OpenAuth_server/src/api/oauth/auth.ts

import Stacker from "../middlewares/stacker";
import { GetUserMiddleware } from "../middlewares/user";
import { Request, Response } from "express";
import Client from "../../models/client";
import Logging from "@hibas123/nodelogging";
import Permission, { IPermission } from "../../models/permissions";
import ClientCode from "../../models/client_code";
import moment = require("moment");
import { randomBytes } from "crypto";
import { ObjectID } from "bson";

const AuthRoute = Stacker(GetUserMiddleware(true), async (req: Request, res: Response) => {
   let { response_type, client_id, redirect_uri, scope, state, nored } = req.query;
   const sendError = (type) => {
      res.redirect(redirect_uri += `?error=${type}&state=${state}`);
   }
   /**
    * error
         REQUIRED.  A single ASCII [USASCII] error code from the
         following:
         invalid_request
               The request is missing a required parameter, includes an
               invalid parameter value, includes a parameter more than
               once, or is otherwise malformed.
         unauthorized_client
               The client is not authorized to request an authorization
               code using this method.
         access_denied
               The resource owner or authorization server denied the
               request.
    */
   try {

      if (response_type !== "code") {
         return sendError("unsupported_response_type");
      } else {
         let client = await Client.findOne({ client_id: client_id })
         if (!client) {
            return sendError("unauthorized_client")
         }

         if (redirect_uri && client.redirect_url !== redirect_uri) {
            Logging.log(redirect_uri, client.redirect_url);
            return res.send("Invalid redirect_uri. Please check the integrity of the site requesting and contact the administrator of the page, you want to authorize!");
         }

         let permissions: IPermission[] = [];
         if (scope) {
            let perms = (<string>scope).split(";").filter(e => e !== "read_user").map(p => new ObjectID(p));
            permissions = await Permission.find({ _id: { $in: perms } })

            if (permissions.length != perms.length) {
               return sendError("invalid_scope");
            }
         }

         let code = ClientCode.new({
            user: req.user._id,
            client: client._id,
            permissions: permissions.map(p => p._id),
            validTill: moment().add(30, "minutes").toDate(),
            code: randomBytes(16).toString("hex")
         });
         await ClientCode.save(code);

         let ruri = client.redirect_url + `?code=${code.code}&state=${state}`;
         if (nored === "true") {
            res.json({
               redirect_uri: ruri
            })
         } else {
            res.redirect(ruri);
         }
      }
   } catch (err) {
      Logging.error(err);
      sendError("server_error")
   }
})
export default AuthRoute;