84 lines
3.0 KiB
TypeScript
84 lines
3.0 KiB
TypeScript
import Stacker from "../middlewares/stacker";
|
|
import { GetUserMiddleware } from "../middlewares/user";
|
|
import { Request, Response } from "express";
|
|
import Client from "../../models/client";
|
|
import Logging from "@hibas123/nodelogging";
|
|
import Permission, { IPermission } from "../../models/permissions";
|
|
import ClientCode from "../../models/client_code";
|
|
import moment = require("moment");
|
|
import { randomBytes } from "crypto";
|
|
import { ObjectID } from "bson";
|
|
|
|
const AuthRoute = Stacker(GetUserMiddleware(true), async (req: Request, res: Response) => {
|
|
let { response_type, client_id, redirect_uri, scope, state, nored } = req.query;
|
|
const sendError = (type) => {
|
|
if (redirect_uri === "$local")
|
|
redirect_uri = "/code";
|
|
res.redirect(redirect_uri += `?error=${type}&state=${state}`);
|
|
}
|
|
/**
|
|
* error
|
|
REQUIRED. A single ASCII [USASCII] error code from the
|
|
following:
|
|
invalid_request
|
|
The request is missing a required parameter, includes an
|
|
invalid parameter value, includes a parameter more than
|
|
once, or is otherwise malformed.
|
|
unauthorized_client
|
|
The client is not authorized to request an authorization
|
|
code using this method.
|
|
access_denied
|
|
The resource owner or authorization server denied the
|
|
request.
|
|
*/
|
|
try {
|
|
|
|
if (response_type !== "code") {
|
|
return sendError("unsupported_response_type");
|
|
} else {
|
|
let client = await Client.findOne({ client_id: client_id })
|
|
if (!client) {
|
|
return sendError("unauthorized_client")
|
|
}
|
|
|
|
if (redirect_uri && client.redirect_url !== redirect_uri) {
|
|
Logging.log(redirect_uri, client.redirect_url);
|
|
return res.send("Invalid redirect_uri. Please check the integrity of the site requesting and contact the administrator of the page, you want to authorize!");
|
|
}
|
|
|
|
let permissions: IPermission[] = [];
|
|
if (scope) {
|
|
let perms = (<string>scope).split(";").filter(e => e !== "read_user").map(p => new ObjectID(p));
|
|
permissions = await Permission.find({ _id: { $in: perms } })
|
|
|
|
if (permissions.length != perms.length) {
|
|
return sendError("invalid_scope");
|
|
}
|
|
}
|
|
|
|
let code = ClientCode.new({
|
|
user: req.user._id,
|
|
client: client._id,
|
|
permissions: permissions.map(p => p._id),
|
|
validTill: moment().add(30, "minutes").toDate(),
|
|
code: randomBytes(16).toString("hex")
|
|
});
|
|
await ClientCode.save(code);
|
|
|
|
let redir = client.redirect_url === "$local" ? "/code" : client.redirect_url;
|
|
|
|
let ruri = redir + `?code=${code.code}&state=${state}`;
|
|
if (nored === "true") {
|
|
res.json({
|
|
redirect_uri: ruri
|
|
})
|
|
} else {
|
|
res.redirect(ruri);
|
|
}
|
|
}
|
|
} catch (err) {
|
|
Logging.error(err);
|
|
sendError("server_error")
|
|
}
|
|
})
|
|
export default AuthRoute; |