OpenAuth_server/src/api/client/index.ts

import { Request, Response, Router } from "express";
import Stacker from "../middlewares/stacker";
import {
   GetClientAuthMiddleware,
   GetClientApiAuthMiddleware,
} from "../middlewares/client";
import { GetUserMiddleware } from "../middlewares/user";
import { createJWT } from "../../keys";
import Client from "../../models/client";
import RequestError, { HttpStatusCode } from "../../helper/request_error";
import config from "../../config";
import Mail from "../../models/mail";

const ClientRouter = Router();

/**
 * @api {get} /client/user
 *
 * @apiDescription Can be used for simple authentication of user. It will redirect the user to the redirect URI with a very short lived jwt.
 *
 * @apiParam {String} redirect_uri URL to redirect to on success
 * @apiParam {String} state A optional state, that will be included in the JWT and redirect_uri as parameter
 *
 * @apiName ClientUser
 * @apiGroup client
 *
 * @apiPermission user_client Requires ClientID and Authenticated User
 */
ClientRouter.get(
   "/user",
   Stacker(
      GetClientAuthMiddleware(false),
      GetUserMiddleware(false, false),
      async (req: Request, res: Response) => {
         let { redirect_uri, state } = req.query;

         if (redirect_uri !== req.client.redirect_url)
            throw new RequestError(
               "Invalid redirect URI",
               HttpStatusCode.BAD_REQUEST
            );

         let jwt = await createJWT(
            {
               client: req.client.client_id,
               uid: req.user.uid,
               username: req.user.username,
               state: state,
            },
            {
               expiresIn: 30,
               issuer: config.core.url,
               algorithm: "RS256",
               subject: req.user.uid,
               audience: req.client.client_id,
            }
         ); //after 30 seconds this token is invalid
         res.redirect(
            redirect_uri + "?jwt=" + jwt + (state ? `&state=${state}` : "")
         );
      }
   )
);

ClientRouter.get(
   "/account",
   Stacker(GetClientApiAuthMiddleware(), async (req: Request, res) => {
      let mails = await Promise.all(
         req.user.mails.map((id) => Mail.findById(id))
      );

      let mail = mails.find((e) => e.primary) || mails[0];

      res.json({
         user: {
            username: req.user.username,
            name: req.user.name,
            email: mail,
         },
      });
   })
);

export default ClientRouter;