||||
// }
|
||||
|
||||
// if (!config.database) {
|
||||
// Logging.error("No database config set. Terminating.")
|
||||
// process.exit();
|
||||
// }
|
||||
|
||||
if (!config.web) {
|
||||
Logging.error("No web config set. Terminating.");
|
||||
process.exit();
|
||||
}
|
||||
|
||||
import * as i18n from "i18n";
|
||||
i18n.configure({
|
||||
locales: ["en", "de"],
|
||||
directory: "./locales",
|
||||
});
|
||||
|
||||
import Web from "./web";
|
||||
import TestData from "./testdata";
|
||||
import DB from "./database";
|
||||
|
||||
Logging.log("Connecting to Database");
|
||||
if (config.core.dev) {
|
||||
Logging.warning("Running in dev mode! Database will be cleared!");
|
||||
}
|
||||
DB.connect()
|
||||
.then(async () => {
|
||||
Logging.log("Database connected", config);
|
||||
if (config.core.dev) await TestData();
|
||||
let web = new Web(config.web);
|
||||
web.listen();
|
||||
|
||||
let already = new Set();
|
||||
function print(path, layer) {
|
||||
if (layer.route) {
|
||||
layer.route.stack.forEach(
|
||||
print.bind(null, path.concat(split(layer.route.path)))
|
||||
);
|
||||
} else if (layer.name === "router" && layer.handle.stack) {
|
||||
layer.handle.stack.forEach(
|
||||
print.bind(null, path.concat(split(layer.regexp)))
|
||||
);
|
||||
} else if (layer.method) {
|
||||
let me: string = layer.method.toUpperCase();
|
||||
me += " ".repeat(6 - me.length);
|
||||
let msg = `${me} /${path
|
||||
.concat(split(layer.regexp))
|
||||
.filter(Boolean)
|
||||
.join("/")}`;
|
||||
if (!already.has(msg)) {
|
||||
already.add(msg);
|
||||
Logging.log(msg);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function split(thing) {
|
||||
if (typeof thing === "string") {
|
||||
return thing.split("/");
|
||||
} else if (thing.fast_slash) {
|
||||
return "";
|
||||
} else {
|
||||
var match = thing
|
||||
.toString()
|
||||
.replace("\\/?", "")
|
||||
.replace("(?=\\/|$)", "$")
|
||||
.match(
|
||||
/^\/\^((?:\\[.*+?^${}()|[\]\\\/]|[^.*+?^${}()|[\]\\\/])*)\$\//
|
||||
);
|
||||
return match
|
||||
? match[1].replace(/\\(.)/g, "$1").split("/")
|
||||
: "<complex:" + thing.toString() + ">";
|
||||
}
|
||||
}
|
||||
// Logging.log("--- Endpoints: ---");
|
||||
// web.server._router.stack.forEach(print.bind(null, []))
|
||||
// Logging.log("--- Endpoints end ---")
|
||||
})
|
||||
.catch((e) => {
|
||||
Logging.error(e);
|
||||
process.exit();
|
||||
});
|
|
@ -1,69 +1,69 @@
|
|||
import Logging from "@hibas123/nodelogging";
|
||||
import * as fs from "fs"
|
||||
|
||||
let private_key: string;
|
||||
let rsa: RSA;
|
||||
export function sign(message: Buffer): Buffer {
|
||||
return rsa.sign(message, "buffer")
|
||||
}
|
||||
|
||||
export function verify(message: Buffer, signature: Buffer): boolean {
|
||||
return rsa.verify(message, signature);
|
||||
}
|
||||
|
||||
export let public_key: string;
|
||||
|
||||
import * as jwt from "jsonwebtoken";
|
||||
import config from "./config";
|
||||
|
||||
export function createJWT(payload: any, options: jwt.SignOptions) {
|
||||
return new Promise<string>((resolve, reject) => {
|
||||
return jwt.sign(payload, private_key, options, (err, token) => {
|
||||
if (err) reject(err)
|
||||
else resolve(token)
|
||||
});
|
||||
})
|
||||
}
|
||||
|
||||
export async function validateJWT(data: string) {
|
||||
return new Promise<any>((resolve, reject) => {
|
||||
jwt.verify(data, public_key, (err, valid) => {
|
||||
if (err) reject(err)
|
||||
else resolve(valid)
|
||||
});
|
||||
})
|
||||
}
|
||||
|
||||
let create = false;
|
||||
if (fs.existsSync("./keys")) {
|
||||
if (fs.existsSync("./keys/private.pem")) {
|
||||
if (fs.existsSync("./keys/public.pem")) {
|
||||
Logging.log("Using existing private and public key")
|
||||
private_key = fs.readFileSync("./keys/private.pem").toString("utf8")
|
||||
public_key = fs.readFileSync("./keys/public.pem").toString("utf8")
|
||||
|
||||
if (!private_key || !public_key) {
|
||||
create = true;
|
||||
}
|
||||
} else create = true;
|
||||
} else create = true;
|
||||
} else create = true;
|
||||
|
||||
import * as RSA from "node-rsa"
|
||||
|
||||
if (create === true) {
|
||||
Logging.log("Started RSA Key gen")
|
||||
let rsa = new RSA({ b: 4096 });
|
||||
private_key = rsa.exportKey("private")
|
||||
public_key = rsa.exportKey("public")
|
||||
|
||||
if (!fs.existsSync("./keys")) {
|
||||
fs.mkdirSync("./keys")
|
||||
}
|
||||
fs.writeFileSync("./keys/private.pem", private_key)
|
||||
fs.writeFileSync("./keys/public.pem", public_key)
|
||||
Logging.log("Key pair generated")
|
||||
}
|
||||
|
||||
rsa = new RSA(private_key, "private")
|
||||
rsa.importKey(public_key, "public")
|
||||
import Logging from "@hibas123/nodelogging";
|
||||
import * as fs from "fs";
|
||||
|
||||
let private_key: string;
|
||||
let rsa: RSA;
|
||||
export function sign(message: Buffer): Buffer {
|
||||
return rsa.sign(message, "buffer");
|
||||
}
|
||||
|
||||
export function verify(message: Buffer, signature: Buffer): boolean {
|
||||
return rsa.verify(message, signature);
|
||||
}
|
||||
|
||||
export let public_key: string;
|
||||
|
||||
import * as jwt from "jsonwebtoken";
|
||||
import config from "./config";
|
||||
|
||||
export function createJWT(payload: any, options: jwt.SignOptions) {
|
||||
return new Promise<string>((resolve, reject) => {
|
||||
return jwt.sign(payload, private_key, options, (err, token) => {
|
||||
if (err) reject(err);
|
||||
else resolve(token);
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
export async function validateJWT(data: string) {
|
||||
return new Promise<any>((resolve, reject) => {
|
||||
jwt.verify(data, public_key, (err, valid) => {
|
||||
if (err) reject(err);
|
||||
else resolve(valid);
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
let create = false;
|
||||
if (fs.existsSync("./keys")) {
|
||||
if (fs.existsSync("./keys/private.pem")) {
|
||||
if (fs.existsSync("./keys/public.pem")) {
|
||||
Logging.log("Using existing private and public key");
|
||||
private_key = fs.readFileSync("./keys/private.pem").toString("utf8");
|
||||
public_key = fs.readFileSync("./keys/public.pem").toString("utf8");
|
||||
|
||||
if (!private_key || !public_key) {
|
||||
create = true;
|
||||
}
|
||||
} else create = true;
|
||||
} else create = true;
|
||||
} else create = true;
|
||||
|
||||
import RSA from "node-rsa";
|
||||
|
||||
if (create === true) {
|
||||
Logging.log("Started RSA Key gen");
|
||||
let rsa = new RSA({ b: 4096 });
|
||||
private_key = rsa.exportKey("private");
|
||||
public_key = rsa.exportKey("public");
|
||||
|
||||
if (!fs.existsSync("./keys")) {
|
||||
fs.mkdirSync("./keys");
|
||||
}
|
||||
fs.writeFileSync("./keys/private.pem", private_key);
|
||||
fs.writeFileSync("./keys/public.pem", public_key);
|
||||
Logging.log("Key pair generated");
|
||||
}
|
||||
|
||||
rsa = new RSA(private_key, "private");
|
||||
rsa.importKey(public_key, "public");
|
|
@ -1,36 +1,40 @@
|
|||
import DB from "../database";
|
||||
import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
|
||||
import { ObjectID } from "mongodb";
|
||||
import { v4 } from "uuid";
|
||||
|
||||
export interface IClient extends ModelDataBase {
|
||||
maintainer: ObjectID
|
||||
internal: boolean
|
||||
name: string
|
||||
redirect_url: string
|
||||
website: string
|
||||
logo?: string
|
||||
client_id: string
|
||||
client_secret: string
|
||||
}
|
||||
|
||||
const Client = DB.addModel<IClient>({
|
||||
name: "client",
|
||||
versions: [
|
||||
{
|
||||
migration: () => { },
|
||||
schema: {
|
||||
maintainer: { type: ObjectID },
|
||||
internal: { type: Boolean, default: false },
|
||||
name: { type: String },
|
||||
redirect_url: { type: String },
|
||||
website: { type: String },
|
||||
logo: { type: String, optional: true },
|
||||
client_id: { type: String, default: () => v4() },
|
||||
client_secret: { type: String }
|
||||
}
|
||||
}
|
||||
]
|
||||
})
|
||||
|
||||
export default Client;
|
||||
import DB from "../database";
|
||||
import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
|
||||
import { ObjectId } from "mongodb";
|
||||
import { v4 } from "uuid";
|
||||
|
||||
export interface IClient extends ModelDataBase {
|
||||
maintainer: ObjectId;
|
||||
internal: boolean;
|
||||
name: string;
|
||||
redirect_url: string;
|
||||
website: string;
|
||||
logo?: string;
|
||||
client_id: string;
|
||||
client_secret: string;
|
||||
featured?: boolean;
|
||||
description?: string;
|
||||
}
|
||||
|
||||
const Client = DB.addModel<IClient>({
|
||||
name: "client",
|
||||
versions: [
|
||||
{
|
||||
migration: () => { },
|
||||
schema: {
|
||||
maintainer: { type: ObjectId },
|
||||
internal: { type: Boolean, default: false },
|
||||
name: { type: String },
|
||||
redirect_url: { type: String },
|
||||
website: { type: String },
|
||||
logo: { type: String, optional: true },
|
||||
client_id: { type: String, default: () => v4() },
|
||||
client_secret: { type: String },
|
||||
featured: { type: Boolean, optional: true },
|
||||
description: { type: String, optional: true },
|
||||
},
|
||||
},
|
||||
],
|
||||
});
|
||||
|
||||
export default Client;
|
|
@ -0,0 +1,29 @@
|
|||
import DB from "../database";
|
||||
import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
|
||||
import { ObjectId } from "mongodb";
|
||||
import { v4 } from "uuid";
|
||||
|
||||
export interface IClientCode extends ModelDataBase {
|
||||
user: ObjectId;
|
||||
code: string;
|
||||
client: ObjectId;
|
||||
permissions: ObjectId[];
|
||||
validTill: Date;
|
||||
}
|
||||
|
||||
const ClientCode = DB.addModel<IClientCode>({
|
||||
name: "client_code",
|
||||
versions: [
|
||||
{
|
||||
migration: () => { },
|
||||
schema: {
|
||||
user: { type: ObjectId },
|
||||
code: { type: String },
|
||||
client: { type: ObjectId },
|
||||
permissions: { type: Array },
|
||||
validTill: { type: Date },
|
||||
},
|
||||
},
|
||||
],
|
||||
});
|
||||
export default ClientCode;
|
|
@ -0,0 +1,25 @@
|
|||
import DB from "../database";
|
||||
import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
|
||||
import { ObjectId } from "mongodb";
|
||||
|
||||
export interface IGrant extends ModelDataBase {
|
||||
user: ObjectId;
|
||||
client: ObjectId;
|
||||
permissions: ObjectId[];
|
||||
}
|
||||
|
||||
const Grant = DB.addModel<IGrant>({
|
||||
name: "grant",
|
||||
versions: [
|
||||
{
|
||||
migration: () => { },
|
||||
schema: {
|
||||
user: { type: ObjectId },
|
||||
client: { type: ObjectId },
|
||||
permissions: { type: ObjectId, array: true },
|
||||
},
|
||||
},
|
||||
],
|
||||
});
|
||||
|
||||
export default Grant;
|
|
@ -0,0 +1,76 @@
|
|||
import DB from "../database";
|
||||
import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
|
||||
import { ObjectId } from "mongodb";
|
||||
import moment = require("moment");
|
||||
|
||||
export interface ILoginToken extends ModelDataBase {
|
||||
token: string;
|
||||
special: boolean;
|
||||
user: ObjectId;
|
||||
validTill: Date;
|
||||
valid: boolean;
|
||||
validated: boolean;
|
||||
data: any;
|
||||
ip: string;
|
||||
browser: string;
|
||||
}
|
||||
const LoginToken = DB.addModel<ILoginToken>({
|
||||
name: "login_token",
|
||||
versions: [
|
||||
{
|
||||
migration: () => { },
|
||||
schema: {
|
||||
token: { type: String },
|
||||
special: { type: Boolean, default: () => false },
|
||||
user: { type: ObjectId },
|
||||
validTill: { type: Date },
|
||||
valid: { type: Boolean },
|
||||
},
|
||||
},
|
||||
{
|
||||
migration: (doc: ILoginToken) => {
|
||||
doc.validated = true;
|
||||
},
|
||||
schema: {
|
||||
token: { type: String },
|
||||
special: { type: Boolean, default: () => false },
|
||||
user: { type: ObjectId },
|
||||
validTill: { type: Date },
|
||||
valid: { type: Boolean },
|
||||
validated: { type: Boolean, default: false },
|
||||
},
|
||||
},
|
||||
{
|
||||
migration: (doc: ILoginToken) => {
|
||||
doc.validated = true;
|
||||
},
|
||||
schema: {
|
||||
token: { type: String },
|
||||
special: { type: Boolean, default: () => false },
|
||||
user: { type: ObjectId },
|
||||
validTill: { type: Date },
|
||||
valid: { type: Boolean },
|
||||
validated: { type: Boolean, default: false },
|
||||
data: { type: "any", optional: true },
|
||||
ip: { type: String, optional: true },
|
||||
browser: { type: String, optional: true },
|
||||
},
|
||||
},
|
||||
],
|
||||
});
|
||||
|
||||
export async function CheckToken(
|
||||
token: ILoginToken,
|
||||
validated: boolean = true
|
||||
): Promise<boolean> {
|
||||
if (!token || !token.valid) return false;
|
||||
if (validated && !token.validated) return false;
|
||||
if (moment().isAfter(token.validTill)) {
|
||||
token.valid = false;
|
||||
await LoginToken.save(token);
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
export default LoginToken;
|
|
@ -0,0 +1,24 @@
|
|||
import DB from "../database";
|
||||
import { ModelDataBase } from "@hibas123/safe_mongo";
|
||||
|
||||
export interface IMail extends ModelDataBase {
|
||||
mail: string;
|
||||
verified: boolean;
|
||||
primary: boolean;
|
||||
}
|
||||
|
||||
const Mail = DB.addModel<IMail>({
|
||||
name: "mail",
|
||||
versions: [
|
||||
{
|
||||
migration: () => {},
|
||||
schema: {
|
||||
mail: { type: String },
|
||||
verified: { type: Boolean, default: false },
|
||||
primary: { type: Boolean },
|
||||
},
|
||||
},
|
||||
],
|
||||
});
|
||||
|
||||
export default Mail;
|
|
@ -0,0 +1,37 @@
|
|||
import DB from "../database";
|
||||
import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
|
||||
import { ObjectId } from "mongodb";
|
||||
|
||||
export interface IPermission extends ModelDataBase {
|
||||
name: string;
|
||||
description: string;
|
||||
client: ObjectId;
|
||||
grant_type: "user" | "client";
|
||||
}
|
||||
|
||||
const Permission = DB.addModel<IPermission>({
|
||||
name: "permission",
|
||||
versions: [
|
||||
{
|
||||
migration: () => { },
|
||||
schema: {
|
||||
name: { type: String },
|
||||
description: { type: String },
|
||||
client: { type: ObjectId },
|
||||
},
|
||||
},
|
||||
{
|
||||
migration: (old) => {
|
||||
old.grant_type = "user";
|
||||
},
|
||||
schema: {
|
||||
name: { type: String },
|
||||
description: { type: String },
|
||||
client: { type: ObjectId },
|
||||
grant_type: { type: String, default: "user" },
|
||||
},
|
||||
},
|
||||
],
|
||||
});
|
||||
|
||||
export default Permission;
|
|
@ -0,0 +1,32 @@
|
|||
import DB from "../database";
|
||||
import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
|
||||
import { ObjectId } from "mongodb";
|
||||
import { v4 } from "uuid";
|
||||
|
||||
export interface IRefreshToken extends ModelDataBase {
|
||||
token: string;
|
||||
user: ObjectId;
|
||||
client: ObjectId;
|
||||
permissions: ObjectId[];
|
||||
validTill: Date;
|
||||
valid: boolean;
|
||||
}
|
||||
|
||||
const RefreshToken = DB.addModel<IRefreshToken>({
|
||||
name: "refresh_token",
|
||||
versions: [
|
||||
{
|
||||
migration: () => { },
|
||||
schema: {
|
||||
token: { type: String },
|
||||
user: { type: ObjectId },
|
||||
client: { type: ObjectId },
|
||||
permissions: { type: Array },
|
||||
validTill: { type: Date },
|
||||
valid: { type: Boolean },
|
||||
},
|
||||
},
|
||||
],
|
||||
});
|
||||
|
||||
export default RefreshToken;
|
|
@ -1,55 +1,57 @@
|
|||
import DB from "../database";
|
||||
import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
|
||||
import { ObjectID } from "mongodb";
|
||||
import { v4 } from "uuid";
|
||||
|
||||
export interface IRegCode extends ModelDataBase {
|
||||
token: string;
|
||||
valid: boolean;
|
||||
validTill: Date;
|
||||
}
|
||||
|
||||
const RegCode = DB.addModel<IRegCode>({
|
||||
name: "reg_code",
|
||||
versions: [{
|
||||
migration: () => { },
|
||||
schema: {
|
||||
token: { type: String },
|
||||
valid: { type: Boolean },
|
||||
validTill: { type: Date }
|
||||
}
|
||||
}]
|
||||
})
|
||||
|
||||
export default RegCode;
|
||||
|
||||
// import { Model, Table, Column, ForeignKey, BelongsTo, Unique, CreatedAt, UpdatedAt, DeletedAt, HasMany, BelongsToMany, Default, DataType } from "sequelize-typescript"
|
||||
// import User from "./user";
|
||||
// import Permission from "./permissions";
|
||||
// import RefreshPermission from "./refresh_permission";
|
||||
|
||||
// @Table
|
||||
// export default class RegCode extends Model<RegCode> {
|
||||
// @Unique
|
||||
// @Default(DataType.UUIDV4)
|
||||
// @Column(DataType.UUID)
|
||||
// token: string
|
||||
|
||||
// @Column
|
||||
// validTill: Date
|
||||
|
||||
// @Column
|
||||
// valid: boolean
|
||||
|
||||
// @Column
|
||||
// @CreatedAt
|
||||
// creationDate: Date;
|
||||
|
||||
// @Column
|
||||
// @UpdatedAt
|
||||
// updatedOn: Date;
|
||||
|
||||
// @Column
|
||||
// @DeletedAt
|
||||
// deletionDate: Date;
|
||||
// }
|
||||
import DB from "../database";
|
||||
import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
|
||||
import { ObjectId } from "mongodb";
|
||||
import { v4 } from "uuid";
|
||||
|
||||
export interface IRegCode extends ModelDataBase {
|
||||
token: string;
|
||||
valid: boolean;
|
||||
validTill: Date;
|
||||
}
|
||||
|
||||
const RegCode = DB.addModel<IRegCode>({
|
||||
name: "reg_code",
|
||||
versions: [
|
||||
{
|
||||
migration: () => { },
|
||||
schema: {
|
||||
token: { type: String },
|
||||
valid: { type: Boolean },
|
||||
validTill: { type: Date },
|
||||
},
|
||||
},
|
||||
],
|
||||
});
|
||||
|
||||
export default RegCode;
|
||||
|
||||
// import { Model, Table, Column, ForeignKey, BelongsTo, Unique, CreatedAt, UpdatedAt, DeletedAt, HasMany, BelongsToMany, Default, DataType } from "sequelize-typescript"
|
||||
// import User from "./user";
|
||||
// import Permission from "./permissions";
|
||||
// import RefreshPermission from "./refresh_permission";
|
||||
|
||||
// @Table
|
||||
// export default class RegCode extends Model<RegCode> {
|
||||
// @Unique
|
||||
// @Default(DataType.UUIDV4)
|
||||
// @Column(DataType.UUID)
|
||||
// token: string
|
||||
|
||||
// @Column
|
||||
// validTill: Date
|
||||
|
||||
// @Column
|
||||
// valid: boolean
|
||||
|
||||
// @Column
|
||||
// @CreatedAt
|
||||
// creationDate: Date;
|
||||
|
||||
// @Column
|
||||
// @UpdatedAt
|
||||
// updatedOn: Date;
|
||||
|
||||
// @Column
|
||||
// @DeletedAt
|
||||
// deletionDate: Date;
|
||||
// }
|
|
@ -0,0 +1,71 @@
|
|||
import { TFAType } from "@hibas123/openauth-internalapi";
|
||||
import DB from "../database";
|
||||
import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
|
||||
import { ObjectId } from "bson";
|
||||
import { Binary } from "mongodb";
|
||||
|
||||
export { TFAType as TFATypes };
|
||||
|
||||
|
||||
export const TFANames = new Map<TFAType, string>();
|
||||
TFANames.set(TFAType.TOTP, "Authenticator");
|
||||
TFANames.set(TFAType.BACKUP_CODE, "Backup Codes");
|
||||
TFANames.set(TFAType.WEBAUTHN, "Security Key (WebAuthn)");
|
||||
TFANames.set(TFAType.APP_ALLOW, "App Push");
|
||||
|
||||
export interface ITwoFactor extends ModelDataBase {
|
||||
user: ObjectId;
|
||||
valid: boolean;
|
||||
expires?: Date;
|
||||
name?: string;
|
||||
type: TFAType;
|
||||
data: any;
|
||||
}
|
||||
|
||||
export interface ITOTP extends ITwoFactor {
|
||||
data: string;
|
||||
}
|
||||
|
||||
export interface IWebAuthn extends ITwoFactor {
|
||||
data: {
|
||||
challenge?: any;
|
||||
device?: {
|
||||
credentialID: Binary;
|
||||
credentialPublicKey: Binary;
|
||||
counter: number;
|
||||
transports: AuthenticatorTransport[]
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
export interface IU2F extends ITwoFactor {
|
||||
data: {
|
||||
challenge?: string;
|
||||
publicKey: string;
|
||||
keyHandle: string;
|
||||
registration?: string;
|
||||
};
|
||||
}
|
||||
|
||||
export interface IBackupCode extends ITwoFactor {
|
||||
data: string[];
|
||||
}
|
||||
|
||||
const TwoFactor = DB.addModel<ITwoFactor>({
|
||||
name: "twofactor",
|
||||
versions: [
|
||||
{
|
||||
migration: (e) => { },
|
||||
schema: {
|
||||
user: { type: ObjectId },
|
||||
valid: { type: Boolean },
|
||||
expires: { type: Date, optional: true },
|
||||
name: { type: String, optional: true },
|
||||
type: { type: Number },
|
||||
data: { type: "any" },
|
||||
},
|
||||
},
|
||||
],
|
||||
});
|
||||
|
||||
export default TwoFactor;
|
|
@ -0,0 +1,134 @@
|
|||
import DB from "../database";
|
||||
import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
|
||||
import { ObjectId } from "mongodb";
|
||||
import { v4 } from "uuid";
|
||||
import { randomString } from "../helper/random";
|
||||
|
||||
export enum Gender {
|
||||
none,
|
||||
male,
|
||||
female,
|
||||
other,
|
||||
}
|
||||
|
||||
export interface IUser extends ModelDataBase {
|
||||
uid: string;
|
||||
username: string;
|
||||
|
||||
name: string;
|
||||
birthday?: Date;
|
||||
gender: Gender;
|
||||
admin: boolean;
|
||||
password: string;
|
||||
salt: string;
|
||||
mails: ObjectId[];
|
||||
phones: { phone: string; verified: boolean; primary: boolean }[];
|
||||
encryption_key: string;
|
||||
}
|
||||
|
||||
const User = DB.addModel<IUser>({
|
||||
name: "user",
|
||||
versions: [
|
||||
{
|
||||
migration: () => { },
|
||||
schema: {
|
||||
uid: { type: String, default: () => v4() },
|
||||
username: { type: String },
|
||||
name: { type: String },
|
||||
birthday: { type: Date, optional: true },
|
||||
gender: { type: Number },
|
||||
admin: { type: Boolean },
|
||||
password: { type: String },
|
||||
salt: { type: String },
|
||||
mails: { type: Array, default: () => [] },
|
||||
phones: {
|
||||
array: true,
|
||||
model: true,
|
||||
type: {
|
||||
phone: { type: String },
|
||||
verified: { type: Boolean },
|
||||
primary: { type: Boolean },
|
||||
},
|
||||
},
|
||||
twofactor: {
|
||||
array: true,
|
||||
model: true,
|
||||
type: {
|
||||
token: { type: String },
|
||||
valid: { type: Boolean },
|
||||
type: { type: Number },
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
migration: (e: IUser) => {
|
||||
e.encryption_key = randomString(64);
|
||||
},
|
||||
schema: {
|
||||
uid: { type: String, default: () => v4() },
|
||||
username: { type: String },
|
||||
name: { type: String },
|
||||
birthday: { type: Date, optional: true },
|
||||
gender: { type: Number },
|
||||
admin: { type: Boolean },
|
||||
password: { type: String },
|
||||
salt: { type: String },
|
||||
mails: { type: Array, default: () => [] },
|
||||
phones: {
|
||||
array: true,
|
||||
model: true,
|
||||
type: {
|
||||
phone: { type: String },
|
||||
verified: { type: Boolean },
|
||||
primary: { type: Boolean },
|
||||
},
|
||||
},
|
||||
twofactor: {
|
||||
array: true,
|
||||
model: true,
|
||||
type: {
|
||||
token: { type: String },
|
||||
valid: { type: Boolean },
|
||||
type: { type: Number },
|
||||
},
|
||||
},
|
||||
encryption_key: {
|
||||
type: String,
|
||||
default: () => randomString(64),
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
migration: (e: any) => {
|
||||
delete e.twofactor;
|
||||
},
|
||||
schema: {
|
||||
uid: { type: String, default: () => v4() },
|
||||
username: { type: String },
|
||||
name: { type: String },
|
||||
birthday: { type: Date, optional: true },
|
||||
gender: { type: Number },
|
||||
admin: { type: Boolean },
|
||||
password: { type: String },
|
||||
salt: { type: String },
|
||||
mails: { type: Array, default: () => [] },
|
||||
phones: {
|
||||
array: true,
|
||||
model: true,
|
||||
type: {
|
||||
phone: { type: String },
|
||||
verified: { type: Boolean },
|
||||
primary: { type: Boolean },
|
||||
},
|
||||
},
|
||||
encryption_key: {
|
||||
type: String,
|
||||
default: () => randomString(64),
|
||||
},
|
||||
},
|
||||
},
|
||||
],
|
||||
});
|
||||
|
||||
export default User;
|
|
@ -1,33 +1,31 @@
|
|||
import User, { Gender } from "./models/user";
|
||||
import Client from "./models/client";
|
||||
import { Logging } from "@hibas123/nodelogging";
|
||||
import Logging from "@hibas123/nodelogging";
|
||||
import RegCode from "./models/regcodes";
|
||||
import * as moment from "moment";
|
||||
import moment from "moment";
|
||||
import Permission from "./models/permissions";
|
||||
import { ObjectID } from "bson";
|
||||
import { ObjectId } from "mongodb";
|
||||
import DB from "./database";
|
||||
import TwoFactor from "./models/twofactor";
|
||||
|
||||
|
||||
import * as speakeasy from "speakeasy";
|
||||
import LoginToken from "./models/login_token";
|
||||
import Mail from "./models/mail";
|
||||
|
||||
export default async function TestData() {
|
||||
await DB.db.dropDatabase();
|
||||
Logging.warn("Running in dev mode! Database will be cleared!");
|
||||
// await DB.db.dropDatabase();
|
||||
|
||||
let mail = await Mail.findOne({ mail: "test@test.de" });
|
||||
if (!mail) {
|
||||
mail = Mail.new({
|
||||
mail: "test@test.de",
|
||||
primary: true,
|
||||
verified: true
|
||||
})
|
||||
verified: true,
|
||||
});
|
||||
|
||||
await Mail.save(mail);
|
||||
}
|
||||
|
||||
|
||||
let u = await User.findOne({ username: "test" });
|
||||
if (!u) {
|
||||
Logging.log("Adding test user");
|
||||
|
@ -36,21 +34,22 @@ export default async function TestData() {
|
|||
birthday: new Date(),
|
||||
gender: Gender.male,
|
||||
name: "Test Test",
|
||||
password: "125d6d03b32c84d492747f79cf0bf6e179d287f341384eb5d6d3197525ad6be8e6df0116032935698f99a09e265073d1d6c32c274591bf1d0a20ad67cba921bc",
|
||||
password:
|
||||
"125d6d03b32c84d492747f79cf0bf6e179d287f341384eb5d6d3197525ad6be8e6df0116032935698f99a09e265073d1d6c32c274591bf1d0a20ad67cba921bc",
|
||||
salt: "test",
|
||||
admin: true,
|
||||
phones: [
|
||||
{ phone: "+4915962855955", primary: true, verified: true },
|
||||
{ phone: "+4915962855932", primary: false, verified: false }
|
||||
{ phone: "+4915962855932", primary: false, verified: false },
|
||||
],
|
||||
mails: [mail._id]
|
||||
})
|
||||
mails: [mail._id],
|
||||
});
|
||||
await User.save(u);
|
||||
}
|
||||
|
||||
let c = await Client.findOne({ client_id: "test001" });
|
||||
if (!c) {
|
||||
Logging.log("Adding test client")
|
||||
Logging.log("Adding test client");
|
||||
c = Client.new({
|
||||
client_id: "test001",
|
||||
client_secret: "test001",
|
||||
|
@ -58,19 +57,22 @@ export default async function TestData() {
|
|||
maintainer: u._id,
|
||||
name: "Test Client",
|
||||
website: "http://example.com",
|
||||
redirect_url: "http://example.com"
|
||||
})
|
||||
redirect_url: "http://example.com",
|
||||
featured: true,
|
||||
description:
|
||||
"This client is just for testing purposes. It does not have any functionality.",
|
||||
});
|
||||
await Client.save(c);
|
||||
}
|
||||
|
||||
let perm = await Permission.findOne({ id: 0 });
|
||||
let perm = await Permission.findById("507f1f77bcf86cd799439011");
|
||||
if (!perm) {
|
||||
Logging.log("Adding test permission")
|
||||
Logging.log("Adding test permission");
|
||||
perm = Permission.new({
|
||||
_id: new ObjectID("507f1f77bcf86cd799439011"),
|
||||
_id: new ObjectId("507f1f77bcf86cd799439011"),
|
||||
name: "TestPerm",
|
||||
description: "Permission just for testing purposes",
|
||||
client: c._id
|
||||
client: c._id,
|
||||
});
|
||||
|
||||
await (await (Permission as any)._collection).insertOne(perm);
|
||||
|
@ -80,30 +82,53 @@ export default async function TestData() {
|
|||
|
||||
let r = await RegCode.findOne({ token: "test" });
|
||||
if (!r) {
|
||||
Logging.log("Adding test reg_code")
|
||||
Logging.log("Adding test reg_code");
|
||||
r = RegCode.new({
|
||||
token: "test",
|
||||
valid: true,
|
||||
validTill: moment().add("1", "year").toDate()
|
||||
})
|
||||
validTill: moment().add("1", "year").toDate(),
|
||||
});
|
||||
await RegCode.save(r);
|
||||
}
|
||||
|
||||
let t = await TwoFactor.findOne({ user: u._id, type: 0 })
|
||||
let t = await TwoFactor.findOne({ user: u._id, type: 0 });
|
||||
if (!t) {
|
||||
Logging.log("Adding test TOTP")
|
||||
t = TwoFactor.new({
|
||||
user: u._id,
|
||||
name: "Test OTP",
|
||||
type: 0,
|
||||
valid: true,
|
||||
data: "IIRW2P2UJRDDO2LDIRYW4LSREZLWMOKDNBJES2LLHRREK3R6KZJQ",
|
||||
expires: null
|
||||
})
|
||||
TwoFactor.save(t);
|
||||
expires: null,
|
||||
});
|
||||
await TwoFactor.save(t);
|
||||
}
|
||||
|
||||
// let tw = await TwoFactor.findOne({ user: u._id, type: 2 });
|
||||
// if (!tw) {
|
||||
// Logging.log("Adding test WebAuthn")
|
||||
// tw = TwoFactor.new({
|
||||
// user: u._id,
|
||||
// name: "WebAuthn",
|
||||
// type: 2,
|
||||
// valid: true,
|
||||
// data: {
|
||||
// device: {
|
||||
// credentialPublicKey: Buffer.from("pQECAyYgASFYINiHCRopJIn1GoTXq7SpDTJR1nzocqOWhjvpYaKLzzhSIlggvuHhjABe8NxbOIGA11vrd5deUT5R30anpE7W7xzPcsk=", "base64"),
|
||||
// credentialID: Buffer.from("i/BJiffx0bxjQ9Ptyvc9ORELXALxrvD6pad1Xc/2nDI=", "base64"),
|
||||
// counter: 1,
|
||||
// transports: [
|
||||
// "usb"
|
||||
// ]
|
||||
// }
|
||||
// }
|
||||
// });
|
||||
// await TwoFactor.save(tw);
|
||||
// }
|
||||
|
||||
let login_token = await LoginToken.findOne({ token: "test01" });
|
||||
if (login_token)
|
||||
await LoginToken.delete(login_token);
|
||||
if (login_token) await LoginToken.delete(login_token);
|
||||
|
||||
login_token = LoginToken.new({
|
||||
browser: "DEMO",
|
||||
|
@ -113,13 +138,12 @@ export default async function TestData() {
|
|||
valid: true,
|
||||
validTill: moment().add("10", "years").toDate(),
|
||||
user: u._id,
|
||||
validated: true
|
||||
validated: true,
|
||||
});
|
||||
await LoginToken.save(login_token);
|
||||
|
||||
let special_token = await LoginToken.findOne({ token: "test02" });
|
||||
if (special_token)
|
||||
await LoginToken.delete(special_token);
|
||||
if (special_token) await LoginToken.delete(special_token);
|
||||
|
||||
special_token = LoginToken.new({
|
||||
browser: "DEMO",
|
||||
|
@ -129,11 +153,10 @@ export default async function TestData() {
|
|||
valid: true,
|
||||
validTill: moment().add("10", "years").toDate(),
|
||||
user: u._id,
|
||||
validated: true
|
||||
validated: true,
|
||||
});
|
||||
await LoginToken.save(special_token);
|
||||
|
||||
|
||||
// setInterval(() => {
|
||||
// let code = speakeasy.totp({
|
||||
// secret: t.data,
|
||||
|
@ -141,4 +164,7 @@ export default async function TestData() {
|
|||
// })
|
||||
// Logging.debug("OTC Code is:", code);
|
||||
// }, 1000)
|
||||
}
|
||||
|
||||
Logging.log("Finished adding test data");
|
||||
}
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
import { __ as i__ } from "i18n";
|
||||
import config from "../config";
|
||||
import * as viewsv1 from "@hibas123/openauth-views-v1";
|
||||
|
||||
export default function GetAdminPage(__: typeof i__): string {
|
||||
let data = {};
|
||||
return viewsv1.admin(config.core.dev)(data, { helpers: { i18n: __ } });
|
||||
}
|
|
@ -0,0 +1,22 @@
|
|||
import { __ as i__ } from "i18n";
|
||||
import config from "../config";
|
||||
import * as viewsv1 from "@hibas123/openauth-views-v1";
|
||||
|
||||
export default function GetAuthPage(
|
||||
__: typeof i__,
|
||||
appname: string,
|
||||
scopes: { name: string; description: string; logo: string }[]
|
||||
): string {
|
||||
|
||||
return viewsv1.authorize(config.core.dev)(
|
||||
{
|
||||
title: __("Authorize %s", appname),
|
||||
information: __(
|
||||
"By clicking on ALLOW, you allow this app to access the requested recources."
|
||||
),
|
||||
scopes: scopes,
|
||||
// request: request
|
||||
},
|
||||
{ helpers: { i18n: __ } }
|
||||
);
|
||||
}
|
|
@ -0,0 +1,121 @@
|
|||
import {
|
||||
IRouter,
|
||||
Request,
|
||||
RequestHandler,
|
||||
Router,
|
||||
static as ServeStatic,
|
||||
} from "express";
|
||||
import * as Handlebars from "handlebars";
|
||||
import moment = require("moment");
|
||||
import { GetUserMiddleware, UserMiddleware } from "../api/middlewares/user";
|
||||
import GetAuthRoute from "../api/oauth/auth";
|
||||
import config from "../config";
|
||||
import { HttpStatusCode } from "../helper/request_error";
|
||||
import GetAdminPage from "./admin";
|
||||
import GetRegistrationPage from "./register";
|
||||
import * as path from "path";
|
||||
|
||||
const viewsv2_location = path.join(path.dirname(require.resolve("@hibas123/openauth-views-v2")), "build");
|
||||
|
||||
|
||||
Handlebars.registerHelper("appname", () => config.core.name);
|
||||
|
||||
const cacheTime = !config.core.dev
|
||||
? moment.duration(1, "month").asSeconds()
|
||||
: 1000;
|
||||
|
||||
const addCache: RequestHandler = (req, res, next) => {
|
||||
res.setHeader("cache-control", "public, max-age=" + cacheTime);
|
||||
next();
|
||||
};
|
||||
|
||||
|
||||
const ViewRouter: IRouter = Router();
|
||||
ViewRouter.get("/", UserMiddleware, (req, res) => {
|
||||
res.send("This is the main page");
|
||||
});
|
||||
|
||||
ViewRouter.get("/register", (req, res) => {
|
||||
res.setHeader("Cache-Control", "public, max-age=" + cacheTime);
|
||||
res.send(GetRegistrationPage(req.__));
|
||||
});
|
||||
|
||||
ViewRouter.use(
|
||||
"/login",
|
||||
addCache,
|
||||
ServeStatic(path.join(viewsv2_location, "login"), { cacheControl: false })
|
||||
);
|
||||
|
||||
ViewRouter.use(
|
||||
"/user",
|
||||
addCache,
|
||||
ServeStatic(path.join(viewsv2_location, "user"), { cacheControl: false, })
|
||||
);
|
||||
|
||||
ViewRouter.use(
|
||||
"/static",
|
||||
addCache,
|
||||
ServeStatic(path.join(viewsv2_location, "../static"), { cacheControl: false, })
|
||||
);
|
||||
|
||||
ViewRouter.get("/code", (req, res) => {
|
||||
res.setHeader("Cache-Control", "no-cache");
|
||||
if (req.query.error) res.send("Some error occured: " + req.query.error);
|
||||
else res.send(`Your code is: ${req.query.code}`);
|
||||
});
|
||||
|
||||
ViewRouter.get(
|
||||
"/admin",
|
||||
GetUserMiddleware(false, true),
|
||||
(req: Request, res, next) => {
|
||||
if (!req.isAdmin) res.sendStatus(HttpStatusCode.FORBIDDEN);
|
||||
else next();
|
||||
},
|
||||
(req, res) => {
|
||||
res.send(GetAdminPage(req.__));
|
||||
}
|
||||
);
|
||||
|
||||
ViewRouter.get("/auth", GetAuthRoute(true));
|
||||
|
||||
ViewRouter.use(
|
||||
"/popup",
|
||||
GetUserMiddleware(false, false),
|
||||
addCache,
|
||||
ServeStatic(path.join(viewsv2_location, "popup"), { cacheControl: false })
|
||||
);
|
||||
|
||||
// ViewRouter.get("/popup", UserMiddleware, (req, res) => {
|
||||
// res.send(GetPopupPage(req.__));
|
||||
// });
|
||||
|
||||
// if (config.core.dev) {
|
||||
// const logo =
|
||||
// "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADIAAAAyCAYAAAAeP4ixAAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAAAlwSFlzAAASdAAAEnQB3mYfeAAAAAZiS0dEAP8A/wD/oL2nkwAAAFR0RVh0Y29tbWVudABGaWxlIHNvdXJjZTogaHR0cHM6Ly9jb21tb25zLndpa2ltZWRpYS5vcmcvd2lraS9GaWxlOkdvb2dsZS1mYXZpY29uLTIwMTUucG5nLE0iZQAAACV0RVh0ZGF0ZTpjcmVhdGUAMjAxNS0wOS0wMlQxNzo1ODowOCswMDowMNkAVU4AAAAldEVYdGRhdGU6bW9kaWZ5ADIwMTUtMDktMDJUMTc6NTg6MDgrMDA6MDCoXe3yAAAAR3RFWHRzb2Z0d2FyZQBJbWFnZU1hZ2ljayA2LjcuNy0xMCAyMDE0LTAzLTA2IFExNiBodHRwOi8vd3d3LmltYWdlbWFnaWNrLm9yZ2+foqIAAAAYdEVYdFRodW1iOjpEb2N1bWVudDo6UGFnZXMAMaf/uy8AAAAYdEVYdFRodW1iOjpJbWFnZTo6aGVpZ2h0ADQwMUEAWp0AAAAXdEVYdFRodW1iOjpJbWFnZTo6V2lkdGgAMzk0OUtQUwAAABl0RVh0VGh1bWI6Ok1pbWV0eXBlAGltYWdlL3BuZz+yVk4AAAAXdEVYdFRodW1iOjpNVGltZQAxNDQxMjE2Njg4mYj7RAAAABN0RVh0VGh1bWI6OlNpemUAMTcuN0tCQhK/wrgAAAAzdEVYdFRodW1iOjpVUkkAZmlsZTovLy90bXAvbG9jYWxjb3B5XzFmZGViZjk0YmZkZC0xLnBuZ8EhOmkAAAkUSURBVGhDzZkLcBXVGcf/u/f9yM07gDq06Rh5BZTAtKMVwQGqaFEZmNLWgoBO1RRFausjbR1qKR0rHUDFtwVtqWPHgc4UmBq1NASUiFQGwiskMqZMSW6Tm+Q+knvvvvp9u0uamNxXctO5P9i5u+ec3T3/c77zfd/ZCBqBMUANhaB2+Ok3CMgSYLVC9ORBLC2F6CswW2WPrAmJHa5D9EAtpGMNkC+2AvE4IIrGcRlV1Q/BRqLGXwn7zNlwzF0A54JbqVIw2oyQUQmRms4g8voLiB14H5qiQHS5AJsNsFghCIk7pr+S2kOSoMWi+r2OG+fBc99a2K+tMltlxoiESKdPIvirGvo9ATHPB9gdEAaOfIboXYjHoAaDsF59DXy/+A3s180ya9MjIyGaLKP70QdoBmohFhSRidDoJxn5jKGuaLSe1K4uMrn5KNj6GgSLxaxMTtpCYh/VoXv9/fRgK0AmlMx0Rg0LivbpA1e4fQfss683KxKTlj2EXtiMrgdWQHB76HCPrQiGni+46D30vsDq7yD00hazIjEphfTUPILIGy+S2xyX9jRnDV53Ah0SecAUJDWtnifXIVq7j9ZD4cjWApuIecroT0jzOdwt9T9+eH/8M3hX/dAsTUxCIcFtz6D3zVdgKSzOSITGsYJiiEZeCGTjPKoamwq/hutoVgXycrDbE86wIaIdeY9vgOfuNWZpcoYVEj10AN3V9xjmlO4IUqe1cAiC0wX79XNg/+Zc2KZUQiwuheBwQCPz0Do7IDWfI8dxEPFD/4AW7IFA7lugqH8ZXYSfRPx8IzzLV5qlqRkihIOT/+uTIOQXpBUb+HbukFhUDO9Dj8H17SVmTWqif38Pod9thNrepr+PUf1t8G34LdxLv6dfp8sQIYEHV0I+8U/da6SCRauBThLwE3gpKo+UMGUH4eeeJRUKfL/eCvedy8ya9BkkJHa0EV2rbqc8qCylSWlmelH89l9hLb/aLB05sSOHoHxxAe7lK8ySzBgkJL7/K+jZ5oMa9kJ0Ui6UQIu+HkhE6YdHIZKvzwX6F4EapE6JrSj6ZSMc0wNQQjb2nkNgr6R2B1C6rz5nRDD9QrTmGmh0pUWs8N3bBN/3m2kRkxiFpsUUxJOnBjpQsJkCJC3uXKLftKT95Ovt5Nc5klLPBZcCpdNJplYJNSqSC+X4EIO1YhKKfv9nviWn0GdE7dhrrAddBCNA66PNjy+Ooqc/hb0iSDHCSibVjfxNW802uYXec82/e4CRDUCmqBy1wFd9Bu7bz8M27RuwjL/CrMwtdNOS6ydSh/9FE0L7i2Eh6xNliJN3QJywyixLn4ZmGR80ynDY0ssS0oUzHq8TqF5IGzsWIr1H64Pznn7T+hK0jLSYDNuiPhJEd2bIm/VxbN4bo5dmWQiNb1zW8NmmPDIojeIF/TcWyfBo1EBwUj40AhGM1SLA5RDgzvLhoYPF6AajSQHjbckiOTs29yTzInfgLnPXuno1mhE5bBYngVXby4zzHIPFRKIsJM00nUK6eZJb0OqGQtMiwuI1RjwZrFVqN85zDN6DWmgyRMHGO0AuSaKGvJkWOWde5Bb68iVvaJiWvuNMLISbIU71csgsyQx+GX9YlBUtoyPZ2DJ6PXW/wGXGc8H7NSrUffDwUGMbie299I5ZkBkOirMFlCjnu4W0j5I8SpOop8nEsFk5rTTMov5NgCScuR9q66u0dx4a2S1QybIUPNNdiX3iPBy883mzZuyZWRNCoSexP5Jo1kq8Anav95gzUkZbyy9NCA+EFTJNhoalnbfg1eh0XAg0oqWn1Wgwxnx4ilIiHukEIhiZ+nztRONLjC5ELF5onPW7WA02QcJ5uRCV/mU4K+ejUKBM2OHDw3UbzTZjy866ONx28yIBMQm44RrjC4wuhBEn3EE6FCpQYaUE8Y3IVNzceRsJUuEWKEXhdSJacTrQgj81Udo/hjRdUnH8C0Vfl4ng9cN51vxKo1H/xkqLnIZQNw2gdGpl13zUx8ahWIwNmVpu3t7bgYPLdqHcd5VZml0WboogTvbPOVoiWMRXS0T8odr42tM/I4JnKlq812Fm22J8Gi9BsWWoCIa/rpS6irDgL6vRFukwS7PH2p19CMWSi2DCUeCem/7nnPqFMN3T96MtGiRTkvQYmQiLSJstmxc3vPtdfNJ+wiwdPeveiuJIs6JntclQKOXl9bOgMoGQWYUTsKR8Hnpl2nekwEpiCmnxL9v/MJ468pxZOjJawmdx6/ZjaDjnRL4ruQgmSN1bv2iwJ+hfIwOZ/MdFcFuc+singm8PS72wW2z40Yy7sXrKEjpP4W5MzgY+x5bjO/G31noUuDV4Ox6Eq2M5NAv1lJzMcHDEd1AQrH1y8KeoYYUc85/CXXurMc5doq+JdFBo3xmRe3VhVWXTMOeKWZhRMgnjXCVwWR2IqRK6oj16HOLnf9T2Gf4d9sNjc8PJwuk1mqUHtvBseC6yi6duiYP/LsLP9gc17HnEjYoJgwd5WCHMK43vYNPRl/WFnclfqFR6nESdjisS/crUHY36yGHVeI1VsOizZxNtlLVy1B74bGol9kFQ3PC0PgtrrJyuI7pIJhDWcO9cG9be4jAKBpBQCLOh4XnsPLMHJc7CjMQMZODj030GpYw0O2G429bBEVhM570IRVVUlYt4ec3wH9eTCmGe/mQ7Xj/1LsoynJnRolFgZlOzB2+C8vkTqBivYdfaxN8MUgphdpzejacattHMFOne6v8Fd61TuoQ5xXfgrdueMEuHJy0hzMmOJvzg/Z8iJsfhpQU61rPD66sz2oWHZqzAY7PuM0sTk7aQyzx+eDPeplwr354HB3mbbAtSKN/riYd1U35t/kZUFleYNcnJWAhzMdyGmo+34MDFBuTZPOQ+HRRzBsXWjOAu8AyE4hHk2d14tGoNVk6+y6xNjxEJuYy/txPbT+7CnpYPaBRDFERdlLFaaR1ZKWXgvcTQ2eLX8T+Ftgzc+ZgSpw2SpMeeNVOXYnH5zWbLzBiVkIGc6jyP2tbD+LjtOM51XdDNQ6POshgjjrAI45pn8CrveFSVTsGcK2fjWxNv1M10NGRNyHAEKJKzuXCA5FliJ5HvyNP3NdkF+C8dn/ikO2g+hwAAAABJRU5ErkJggg==";
|
||||
// ViewRouter.get("/devauth", (req, res) => {
|
||||
// res.send(
|
||||
// GetAuthPage(req.__, "Test 05265", [
|
||||
// {
|
||||
// name: "Access Profile",
|
||||
// description:
|
||||
// "It allows the application to know who you are. Required for all applications. And a lot of more Text, because why not? This will not stop, till it is multiple lines long and maybe kill the layout, so keep reading as long as you like, but I promise it will get boring after some time. So this should be enougth.",
|
||||
// logo: logo,
|
||||
// },
|
||||
// {
|
||||
// name: "Test 1",
|
||||
// description:
|
||||
// "This is not an real permission. This is used just to verify the layout",
|
||||
// logo: logo,
|
||||
// },
|
||||
// {
|
||||
// name: "Test 2",
|
||||
// description:
|
||||
// "This is not an real permission. This is used just to verify the layout",
|
||||
// logo: logo,
|
||||
// },
|
||||
// ])
|
||||
// );
|
||||
// });
|
||||
// }
|
||||
|
||||
export default ViewRouter;
|
|
@ -0,0 +1,9 @@
|
|||
import { __ as i__ } from "i18n";
|
||||
import config from "../config";
|
||||
import * as viewsv1 from "@hibas123/openauth-views-v1";
|
||||
|
||||
export default function GetRegistrationPage(__: typeof i__): string {
|
||||
let data = {};
|
||||
return viewsv1.register(config.core.dev)(data, { helpers: { i18n: __ } });
|
||||
}
|
||||
|
|
@ -0,0 +1,176 @@
|
|||
import config, { WebConfig } from "./config";
|
||||
import express from "express";
|
||||
import { Express } from "express";
|
||||
|
||||
import Logging from "@hibas123/nodelogging";
|
||||
import { Format } from "@hibas123/logging";
|
||||
|
||||
import bodyparser from "body-parser";
|
||||
import cookieparser from "cookie-parser";
|
||||
import session from "express-session";
|
||||
import MongoStore from "connect-mongo";
|
||||
|
||||
import i18n from "i18n";
|
||||
import compression from "compression";
|
||||
import ApiRouter from "./api";
|
||||
import ViewRouter from "./views";
|
||||
import RequestError, { HttpStatusCode } from "./helper/request_error";
|
||||
import DB from "./database";
|
||||
import promiseMiddleware from "./helper/promiseMiddleware";
|
||||
import User from "./models/user";
|
||||
import LoginToken, { CheckToken } from "./models/login_token";
|
||||
|
||||
export default class Web {
|
||||
server: Express;
|
||||
private port: number;
|
||||
|
||||
constructor(config: WebConfig) {
|
||||
this.server = express();
|
||||
this.server.set("trust proxy", 1);
|
||||
this.port = Number(config.port);
|
||||
this.registerMiddleware();
|
||||
this.registerUserSession();
|
||||
this.registerEndpoints();
|
||||
this.registerErrorHandler();
|
||||
}
|
||||
|
||||
listen() {
|
||||
this.server.listen(this.port, () => {
|
||||
Logging.log(`Server listening on port ${this.port}`);
|
||||
});
|
||||
}
|
||||
|
||||
private registerMiddleware() {
|
||||
this.server.use(session({
|
||||
secret: config.core.secret,
|
||||
resave: false,
|
||||
saveUninitialized: false,
|
||||
store: MongoStore.create({
|
||||
client: DB.getClient() as any,
|
||||
dbName: DB.db.databaseName,
|
||||
collectionName: "sessions",
|
||||
autoRemove: "native",
|
||||
touchAfter: 60 * 60 * 24,
|
||||
}),
|
||||
cookie: {
|
||||
maxAge: 1000 * 60 * 60 * 24 * 30 * 6,
|
||||
secure: !config.core.dev,
|
||||
sameSite: "strict",
|
||||
}
|
||||
}))
|
||||
this.server.use(cookieparser());
|
||||
this.server.use(
|
||||
bodyparser.json(),
|
||||
bodyparser.urlencoded({ extended: true })
|
||||
);
|
||||
this.server.use(i18n.init);
|
||||
|
||||
//Logging Middleware
|
||||
this.server.use((req, res, next) => {
|
||||
let start = process.hrtime();
|
||||
let finished = false;
|
||||
let to = false;
|
||||
let listener = () => {
|
||||
if (finished) return;
|
||||
finished = true;
|
||||
let td = process.hrtime(start);
|
||||
let time = !to ? (td[0] * 1e3 + td[1] / 1e6).toFixed(2) : "--.--";
|
||||
let resFormat: (arg: any) => any = (arg) => arg;
|
||||
if (res.statusCode >= 200 && res.statusCode < 300)
|
||||
resFormat = Format.green;
|
||||
//Green
|
||||
else if (res.statusCode === 304 || res.statusCode === 302)
|
||||
resFormat = Format.yellow; //"\x1b[33m";
|
||||
else if (res.statusCode >= 400 && res.statusCode < 500)
|
||||
resFormat = Format.red; // "\x1b[36m";
|
||||
//Cyan
|
||||
else if (res.statusCode >= 500 && res.statusCode < 600)
|
||||
resFormat = Format.cyan //"\x1b[31m"; //Red
|
||||
|
||||
let m = req.method;
|
||||
while (m.length < 4) m += " ";
|
||||
Logging.getChild("HTTP").log(
|
||||
`${m} ${req.originalUrl} ${(req as any).language || ""
|
||||
}`, resFormat(res.statusCode), `- ${time}ms`
|
||||
);
|
||||
res.removeListener("finish", listener);
|
||||
};
|
||||
res.on("finish", listener);
|
||||
setTimeout(() => {
|
||||
to = true;
|
||||
listener();
|
||||
}, 2000);
|
||||
next();
|
||||
});
|
||||
|
||||
this.server.use(
|
||||
compression({
|
||||
filter: (req, res) => {
|
||||
if (req.headers["x-no-compression"]) {
|
||||
return false;
|
||||
}
|
||||
return compression.filter(req, res);
|
||||
},
|
||||
})
|
||||
);
|
||||
}
|
||||
|
||||
private registerEndpoints() {
|
||||
this.server.use("/api", ApiRouter);
|
||||
this.server.use("/", ViewRouter);
|
||||
}
|
||||
|
||||
private registerErrorHandler() {
|
||||
this.server.use((error, req: express.Request, res, next) => {
|
||||
if (!(error instanceof RequestError)) {
|
||||
error = new RequestError(
|
||||
error.message,
|
||||
error.status || HttpStatusCode.INTERNAL_SERVER_ERROR,
|
||||
error.nolog || false
|
||||
);
|
||||
}
|
||||
|
||||
if (error.status === 500 && !(<any>error).nolog) {
|
||||
Logging.error(error);
|
||||
} else {
|
||||
Logging.log("Responded with Error", error.status, error.message);
|
||||
}
|
||||
|
||||
if (req.accepts(["json"])) {
|
||||
res.json_status = error.status || 500;
|
||||
res.json({
|
||||
error: error.message,
|
||||
status: error.status || 500,
|
||||
additional: error.additional,
|
||||
});
|
||||
} else res.status(error.status || 500).send(error.message);
|
||||
});
|
||||
}
|
||||
|
||||
private registerUserSession() {
|
||||
this.server.use(promiseMiddleware(async (req, res, next) => {
|
||||
// if (!req.session.user_id) {
|
||||
// if (req.cookies && req.cookies.login) {
|
||||
// let token = await LoginToken.findOne({ token: req.cookies.login, valid: true });
|
||||
// if (await CheckToken(token, true)) {
|
||||
// req.session.user_id = token.user.toString();
|
||||
// }
|
||||
// }
|
||||
|
||||
// if (req.cookies && req.cookies.special) {
|
||||
// let token = await LoginToken.findOne({ token: req.cookies.special, valid: true });
|
||||
// if (await CheckToken(token, true)) {
|
||||
// req.session.user_id = token.user.toString();
|
||||
// }
|
||||
// }
|
||||
// }
|
||||
|
||||
if (req.session.user_id) {
|
||||
req.user = await User.findById(req.session.user_id);
|
||||
req.isAdmin = req.user.admin;
|
||||
}
|
||||
|
||||
return next();
|
||||
}));
|
||||
}
|
||||
}
|
|
@ -0,0 +1,17 @@
|
|||
{
|
||||
"compilerOptions": {
|
||||
"target": "ESNext",
|
||||
"module": "commonjs",
|
||||
"declaration": true,
|
||||
"sourceMap": true,
|
||||
"outDir": "./lib",
|
||||
"strict": false,
|
||||
"preserveWatchOutput": true,
|
||||
"experimentalDecorators": true,
|
||||
"emitDecoratorMetadata": true,
|
||||
"esModuleInterop": true
|
||||
},
|
||||
"exclude": ["node_modules/"],
|
||||
"files": ["src/express.d.ts"],
|
||||
"include": ["./src"]
|
||||
}
|
38
Dockerfile
38
Dockerfile
|
@ -1,33 +1,31 @@
|
|||
FROM node:12
|
||||
|
||||
FROM node:18-alpine
|
||||
LABEL maintainer="Fabian Stamm <dev@fabianstamm.de>"
|
||||
|
||||
# RUN apt-get update
|
||||
|
||||
# # for https
|
||||
# RUN apt-get install -yyq ca-certificates
|
||||
# # install libraries
|
||||
# RUN apt-get install -yyq libappindicator1 libasound2 libatk1.0-0 libc6 libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 libnss3 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6
|
||||
# # tools
|
||||
# RUN apt-get install -yyq gconf-service lsb-release wget xdg-utils
|
||||
# # and fonts
|
||||
# RUN apt-get install -yyq fonts-liberation
|
||||
|
||||
RUN mkdir -p /usr/src/app
|
||||
WORKDIR /usr/src/app
|
||||
|
||||
COPY ["package.json", "package-lock.json", "tsconfig.json", "/usr/src/app/"]
|
||||
# COPY ["package.json", "yarn.lock", ".yarnrc.yml", "/usr/src/app/"]
|
||||
# COPY .yarn /usr/src/app/.yarn
|
||||
# COPY Backend /usr/src/app/Backend
|
||||
# COPY Frontend /usr/src/app/Frontend
|
||||
# COPY FrontendLegacy /usr/src/app/FrontendLegacy
|
||||
|
||||
ENV NODE_ENV=production
|
||||
COPY . /usr/src/app
|
||||
|
||||
RUN npm install
|
||||
# RUN rm -rf /usr/src/app/Backend/node_modules &&\
|
||||
# rm -rf /usr/src/app/Frontend/node_modules &&\
|
||||
# rm -rf /usr/src/app/FrontendLegacy/node_modules &&\
|
||||
# rm -rf /usr/src/app/Backend/logs &&\
|
||||
# rm -rf /usr/src/app/Backend/keys
|
||||
|
||||
COPY lib/ /usr/src/app/lib
|
||||
COPY views/out /usr/src/app/views/out/
|
||||
COPY views_repo/build /usr/src/app/views_repo/build
|
||||
RUN yarn install
|
||||
RUN yarn build
|
||||
|
||||
RUN ln -s /usr/src/app/logs /usr/src/app/Backend/logs && ln -s /usr/src/app/keys /usr/src/app/Backend/keys
|
||||
|
||||
VOLUME [ "/usr/src/app/logs", "/usr/src/app/keys"]
|
||||
|
||||
EXPOSE 3004/tcp
|
||||
|
||||
CMD ["npm", "run", "start"]
|
||||
WORKDIR /usr/src/app/Backend
|
||||
CMD ["npm", "run", "start"]
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
VERSION 0.7
|
||||
FROM node:20-alpine3.18
|
||||
WORKDIR /build
|
||||
|
||||
project:
|
||||
COPY . .
|
||||
RUN yarn install
|
||||
|
||||
build:
|
||||
FROM +project
|
||||
|
||||
RUN yarn build
|
||||
|
||||
SAVE ARTIFACT /build/_API /API
|
||||
SAVE ARTIFACT /build/Backend/lib /Backend
|
||||
SAVE ARTIFACT /build/Frontend/build /Frontend
|
||||
SAVE ARTIFACT /build/FrontendLegacy/out /FrontendLegacy
|
||||
|
||||
docker-multi:
|
||||
BUILD +build
|
||||
BUILD --platform linux/amd64 --platform linux/arm64 +docker
|
||||
|
||||
docker:
|
||||
FROM +project
|
||||
|
||||
# RUN apk add --no-cache caddy supervisor
|
||||
|
||||
# COPY ./supervisord.conf /etc/supervisord.conf
|
||||
|
||||
COPY +build/API /build/_API
|
||||
COPY +build/Backend /build/Backend/lib
|
||||
COPY +build/Frontend /build/Frontend/build
|
||||
COPY +build/FrontendLegacy /build/FrontendLegacy/out
|
||||
|
||||
WORKDIR /build/Backend
|
||||
|
||||
ENTRYPOINT ["node", "lib/index.js"]
|
||||
|
||||
ARG EARTHLY_TARGET_TAG
|
||||
ARG TAG=$EARTHLY_TARGET_TAG
|
||||
SAVE IMAGE --push git.hibas.dev/openserver/openauth:$TAG
|
|
@ -0,0 +1,11 @@
|
|||
root = true
|
||||
|
||||
[*]
|
||||
indent_style = space
|
||||
indent_size = 3
|
||||
charset = utf-8
|
||||
trim_trailing_whitespace = false
|
||||
insert_final_newline = true
|
||||
|
||||
[*.svelte]
|
||||
indent_size = 2
|
|
@ -0,0 +1,8 @@
|
|||
.DS_Store
|
||||
node_modules
|
||||
public/bundle.*
|
||||
yarn.lock
|
||||
.rpt2_cache
|
||||
build/
|
||||
build.js
|
||||
*.old
|
|
@ -0,0 +1,68 @@
|
|||
_Psst <14>looking for a shareable component template? Go here --> [sveltejs/component-template](https://github.com/sveltejs/component-template)_
|
||||
|
||||
---
|
||||
|
||||
# svelte app
|
||||
|
||||
This is a project template for [Svelte](https://svelte.technology) apps. It lives at https://github.com/sveltejs/template.
|
||||
|
||||
To create a new project based on this template using [degit](https://github.com/Rich-Harris/degit):
|
||||
|
||||
```bash
|
||||
npm install -g degit # you only need to do this once
|
||||
|
||||
degit sveltejs/template svelte-app
|
||||
cd svelte-app
|
||||
```
|
||||
|
||||
_Note that you will need to have [Node.js](https://nodejs.org) installed._
|
||||
|
||||
## Get started
|
||||
|
||||
Install the dependencies...
|
||||
|
||||
```bash
|
||||
cd svelte-app
|
||||
npm install
|
||||
```
|
||||
|
||||
...then start [Rollup](https://rollupjs.org):
|
||||
|
||||
```bash
|
||||
npm run dev
|
||||
```
|
||||
|
||||
Navigate to [localhost:5000](http://localhost:5000). You should see your app running. Edit a component file in `src`, save it, and reload the page to see your changes.
|
||||
|
||||
## Deploying to the web
|
||||
|
||||
### With [now](https://zeit.co/now)
|
||||
|
||||
Install `now` if you haven't already:
|
||||
|
||||
```bash
|
||||
npm install -g now
|
||||
```
|
||||
|
||||
Then, from within your project folder:
|
||||
|
||||
```bash
|
||||
now
|
||||
```
|
||||
|
||||
As an alternative, use the [Now desktop client](https://zeit.co/download) and simply drag the unzipped project folder to the taskbar icon.
|
||||
|
||||
### With [surge](https://surge.sh/)
|
||||
|
||||
Install `surge` if you haven't already:
|
||||
|
||||
```bash
|
||||
npm install -g surge
|
||||
```
|
||||
|
||||
Then, from within your project folder:
|
||||
|
||||
```bash
|
||||
npm run build
|
||||
surge public
|
||||
```
|
|
@ -0,0 +1,46 @@
|
|||
{
|
||||
"name": "@hibas123/openauth-views-v2",
|
||||
"main": "index.js",
|
||||
"devDependencies": {
|
||||
"@hibas123/openauth-internalapi": "workspace:^",
|
||||
"@hibas123/theme": "^2.0.7",
|
||||
"@hibas123/utils": "^2.2.18",
|
||||
"@popperjs/core": "^2.11.8",
|
||||
"@rollup/plugin-commonjs": "^24.0.1",
|
||||
"@rollup/plugin-html": "^1.0.3",
|
||||
"@rollup/plugin-image": "^3.0.3",
|
||||
"@rollup/plugin-node-resolve": "^15.0.2",
|
||||
"@simplewebauthn/browser": "^7.2.0",
|
||||
"@tsconfig/svelte": "^4.0.1",
|
||||
"@types/cleave.js": "^1.4.7",
|
||||
"autoprefixer": "^10.4.14",
|
||||
"classnames": "^2.3.2",
|
||||
"cleave.js": "^1.6.0",
|
||||
"cssnano": "^6.0.1",
|
||||
"esbuild": "^0.17.16",
|
||||
"flowbite": "^1.6.5",
|
||||
"flowbite-svelte": "^0.34.9",
|
||||
"joi": "^17.11.0",
|
||||
"postcss": "^8.4.31",
|
||||
"postcss-import": "^15.1.0",
|
||||
"postcss-url": "^10.1.3",
|
||||
"rollup": "^3.20.2",
|
||||
"rollup-plugin-esbuild": "^5.0.0",
|
||||
"rollup-plugin-hash": "^1.3.0",
|
||||
"rollup-plugin-livereload": "^2.0.5",
|
||||
"rollup-plugin-postcss": "^4.0.2",
|
||||
"rollup-plugin-sizes": "^1.0.6",
|
||||
"rollup-plugin-svelte": "^7.1.4",
|
||||
"rollup-plugin-visualizer": "^5.9.0",
|
||||
"svelte": "^3.58.0",
|
||||
"svelte-preprocess": "^5.0.3",
|
||||
"tailwindcss": "^3.3.1",
|
||||
"typescript": "^5.0.4",
|
||||
"what-the-pack": "^2.0.3"
|
||||
},
|
||||
"scripts": {
|
||||
"prepublishOnly": "npm run build",
|
||||
"build": "rollup -c rollup.config.mjs ",
|
||||
"dev": "rollup -c rollup.config.mjs -w"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,7 @@
|
|||
module.exports = {
|
||||
plugins: {
|
||||
tailwindcss: {},
|
||||
autoprefixer: {},
|
||||
// cssnano: {},
|
||||
},
|
||||
};
|
|
@ -0,0 +1,121 @@
|
|||
import svelte from "rollup-plugin-svelte";
|
||||
import esbuild from "rollup-plugin-esbuild";
|
||||
import html from "@rollup/plugin-html";
|
||||
import resolve from "@rollup/plugin-node-resolve";
|
||||
import image from "@rollup/plugin-image";
|
||||
import sizes from "rollup-plugin-sizes";
|
||||
import { visualizer } from "rollup-plugin-visualizer";
|
||||
import postcss from "rollup-plugin-postcss";
|
||||
import livereload from "rollup-plugin-livereload";
|
||||
import sveltePreprocess from "svelte-preprocess";
|
||||
import commonjs from "@rollup/plugin-commonjs";
|
||||
import hash from "rollup-plugin-hash";
|
||||
|
||||
const VIEWS = ["home", "login", "popup", "user"];
|
||||
|
||||
const dev = process.env.NODE_ENV !== "production";
|
||||
|
||||
const htmlTemplate = ({ attributes, meta, files, publicPath, title }) => {
|
||||
const makeHtmlAttributes = (attributes) => {
|
||||
if (!attributes) {
|
||||
return "";
|
||||
}
|
||||
|
||||
const keys = Object.keys(attributes);
|
||||
// eslint-disable-next-line no-param-reassign
|
||||
return keys.reduce(
|
||||
(result, key) => (result += ` ${key}="${attributes[key]}"`),
|
||||
""
|
||||
);
|
||||
};
|
||||
|
||||
let bundle_name = "";
|
||||
const scripts = (files.js || [])
|
||||
.map(({ fileName }) => {
|
||||
const attrs = makeHtmlAttributes(attributes.script);
|
||||
if (fileName.startsWith("bundle.")) {
|
||||
bundle_name = fileName;
|
||||
}
|
||||
return `<script src="${publicPath}${fileName}"${attrs}></script>`;
|
||||
})
|
||||
.join("\n");
|
||||
|
||||
const links = (files.css || [])
|
||||
.map(({ fileName }) => {
|
||||
const attrs = makeHtmlAttributes(attributes.link);
|
||||
return `<link href="${publicPath}${fileName}" rel="stylesheet"${attrs}>`;
|
||||
})
|
||||
.join("\n");
|
||||
|
||||
const metas = meta
|
||||
.map((input) => {
|
||||
const attrs = makeHtmlAttributes(input);
|
||||
return `<meta${attrs}>`;
|
||||
})
|
||||
.join("\n");
|
||||
|
||||
return `
|
||||
<!doctype html>
|
||||
<html${makeHtmlAttributes(attributes.html)}>
|
||||
<head>
|
||||
${metas}
|
||||
<title>${title}</title>
|
||||
<link rel="stylesheet" href="${bundle_name.slice(0, -2)}css"/>
|
||||
${links}
|
||||
</head>
|
||||
<body>
|
||||
${scripts}
|
||||
</body>
|
||||
</html>`;
|
||||
};
|
||||
|
||||
export default VIEWS.map((view) => ({
|
||||
input: `src/pages/${view}/main.ts`,
|
||||
output: {
|
||||
dir: `build/${view}`,
|
||||
entryFileNames: `bundle.[hash].min.js`,
|
||||
format: "es",
|
||||
sourcemap: true,
|
||||
name: view,
|
||||
},
|
||||
plugins: [
|
||||
svelte({
|
||||
emitCss: true,
|
||||
preprocess: sveltePreprocess({}),
|
||||
}),
|
||||
commonjs(),
|
||||
esbuild({ sourceMap: dev, minify: true }),
|
||||
html({
|
||||
title: view,
|
||||
attributes: {
|
||||
html: { lang: "en" },
|
||||
},
|
||||
meta: [
|
||||
{
|
||||
name: "viewport",
|
||||
content: "width=device-width",
|
||||
},
|
||||
],
|
||||
template: htmlTemplate,
|
||||
}),
|
||||
resolve({
|
||||
browser: true,
|
||||
exportConditions: ["svelte"],
|
||||
extensions: [".svelte"],
|
||||
}),
|
||||
image(),
|
||||
sizes(),
|
||||
visualizer({
|
||||
filename: `build/stats/${view}.html`,
|
||||
title: `Rullup bundle for ${view}`,
|
||||
}),
|
||||
postcss({
|
||||
extract: true, // `bundle.css`, //TODO: Check if it should be enabled
|
||||
// inject: true,
|
||||
}),
|
||||
hash({
|
||||
dest: "bundle.[hash].min.js",
|
||||
}),
|
||||
// dev && livereload(),
|
||||
],
|
||||
}));
|
|
@ -0,0 +1,94 @@
|
|||
<script lang="ts">
|
||||
// import { Tile } from "carbon-components-svelte";
|
||||
|
||||
export let title: string;
|
||||
export let loading = false;
|
||||
export let hide = false;
|
||||
|
||||
$: console.log({ loading });
|
||||
</script>
|
||||
|
||||
<div class="wrapper">
|
||||
<div class="card-elevated container">
|
||||
<!-- <div class="container card"> -->
|
||||
<div class="card elv-8 title-container">
|
||||
<h1 style="margin:0">{title}</h1>
|
||||
</div>
|
||||
{#if loading}
|
||||
<div class="loader_container">
|
||||
<div class="loader_box">
|
||||
<div class="loader" />
|
||||
</div>
|
||||
</div>
|
||||
{/if}
|
||||
|
||||
<div class="content-container" class:loading_container={loading}>
|
||||
{#if !(loading && hide)}
|
||||
<slot />
|
||||
{/if}
|
||||
</div>
|
||||
<!-- </div> -->
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<style>
|
||||
.wrapper {
|
||||
min-height: 100vh;
|
||||
width: 100vw;
|
||||
display: flex;
|
||||
align-items: center;
|
||||
justify-content: center;
|
||||
padding: 1rem;
|
||||
box-sizing: border-box;
|
||||
}
|
||||
|
||||
.container {
|
||||
border-radius: 4px;
|
||||
position: relative;
|
||||
padding-top: 2.5rem;
|
||||
width: 25rem;
|
||||
|
||||
min-height: calc(100px + 2.5rem);
|
||||
min-width: 100px;
|
||||
|
||||
margin-top: 3rem;
|
||||
}
|
||||
|
||||
.title-container {
|
||||
margin: -4.8rem auto 0 auto;
|
||||
max-width: 250px;
|
||||
background-color: var(--primary);
|
||||
color: white;
|
||||
border-radius: 4px;
|
||||
text-align: center;
|
||||
/* padding: 5px 20px; */
|
||||
}
|
||||
|
||||
.title-container > h1 {
|
||||
font-size: 2rem;
|
||||
line-height: 1;
|
||||
}
|
||||
|
||||
.content-container {
|
||||
padding: 2em;
|
||||
margin: 0 auto;
|
||||
max-width: 380px;
|
||||
overflow: hidden;
|
||||
}
|
||||
|
||||
.loading_container {
|
||||
filter: blur(1px) opacity(50%);
|
||||
}
|
||||
|
||||
.loader_container {
|
||||
position: absolute;
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
justify-content: center;
|
||||
top: 0;
|
||||
bottom: 0;
|
||||
left: 0;
|
||||
right: 0;
|
||||
z-index: 2;
|
||||
}
|
||||
</style>
|
|
@ -0,0 +1,33 @@
|
|||
<script lang="ts">
|
||||
import {
|
||||
NavBrand,
|
||||
NavHamburger,
|
||||
NavLi,
|
||||
NavUl,
|
||||
Navbar,
|
||||
} from "flowbite-svelte";
|
||||
|
||||
export let sidebarOpen: boolean;
|
||||
export let sidebarOpenVisible: boolean;
|
||||
</script>
|
||||
|
||||
<Navbar let:hidden let:toggle color="form">
|
||||
{#if sidebarOpenVisible}
|
||||
<NavHamburger on:click={() => (sidebarOpen = !sidebarOpen)} />
|
||||
{/if}
|
||||
<NavBrand href="/">
|
||||
<span
|
||||
class="self-center whitespace-nowrap text-xl font-semibold dark:text-white"
|
||||
>
|
||||
OpenAuth
|
||||
</span>
|
||||
</NavBrand>
|
||||
<NavHamburger on:click={toggle} />
|
||||
<NavUl {hidden}>
|
||||
<NavLi href="/" active={true}>Home</NavLi>
|
||||
<NavLi href="/user">User</NavLi>
|
||||
<!-- <NavLi href="/services">Services</NavLi>
|
||||
<NavLi href="/pricing">Pricing</NavLi>
|
||||
<NavLi href="/contact">Contact</NavLi> -->
|
||||
</NavUl>
|
||||
</Navbar>
|
|
@ -0,0 +1,15 @@
|
|||
<script lang="ts">
|
||||
// import { onMount, afterUpdate, setContext } from "svelte";
|
||||
// import { writable, derived } from "svelte/store";
|
||||
|
||||
// type Theme = "white" | "g10" | "g90" | "g100";
|
||||
|
||||
// export let persist: boolean = false;
|
||||
// export let persistKey: string = "theme";
|
||||
export let dark = false;
|
||||
</script>
|
||||
|
||||
|
||||
<div class={dark ? 'dark-theme' : 'light-theme'}>
|
||||
<slot />
|
||||
</div>
|
|
@ -0,0 +1,42 @@
|
|||
import "@hibas123/theme/out/base.css";
|
||||
import "./theme.css";
|
||||
import { default as Theme } from "./Theme.svelte";
|
||||
|
||||
(() => {
|
||||
const elements = new WeakSet();
|
||||
|
||||
function check() {
|
||||
document
|
||||
.querySelectorAll(".floating>input")
|
||||
.forEach((e: HTMLInputElement) => {
|
||||
if (elements.has(e)) return;
|
||||
elements.add(e);
|
||||
|
||||
function checkState() {
|
||||
console.log("Check State");
|
||||
if (e.value !== "") {
|
||||
if (e.classList.contains("used")) return;
|
||||
e.classList.add("used");
|
||||
} else {
|
||||
if (e.classList.contains("used")) e.classList.remove("used");
|
||||
}
|
||||
}
|
||||
|
||||
e.addEventListener("change", () => checkState());
|
||||
checkState();
|
||||
});
|
||||
}
|
||||
|
||||
const observer = new MutationObserver((mutations) => {
|
||||
check();
|
||||
});
|
||||
|
||||
// Start observing the target node for configured mutations
|
||||
observer.observe(window.document, {
|
||||
childList: true,
|
||||
subtree: true,
|
||||
});
|
||||
check();
|
||||
})();
|
||||
|
||||
export default Theme;
|
|
@ -0,0 +1,257 @@
|
|||
:root {
|
||||
--primary: #1e88e5;
|
||||
--mdc-theme-primary: var(--primary);
|
||||
--mdc-theme-primary-bg: var(--mdc-theme--primary);
|
||||
--mdc-theme-on-primary: white;
|
||||
--error: #ff2f00;
|
||||
--border-color: #ababab;
|
||||
|
||||
--default-font-size: 1.05rem;
|
||||
}
|
||||
|
||||
* {
|
||||
font-family: "Roboto", "Helvetica", sans-serif;
|
||||
}
|
||||
|
||||
html,
|
||||
body {
|
||||
margin: 0;
|
||||
color: #636363;
|
||||
position: relative;
|
||||
background: #eee;
|
||||
height: 100%;
|
||||
font-size: var(--default-font-size);
|
||||
min-width: 100vw;
|
||||
min-height: 100vh;
|
||||
box-sizing: border-box;
|
||||
}
|
||||
|
||||
.group {
|
||||
position: relative;
|
||||
margin-top: 2rem;
|
||||
margin-bottom: 24px;
|
||||
min-height: 45px;
|
||||
}
|
||||
|
||||
.floating > input {
|
||||
font-size: 1.2rem;
|
||||
padding: 10px 10px 10px 5px;
|
||||
appearance: none;
|
||||
-webkit-appearance: none;
|
||||
display: block;
|
||||
background: #fafafa;
|
||||
background: unset;
|
||||
color: #636363;
|
||||
width: 100%;
|
||||
border: none;
|
||||
border-radius: 0;
|
||||
/* border-bottom: 1px solid #757575; */
|
||||
border-bottom: 1px solid var(--border-color);
|
||||
box-sizing: border-box;
|
||||
}
|
||||
|
||||
.floating > input:focus {
|
||||
outline: none;
|
||||
}
|
||||
|
||||
/* Label */
|
||||
|
||||
.floating > label {
|
||||
color: #999;
|
||||
font-size: 18px;
|
||||
font-weight: normal;
|
||||
position: absolute;
|
||||
pointer-events: none;
|
||||
left: 5px;
|
||||
top: 10px;
|
||||
transition: all 0.2s ease;
|
||||
}
|
||||
|
||||
/* active */
|
||||
|
||||
.floating > input:focus ~ label,
|
||||
.floating > input.used ~ label {
|
||||
top: -0.75em;
|
||||
transform: scale(0.75);
|
||||
left: -2px;
|
||||
/* font-size: 14px; */
|
||||
color: var(--primary);
|
||||
transform-origin: left;
|
||||
}
|
||||
|
||||
/* Underline */
|
||||
|
||||
.bar {
|
||||
position: relative;
|
||||
display: block;
|
||||
width: 100%;
|
||||
}
|
||||
|
||||
.bar:before,
|
||||
.bar:after {
|
||||
content: "";
|
||||
height: 2px;
|
||||
width: 0;
|
||||
bottom: 1px;
|
||||
position: absolute;
|
||||
background: var(--primary);
|
||||
transition: all 0.2s ease;
|
||||
}
|
||||
|
||||
.bar:before {
|
||||
left: 50%;
|
||||
}
|
||||
|
||||
.bar:after {
|
||||
right: 50%;
|
||||
}
|
||||
|
||||
/* active */
|
||||
|
||||
.floating > input:focus ~ .bar:before,
|
||||
.floating > input:focus ~ .bar:after {
|
||||
width: 50%;
|
||||
}
|
||||
|
||||
/* Highlight */
|
||||
|
||||
.highlight {
|
||||
position: absolute;
|
||||
height: 60%;
|
||||
width: 100px;
|
||||
top: 25%;
|
||||
left: 0;
|
||||
pointer-events: none;
|
||||
opacity: 0.5;
|
||||
}
|
||||
|
||||
/* active */
|
||||
|
||||
.floating > input:focus ~ .highlight {
|
||||
animation: inputHighlighter 0.3s ease;
|
||||
}
|
||||
|
||||
/* Animations */
|
||||
|
||||
@keyframes inputHighlighter {
|
||||
from {
|
||||
background: var(--primary);
|
||||
}
|
||||
|
||||
to {
|
||||
width: 0;
|
||||
background: transparent;
|
||||
}
|
||||
}
|
||||
|
||||
.btn {
|
||||
position: relative;
|
||||
|
||||
display: block;
|
||||
margin: 2rem;
|
||||
padding: 0 1em;
|
||||
|
||||
overflow: hidden;
|
||||
|
||||
border-width: 0;
|
||||
outline: none;
|
||||
border-radius: 4px;
|
||||
box-shadow: 0 1px 4px rgba(0, 0, 0, 0.6);
|
||||
|
||||
background-color: #cccccc;
|
||||
color: #ecf0f1;
|
||||
|
||||
transition: background-color 0.3s;
|
||||
|
||||
height: 48px;
|
||||
|
||||
text-transform: uppercase;
|
||||
font-weight: 500;
|
||||
font-size: 1.2rem;
|
||||
}
|
||||
|
||||
.btn:hover,
|
||||
.btn:focus {
|
||||
filter: brightness(90%);
|
||||
}
|
||||
|
||||
.btn > * {
|
||||
position: relative;
|
||||
}
|
||||
|
||||
.btn span {
|
||||
display: block;
|
||||
padding: 12px 24px;
|
||||
}
|
||||
|
||||
.btn:before {
|
||||
content: "";
|
||||
|
||||
position: absolute;
|
||||
top: 50%;
|
||||
left: 50%;
|
||||
|
||||
display: block;
|
||||
width: 0;
|
||||
padding-top: 0;
|
||||
|
||||
border-radius: 100%;
|
||||
|
||||
background-color: rgba(236, 240, 241, 0.3);
|
||||
|
||||
-webkit-transform: translate(-50%, -50%);
|
||||
-moz-transform: translate(-50%, -50%);
|
||||
-ms-transform: translate(-50%, -50%);
|
||||
-o-transform: translate(-50%, -50%);
|
||||
transform: translate(-50%, -50%);
|
||||
}
|
||||
|
||||
.btn:active:before {
|
||||
width: 120%;
|
||||
padding-top: 120%;
|
||||
|
||||
transition: width 0.2s ease-out, padding-top 0.2s ease-out;
|
||||
}
|
||||
|
||||
.btn-wide {
|
||||
width: 100%;
|
||||
margin: 0;
|
||||
}
|
||||
|
||||
.loader_box {
|
||||
width: 64px;
|
||||
height: 64px;
|
||||
margin: auto;
|
||||
}
|
||||
|
||||
.loader {
|
||||
display: inline-block;
|
||||
position: relative;
|
||||
z-index: 100;
|
||||
}
|
||||
|
||||
.loader:after {
|
||||
content: " ";
|
||||
display: block;
|
||||
width: 46px;
|
||||
height: 46px;
|
||||
margin: 1px;
|
||||
border-radius: 50%;
|
||||
border: 5px solid var(--primary);
|
||||
border-color: var(--primary) transparent var(--primary) transparent;
|
||||
animation: loader 1.2s linear infinite;
|
||||
}
|
||||
|
||||
@keyframes loader {
|
||||
0% {
|
||||
transform: rotate(0deg);
|
||||
}
|
||||
|
||||
100% {
|
||||
transform: rotate(360deg);
|
||||
}
|
||||
}
|
||||
|
||||
#content {
|
||||
height: 100%;
|
||||
}
|
|
@ -0,0 +1,39 @@
|
|||
import { Client } from "@hibas123/openauth-internalapi";
|
||||
import request, { RequestError } from "./request";
|
||||
|
||||
const provider = new Client.ServiceProvider((data) => {
|
||||
fetch("/api/jrpc", {
|
||||
method: "POST",
|
||||
credentials: "same-origin",
|
||||
headers: {
|
||||
"Content-Type": "application/json",
|
||||
},
|
||||
body: JSON.stringify(data),
|
||||
}).then(res => {
|
||||
if (res.ok) return res.json();
|
||||
else throw new Error(res.statusText);
|
||||
}).then(res => {
|
||||
provider.onPacket(res);
|
||||
}).catch(err => {
|
||||
provider.onPacket({
|
||||
jsonrpc: "2.0",
|
||||
method: data.method,
|
||||
id: data.id,
|
||||
error: {
|
||||
code: -32603,
|
||||
message: err.message,
|
||||
},
|
||||
})
|
||||
})
|
||||
});
|
||||
|
||||
const InternalAPI = {
|
||||
Account: new Client.AccountService(provider),
|
||||
Security: new Client.SecurityService(provider),
|
||||
TwoFactor: new Client.TFAService(provider),
|
||||
Login: new Client.LoginService(provider),
|
||||
}
|
||||
|
||||
export default InternalAPI;
|
||||
|
||||
(window as any).InternalAPI = InternalAPI;
|
|
@ -0,0 +1,20 @@
|
|||
export function setCookie(cname: string, cvalue: string, exdate: string) {
|
||||
const expires = exdate ? `;expires=${exdate}` : "";
|
||||
document.cookie = `${cname}=${cvalue}${expires};path=/;`;
|
||||
}
|
||||
|
||||
export function getCookie(cname: string) {
|
||||
const name = cname + "=";
|
||||
const dc = decodeURIComponent(document.cookie);
|
||||
const ca = dc.split(";");
|
||||
for (let i = 0; i < ca.length; i++) {
|
||||
let c = ca[i];
|
||||
while (c.charAt(0) == " ") {
|
||||
c = c.substring(1);
|
||||
}
|
||||
if (c.indexOf(name) == 0) {
|
||||
return c.substring(name.length, c.length);
|
||||
}
|
||||
}
|
||||
return "";
|
||||
}
|
|
@ -0,0 +1,62 @@
|
|||
import { getCookie } from "./cookie";
|
||||
|
||||
const baseURL = "";
|
||||
|
||||
export class RequestError extends Error {
|
||||
response: any;
|
||||
constructor(message: string, response: any) {
|
||||
super(message);
|
||||
this.name = "RequestError";
|
||||
this.response = response;
|
||||
}
|
||||
}
|
||||
|
||||
export default async function request(
|
||||
endpoint: string,
|
||||
parameters: { [key: string]: string } = {},
|
||||
method: "GET" | "POST" | "DELETE" | "PUT" = "GET",
|
||||
body?: any,
|
||||
authInParam = false,
|
||||
redirect = false
|
||||
) {
|
||||
let pairs = [];
|
||||
|
||||
if (authInParam) {
|
||||
parameters.login = getCookie("login");
|
||||
parameters.special = getCookie("special");
|
||||
}
|
||||
|
||||
for (let key in parameters) {
|
||||
pairs.push(key + "=" + parameters[key]);
|
||||
}
|
||||
|
||||
let url = endpoint;
|
||||
if (pairs.length > 0) {
|
||||
url += "?" + pairs.join("&");
|
||||
}
|
||||
|
||||
return fetch(baseURL + url, {
|
||||
method,
|
||||
body: JSON.stringify(body),
|
||||
credentials: "same-origin",
|
||||
headers: {
|
||||
"content-type": "application/json",
|
||||
},
|
||||
})
|
||||
.then((e) => {
|
||||
if (e.status !== 200) throw new Error(e.statusText);
|
||||
return e.json();
|
||||
})
|
||||
.then((data) => {
|
||||
if (data.error) {
|
||||
if (redirect && data.additional && data.additional.auth) {
|
||||
let state = btoa(
|
||||
window.location.pathname + window.location.hash
|
||||
);
|
||||
window.location.href = `/login?state=${state}&base64=true`;
|
||||
}
|
||||
return Promise.reject(new RequestError(data.error, data));
|
||||
}
|
||||
return data;
|
||||
});
|
||||
}
|
|
@ -0,0 +1,484 @@
|
|||
var b;
|
||||
if (!(b = t)) {
|
||||
var w = Math,
|
||||
y = {},
|
||||
B = (y.p = {}),
|
||||
aa = function () {},
|
||||
C = (B.A = {
|
||||
extend: function (o) {
|
||||
aa.prototype = this;
|
||||
var _ = new aa();
|
||||
return o && _.u(o), (_.z = this), _;
|
||||
},
|
||||
create: function () {
|
||||
var o = this.extend();
|
||||
return o.h.apply(o, arguments), o;
|
||||
},
|
||||
h: function () {},
|
||||
u: function (o) {
|
||||
for (var _ in o) o.hasOwnProperty(_) && (this[_] = o[_]);
|
||||
o.hasOwnProperty("toString") && (this.toString = o.toString);
|
||||
},
|
||||
e: function () {
|
||||
return this.z.extend(this);
|
||||
},
|
||||
}),
|
||||
D = (B.i = C.extend({
|
||||
h: function (o, _) {
|
||||
(o = this.d = o || []), (this.c = void 0 == _ ? 4 * o.length : _);
|
||||
},
|
||||
toString: function (o) {
|
||||
return (o || ba).stringify(this);
|
||||
},
|
||||
concat: function (o) {
|
||||
var _ = this.d,
|
||||
Da = o.d,
|
||||
Ea = this.c,
|
||||
o = o.c;
|
||||
if ((this.t(), Ea % 4))
|
||||
for (var Fa = 0; Fa < o; Fa++)
|
||||
_[(Ea + Fa) >>> 2] |=
|
||||
(255 & (Da[Fa >>> 2] >>> (24 - 8 * (Fa % 4)))) <<
|
||||
(24 - 8 * ((Ea + Fa) % 4));
|
||||
else if (65535 < Da.length)
|
||||
for (Fa = 0; Fa < o; Fa += 4) _[(Ea + Fa) >>> 2] = Da[Fa >>> 2];
|
||||
else _.push.apply(_, Da);
|
||||
return (this.c += o), this;
|
||||
},
|
||||
t: function () {
|
||||
var o = this.d,
|
||||
_ = this.c;
|
||||
(o[_ >>> 2] &= 4294967295 << (32 - 8 * (_ % 4))),
|
||||
(o.length = w.ceil(_ / 4));
|
||||
},
|
||||
e: function () {
|
||||
var o = C.e.call(this);
|
||||
return (o.d = this.d.slice(0)), o;
|
||||
},
|
||||
random: function (o) {
|
||||
for (var _ = [], Da = 0; Da < o; Da += 4)
|
||||
_.push(0 | (4294967296 * w.random()));
|
||||
return D.create(_, o);
|
||||
},
|
||||
})),
|
||||
ca = (y.O = {}),
|
||||
ba = (ca.K = {
|
||||
stringify: function (o) {
|
||||
for (var Fa, _ = o.d, o = o.c, Da = [], Ea = 0; Ea < o; Ea++)
|
||||
(Fa = 255 & (_[Ea >>> 2] >>> (24 - 8 * (Ea % 4)))),
|
||||
Da.push((Fa >>> 4).toString(16)),
|
||||
Da.push((15 & Fa).toString(16));
|
||||
return Da.join("");
|
||||
},
|
||||
parse: function (o) {
|
||||
for (var _ = o.length, Da = [], Ea = 0; Ea < _; Ea += 2)
|
||||
Da[Ea >>> 3] |=
|
||||
parseInt(o.substr(Ea, 2), 16) << (24 - 4 * (Ea % 8));
|
||||
return D.create(Da, _ / 2);
|
||||
},
|
||||
}),
|
||||
da = (ca.M = {
|
||||
stringify: function (o) {
|
||||
for (var _ = o.d, o = o.c, Da = [], Ea = 0; Ea < o; Ea++)
|
||||
Da.push(
|
||||
String.fromCharCode(
|
||||
255 & (_[Ea >>> 2] >>> (24 - 8 * (Ea % 4)))
|
||||
)
|
||||
);
|
||||
return Da.join("");
|
||||
},
|
||||
parse: function (o) {
|
||||
for (var _ = o.length, Da = [], Ea = 0; Ea < _; Ea++)
|
||||
Da[Ea >>> 2] |= (255 & o.charCodeAt(Ea)) << (24 - 8 * (Ea % 4));
|
||||
return D.create(Da, _);
|
||||
},
|
||||
}),
|
||||
ea = (ca.N = {
|
||||
stringify: function (o) {
|
||||
try {
|
||||
return decodeURIComponent(escape(da.stringify(o)));
|
||||
} catch (_) {
|
||||
throw Error("Malformed UTF-8 data");
|
||||
}
|
||||
},
|
||||
parse: function (o) {
|
||||
return da.parse(unescape(encodeURIComponent(o)));
|
||||
},
|
||||
}),
|
||||
ia = (B.I = C.extend({
|
||||
reset: function () {
|
||||
(this.g = D.create()), (this.j = 0);
|
||||
},
|
||||
l: function (o) {
|
||||
"string" == typeof o && (o = ea.parse(o)),
|
||||
this.g.concat(o),
|
||||
(this.j += o.c);
|
||||
},
|
||||
m: function (o) {
|
||||
var _ = this.g,
|
||||
Da = _.d,
|
||||
Ea = _.c,
|
||||
Fa = this.n,
|
||||
Ga = Ea / (4 * Fa),
|
||||
Ga = o ? w.ceil(Ga) : w.max((0 | Ga) - this.r, 0),
|
||||
o = Ga * Fa,
|
||||
Ea = w.min(4 * o, Ea);
|
||||
if (o) {
|
||||
for (var Ha = 0; Ha < o; Ha += Fa) this.H(Da, Ha);
|
||||
(Ha = Da.splice(0, o)), (_.c -= Ea);
|
||||
}
|
||||
return D.create(Ha, Ea);
|
||||
},
|
||||
e: function () {
|
||||
var o = C.e.call(this);
|
||||
return (o.g = this.g.e()), o;
|
||||
},
|
||||
r: 0,
|
||||
}));
|
||||
B.B = ia.extend({
|
||||
h: function () {
|
||||
this.reset();
|
||||
},
|
||||
reset: function () {
|
||||
ia.reset.call(this), this.q();
|
||||
},
|
||||
update: function (o) {
|
||||
return this.l(o), this.m(), this;
|
||||
},
|
||||
o: function (o) {
|
||||
return o && this.l(o), this.G(), this.f;
|
||||
},
|
||||
e: function () {
|
||||
var o = ia.e.call(this);
|
||||
return (o.f = this.f.e()), o;
|
||||
},
|
||||
n: 16,
|
||||
D: function (o) {
|
||||
return function (_, Da) {
|
||||
return o.create(Da).o(_);
|
||||
};
|
||||
},
|
||||
F: function (o) {
|
||||
return function (_, Da) {
|
||||
return ja.J.create(o, Da).o(_);
|
||||
};
|
||||
},
|
||||
});
|
||||
var ja = (y.s = {});
|
||||
b = y;
|
||||
}
|
||||
var t = b,
|
||||
K = t,
|
||||
ka = K.p,
|
||||
la = ka.A,
|
||||
va = ka.i,
|
||||
K = (K.w = {});
|
||||
(K.C = la.extend({
|
||||
h: function (o, _) {
|
||||
(this.a = o), (this.b = _);
|
||||
},
|
||||
})),
|
||||
(K.i = la.extend({
|
||||
h: function (o, _) {
|
||||
(o = this.d = o || []), (this.c = void 0 == _ ? 8 * o.length : _);
|
||||
},
|
||||
v: function () {
|
||||
for (var Fa, o = this.d, _ = o.length, Da = [], Ea = 0; Ea < _; Ea++)
|
||||
(Fa = o[Ea]), Da.push(Fa.a), Da.push(Fa.b);
|
||||
return va.create(Da, this.c);
|
||||
},
|
||||
e: function () {
|
||||
for (
|
||||
var o = la.e.call(this),
|
||||
_ = (o.d = this.d.slice(0)),
|
||||
Da = _.length,
|
||||
Ea = 0;
|
||||
Ea < Da;
|
||||
Ea++
|
||||
)
|
||||
_[Ea] = _[Ea].e();
|
||||
return o;
|
||||
},
|
||||
}));
|
||||
function L() {
|
||||
return wa.create.apply(wa, arguments);
|
||||
}
|
||||
for (
|
||||
var xa = t.p.B,
|
||||
M = t.w,
|
||||
wa = M.C,
|
||||
ya = M.i,
|
||||
M = t.s,
|
||||
za = [
|
||||
L(1116352408, 3609767458),
|
||||
L(1899447441, 602891725),
|
||||
L(3049323471, 3964484399),
|
||||
L(3921009573, 2173295548),
|
||||
L(961987163, 4081628472),
|
||||
L(1508970993, 3053834265),
|
||||
L(2453635748, 2937671579),
|
||||
L(2870763221, 3664609560),
|
||||
L(3624381080, 2734883394),
|
||||
L(310598401, 1164996542),
|
||||
L(607225278, 1323610764),
|
||||
L(1426881987, 3590304994),
|
||||
L(1925078388, 4068182383),
|
||||
L(2162078206, 991336113),
|
||||
L(2614888103, 633803317),
|
||||
L(3248222580, 3479774868),
|
||||
L(3835390401, 2666613458),
|
||||
L(4022224774, 944711139),
|
||||
L(264347078, 2341262773),
|
||||
L(604807628, 2007800933),
|
||||
L(770255983, 1495990901),
|
||||
L(1249150122, 1856431235),
|
||||
L(1555081692, 3175218132),
|
||||
L(1996064986, 2198950837),
|
||||
L(2554220882, 3999719339),
|
||||
L(2821834349, 766784016),
|
||||
L(2952996808, 2566594879),
|
||||
L(3210313671, 3203337956),
|
||||
L(3336571891, 1034457026),
|
||||
L(3584528711, 2466948901),
|
||||
L(113926993, 3758326383),
|
||||
L(338241895, 168717936),
|
||||
L(666307205, 1188179964),
|
||||
L(773529912, 1546045734),
|
||||
L(1294757372, 1522805485),
|
||||
L(1396182291, 2643833823),
|
||||
L(1695183700, 2343527390),
|
||||
L(1986661051, 1014477480),
|
||||
L(2177026350, 1206759142),
|
||||
L(2456956037, 344077627),
|
||||
L(2730485921, 1290863460),
|
||||
L(2820302411, 3158454273),
|
||||
L(3259730800, 3505952657),
|
||||
L(3345764771, 106217008),
|
||||
L(3516065817, 3606008344),
|
||||
L(3600352804, 1432725776),
|
||||
L(4094571909, 1467031594),
|
||||
L(275423344, 851169720),
|
||||
L(430227734, 3100823752),
|
||||
L(506948616, 1363258195),
|
||||
L(659060556, 3750685593),
|
||||
L(883997877, 3785050280),
|
||||
L(958139571, 3318307427),
|
||||
L(1322822218, 3812723403),
|
||||
L(1537002063, 2003034995),
|
||||
L(1747873779, 3602036899),
|
||||
L(1955562222, 1575990012),
|
||||
L(2024104815, 1125592928),
|
||||
L(2227730452, 2716904306),
|
||||
L(2361852424, 442776044),
|
||||
L(2428436474, 593698344),
|
||||
L(2756734187, 3733110249),
|
||||
L(3204031479, 2999351573),
|
||||
L(3329325298, 3815920427),
|
||||
L(3391569614, 3928383900),
|
||||
L(3515267271, 566280711),
|
||||
L(3940187606, 3454069534),
|
||||
L(4118630271, 4000239992),
|
||||
L(116418474, 1914138554),
|
||||
L(174292421, 2731055270),
|
||||
L(289380356, 3203993006),
|
||||
L(460393269, 320620315),
|
||||
L(685471733, 587496836),
|
||||
L(852142971, 1086792851),
|
||||
L(1017036298, 365543100),
|
||||
L(1126000580, 2618297676),
|
||||
L(1288033470, 3409855158),
|
||||
L(1501505948, 4234509866),
|
||||
L(1607167915, 987167468),
|
||||
L(1816402316, 1246189591),
|
||||
],
|
||||
$ = [],
|
||||
Aa = 0;
|
||||
80 > Aa;
|
||||
Aa++
|
||||
)
|
||||
$[Aa] = L();
|
||||
(M = M.k = xa.extend({
|
||||
q: function () {
|
||||
this.f = ya.create([
|
||||
L(1779033703, 4089235720),
|
||||
L(3144134277, 2227873595),
|
||||
L(1013904242, 4271175723),
|
||||
L(2773480762, 1595750129),
|
||||
L(1359893119, 2917565137),
|
||||
L(2600822924, 725511199),
|
||||
L(528734635, 4215389547),
|
||||
L(1541459225, 327033209),
|
||||
]);
|
||||
},
|
||||
H: function (o, _) {
|
||||
for (
|
||||
var qb,
|
||||
Da = this.f.d,
|
||||
Ea = Da[0],
|
||||
Fa = Da[1],
|
||||
Ga = Da[2],
|
||||
Ha = Da[3],
|
||||
Ia = Da[4],
|
||||
Ja = Da[5],
|
||||
Ka = Da[6],
|
||||
Da = Da[7],
|
||||
La = Ea.a,
|
||||
Ma = Ea.b,
|
||||
Na = Fa.a,
|
||||
Oa = Fa.b,
|
||||
Pa = Ga.a,
|
||||
Qa = Ga.b,
|
||||
Ra = Ha.a,
|
||||
Sa = Ha.b,
|
||||
Ta = Ia.a,
|
||||
Ua = Ia.b,
|
||||
Va = Ja.a,
|
||||
Wa = Ja.b,
|
||||
Xa = Ka.a,
|
||||
Ya = Ka.b,
|
||||
Za = Da.a,
|
||||
$a = Da.b,
|
||||
_a = La,
|
||||
ab = Ma,
|
||||
bb = Na,
|
||||
cb = Oa,
|
||||
db = Pa,
|
||||
eb = Qa,
|
||||
fb = Ra,
|
||||
gb = Sa,
|
||||
hb = Ta,
|
||||
ib = Ua,
|
||||
jb = Va,
|
||||
kb = Wa,
|
||||
lb = Xa,
|
||||
mb = Ya,
|
||||
nb = Za,
|
||||
ob = $a,
|
||||
pb = 0;
|
||||
80 > pb;
|
||||
pb++
|
||||
) {
|
||||
if (((qb = $[pb]), 16 > pb))
|
||||
var rb = (qb.a = 0 | o[_ + 2 * pb]),
|
||||
sb = (qb.b = 0 | o[_ + 2 * pb + 1]);
|
||||
else {
|
||||
var rb = $[pb - 15],
|
||||
sb = rb.a,
|
||||
tb = rb.b,
|
||||
rb =
|
||||
((tb << 31) | (sb >>> 1)) ^
|
||||
((tb << 24) | (sb >>> 8)) ^
|
||||
(sb >>> 7),
|
||||
tb =
|
||||
((sb << 31) | (tb >>> 1)) ^
|
||||
((sb << 24) | (tb >>> 8)) ^
|
||||
((sb << 25) | (tb >>> 7)),
|
||||
ub = $[pb - 2],
|
||||
sb = ub.a,
|
||||
vb = ub.b,
|
||||
ub =
|
||||
((vb << 13) | (sb >>> 19)) ^
|
||||
((sb << 3) | (vb >>> 29)) ^
|
||||
(sb >>> 6),
|
||||
vb =
|
||||
((sb << 13) | (vb >>> 19)) ^
|
||||
((vb << 3) | (sb >>> 29)) ^
|
||||
((sb << 26) | (vb >>> 6)),
|
||||
sb = $[pb - 7],
|
||||
wb = sb.a,
|
||||
xb = $[pb - 16],
|
||||
yb = xb.a,
|
||||
xb = xb.b,
|
||||
sb = tb + sb.b,
|
||||
rb = rb + wb + (sb >>> 0 < tb >>> 0 ? 1 : 0),
|
||||
sb = sb + vb,
|
||||
rb = rb + ub + (sb >>> 0 < vb >>> 0 ? 1 : 0),
|
||||
sb = sb + xb,
|
||||
rb = rb + yb + (sb >>> 0 < xb >>> 0 ? 1 : 0);
|
||||
(qb.a = rb), (qb.b = sb);
|
||||
}
|
||||
var wb = (hb & jb) ^ (~hb & lb),
|
||||
xb = (ib & kb) ^ (~ib & mb),
|
||||
qb = (_a & bb) ^ (_a & db) ^ (bb & db),
|
||||
tb =
|
||||
((ab << 4) | (_a >>> 28)) ^
|
||||
((_a << 30) | (ab >>> 2)) ^
|
||||
((_a << 25) | (ab >>> 7)),
|
||||
ub =
|
||||
((_a << 4) | (ab >>> 28)) ^
|
||||
((ab << 30) | (_a >>> 2)) ^
|
||||
((ab << 25) | (_a >>> 7)),
|
||||
vb = za[pb],
|
||||
Ab = vb.a,
|
||||
Bb = vb.b,
|
||||
vb =
|
||||
ob +
|
||||
(((hb << 18) | (ib >>> 14)) ^
|
||||
((hb << 14) | (ib >>> 18)) ^
|
||||
((ib << 23) | (hb >>> 9))),
|
||||
yb =
|
||||
nb +
|
||||
(((ib << 18) | (hb >>> 14)) ^
|
||||
((ib << 14) | (hb >>> 18)) ^
|
||||
((hb << 23) | (ib >>> 9))) +
|
||||
(vb >>> 0 < ob >>> 0 ? 1 : 0),
|
||||
vb = vb + xb,
|
||||
yb = yb + wb + (vb >>> 0 < xb >>> 0 ? 1 : 0),
|
||||
vb = vb + Bb,
|
||||
yb = yb + Ab + (vb >>> 0 < Bb >>> 0 ? 1 : 0),
|
||||
vb = vb + sb,
|
||||
yb = yb + rb + (vb >>> 0 < sb >>> 0 ? 1 : 0),
|
||||
sb = ub + ((ab & cb) ^ (ab & eb) ^ (cb & eb)),
|
||||
qb = tb + qb + (sb >>> 0 < ub >>> 0 ? 1 : 0),
|
||||
nb = lb,
|
||||
ob = mb,
|
||||
lb = jb,
|
||||
mb = kb,
|
||||
jb = hb,
|
||||
kb = ib,
|
||||
ib = 0 | (gb + vb),
|
||||
hb = 0 | (fb + yb + (ib >>> 0 < gb >>> 0 ? 1 : 0)),
|
||||
fb = db,
|
||||
gb = eb,
|
||||
db = bb,
|
||||
eb = cb,
|
||||
bb = _a,
|
||||
cb = ab,
|
||||
ab = 0 | (vb + sb),
|
||||
_a = 0 | (yb + qb + (ab >>> 0 < vb >>> 0 ? 1 : 0));
|
||||
}
|
||||
(Ma = Ea.b = 0 | (Ma + ab)),
|
||||
(Ea.a = 0 | (La + _a + (Ma >>> 0 < ab >>> 0 ? 1 : 0))),
|
||||
(Oa = Fa.b = 0 | (Oa + cb)),
|
||||
(Fa.a = 0 | (Na + bb + (Oa >>> 0 < cb >>> 0 ? 1 : 0))),
|
||||
(Qa = Ga.b = 0 | (Qa + eb)),
|
||||
(Ga.a = 0 | (Pa + db + (Qa >>> 0 < eb >>> 0 ? 1 : 0))),
|
||||
(Sa = Ha.b = 0 | (Sa + gb)),
|
||||
(Ha.a = 0 | (Ra + fb + (Sa >>> 0 < gb >>> 0 ? 1 : 0))),
|
||||
(Ua = Ia.b = 0 | (Ua + ib)),
|
||||
(Ia.a = 0 | (Ta + hb + (Ua >>> 0 < ib >>> 0 ? 1 : 0))),
|
||||
(Wa = Ja.b = 0 | (Wa + kb)),
|
||||
(Ja.a = 0 | (Va + jb + (Wa >>> 0 < kb >>> 0 ? 1 : 0))),
|
||||
(Ya = Ka.b = 0 | (Ya + mb)),
|
||||
(Ka.a = 0 | (Xa + lb + (Ya >>> 0 < mb >>> 0 ? 1 : 0))),
|
||||
($a = Da.b = 0 | ($a + ob)),
|
||||
(Da.a = 0 | (Za + nb + ($a >>> 0 < ob >>> 0 ? 1 : 0)));
|
||||
},
|
||||
G: function () {
|
||||
var o = this.g,
|
||||
_ = o.d,
|
||||
Da = 8 * this.j,
|
||||
Ea = 8 * o.c;
|
||||
(_[Ea >>> 5] |= 128 << (24 - (Ea % 32))),
|
||||
(_[(((Ea + 128) >>> 10) << 5) + 31] = Da),
|
||||
(o.c = 4 * _.length),
|
||||
this.m(),
|
||||
(this.f = this.f.v());
|
||||
},
|
||||
n: 32,
|
||||
})),
|
||||
(t.k = xa.D(M)),
|
||||
(t.L = xa.F(M));
|
||||
export default function sha512(o) {
|
||||
return t.k(o) + "";
|
||||
}
|
|
@ -0,0 +1,68 @@
|
|||
@tailwind base;
|
||||
@tailwind components;
|
||||
@tailwind utilities;
|
||||
|
||||
/* material-icons-regular - latin */
|
||||
@font-face {
|
||||
font-display: swap; /* Check https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face/font-display for other options. */
|
||||
font-family: "Material Icons";
|
||||
font-style: normal;
|
||||
font-weight: 400;
|
||||
src: url("/static/material-icons-v140-latin-regular.woff2") format("woff2"),
|
||||
/* Chrome 36+, Opera 23+, Firefox 39+ */
|
||||
url("/static/material-icons-v140-latin-regular.woff") format("woff"); /* Chrome 5+, Firefox 3.6+, IE 9+, Safari 5.1+ */
|
||||
}
|
||||
|
||||
/* material-icons-outlined-regular - latin */
|
||||
@font-face {
|
||||
font-display: swap; /* Check https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face/font-display for other options. */
|
||||
font-family: "Material Icons Outlined";
|
||||
font-style: normal;
|
||||
font-weight: 400;
|
||||
src: url("/static/material-icons-outlined-v109-latin-regular.woff2")
|
||||
format("woff2"),
|
||||
/* Chrome 36+, Opera 23+, Firefox 39+ */
|
||||
url("/static/material-icons-outlined-v109-latin-regular.woff")
|
||||
format("woff"); /* Chrome 5+, Firefox 3.6+, IE 9+, Safari 5.1+ */
|
||||
}
|
||||
|
||||
.material-icons {
|
||||
font-family: "Material Icons";
|
||||
font-weight: normal;
|
||||
font-style: normal;
|
||||
font-size: 24px; /* Preferred icon size */
|
||||
display: inline-block;
|
||||
line-height: 1;
|
||||
text-transform: none;
|
||||
letter-spacing: normal;
|
||||
word-wrap: normal;
|
||||
white-space: nowrap;
|
||||
direction: ltr;
|
||||
|
||||
/* Support for all WebKit browsers. */
|
||||
-webkit-font-smoothing: antialiased;
|
||||
/* Support for Safari and Chrome. */
|
||||
text-rendering: optimizeLegibility;
|
||||
|
||||
/* Support for Firefox. */
|
||||
-moz-osx-font-smoothing: grayscale;
|
||||
|
||||
/* Support for IE. */
|
||||
font-feature-settings: "liga";
|
||||
}
|
||||
|
||||
.material-icons-outlined {
|
||||
font-family: "Material Icons Outlined";
|
||||
font-weight: normal;
|
||||
font-style: normal;
|
||||
font-size: 24px;
|
||||
line-height: 1;
|
||||
letter-spacing: normal;
|
||||
text-transform: none;
|
||||
display: inline-block;
|
||||
white-space: nowrap;
|
||||
word-wrap: normal;
|
||||
direction: ltr;
|
||||
-webkit-font-feature-settings: "liga";
|
||||
-webkit-font-smoothing: antialiased;
|
||||
}
|
|
@ -0,0 +1,33 @@
|
|||
<div class="main">
|
||||
<h1>Home Page</h1>
|
||||
|
||||
<h2>About</h2>
|
||||
<p>
|
||||
OpenAuth is a Service to provide simple Authentication to a veriaty of
|
||||
Applications. With a simple to use API and different Strategies, it can be
|
||||
easily integrated into most Applications.
|
||||
</p>
|
||||
|
||||
<h2>QickLinks</h2>
|
||||
<p>
|
||||
If you want to manage your Account, click
|
||||
<a href="user.html">here</a>
|
||||
</p>
|
||||
|
||||
<h2>Applications using OpenAuth</h2>
|
||||
</div>
|
||||
|
||||
<style>
|
||||
.main {
|
||||
padding: 2rem;
|
||||
}
|
||||
|
||||
li {
|
||||
list-style: none;
|
||||
padding: 1rem;
|
||||
}
|
||||
|
||||
li > a {
|
||||
text-decoration: none;
|
||||
}
|
||||
</style>
|
|
@ -0,0 +1,8 @@
|
|||
import "../../components/theme";
|
||||
import App from "./App.svelte";
|
||||
|
||||
const app = new App({
|
||||
target: document.body,
|
||||
});
|
||||
|
||||
export default app;
|
|
@ -0,0 +1,34 @@
|
|||
<script lang="ts">
|
||||
import {} from "flowbite-svelte";
|
||||
|
||||
import { LoginState } from "@hibas123/openauth-internalapi";
|
||||
import Theme from "../../components/theme";
|
||||
import loginState from "./state";
|
||||
import HoveringContentBox from "../../components/HoveringContentBox.svelte";
|
||||
import { onMount } from "svelte";
|
||||
import Username from "./Username.svelte";
|
||||
import Password from "./Password.svelte";
|
||||
import Success from "./Success.svelte";
|
||||
import TwoFactor from "./TwoFactor.svelte";
|
||||
|
||||
const { state } = loginState;
|
||||
</script>
|
||||
|
||||
<Theme>
|
||||
<HoveringContentBox title="Login" loading={$state.loading}>
|
||||
<form action="JavaScript:void(0)">
|
||||
{#if $state.success}
|
||||
<Success />
|
||||
{:else if !$state.username}
|
||||
<Username on:username={(evt) => loginState.setUsername(evt.detail)} />
|
||||
{:else if !$state.password}
|
||||
<Password
|
||||
username={$state.username}
|
||||
on:password={(evt) => loginState.setPassword(evt.detail)}
|
||||
/>
|
||||
{:else if $state.requireTwoFactor.length > 0}
|
||||
<TwoFactor />
|
||||
{/if}
|
||||
</form>
|
||||
</HoveringContentBox>
|
||||
</Theme>
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue