OpenServer
/
OpenAuth_server
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

Making grants and authentication now possible.

improving-auth
Fabian Stamm 2 years ago
parent
44d02b0110
commit
d94e83b468
3 changed files with 136 additions and 107 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      .vscode/launch.json
  2. 4
      locales/en.json
  3. 237
      src/api/oauth/auth.ts

2
.vscode/launch.json vendored
Unescape View File

@ -5,7 +5,7 @@ @@ -5,7 +5,7 @@
"version": "0.2.0",
"configurations": [
{
"type": "node",
"type": "pwa-node",
"request": "launch",
"name": "Launch Program",
"program": "${workspaceFolder}/lib/index.js",

4
locales/en.json
Unescape View File

@ -11,5 +11,7 @@ @@ -11,5 +11,7 @@
"Special token invalid": "Special token invalid",
"You are not logged in or your login is expired(Special token invalid)": "You are not logged in or your login is expired(Special token invalid)",
"No login token": "No login token",
"Login token invalid": "Login token invalid"
"Login token invalid": "Login token invalid",
"Authorize %s": "Authorize %s",
"By clicking on ALLOW, you allow this app to access the requested recources.": "By clicking on ALLOW, you allow this app to access the requested recources."
}

237
src/api/oauth/auth.ts
Unescape View File

@ -84,128 +84,155 @@ import GetAuthPage from "../../views/authorize"; @@ -84,128 +84,155 @@ import GetAuthPage from "../../views/authorize";
// }
// })
const GetAuthRoute = (view = false) => Stacker(GetUserMiddleware(false), async (req: Request, res: Response) => {
let { response_type, client_id, redirect_uri, scope, state, nored } = req.query;
const sendError = (type) => {
if (redirect_uri === "$local")
redirect_uri = "/code";
res.redirect(redirect_uri += `?error=${type}&state=${state}`);
}
const scopes = scope.split(";");
Logging.debug("Scopes:", scope);
try {
if (response_type !== "code") {
return sendError("unsupported_response_type");
} else {
let client = await Client.findOne({ client_id: client_id });
if (!client) {
return sendError("unauthorized_client");
}
if (redirect_uri && client.redirect_url !== redirect_uri) {
Logging.log(redirect_uri, client.redirect_url);
return res.send("Invalid redirect_uri. Please check the integrity of the site requesting and contact the administrator of the page, you want to authorize!");
}
const GetAuthRoute = (view = false) =>
Stacker(GetUserMiddleware(false), async (req: Request, res: Response) => {
let {
response_type,
client_id,
redirect_uri,
scope,
state,
nored
} = req.query;
const sendError = type => {
if (redirect_uri === "$local") redirect_uri = "/code";
res.redirect((redirect_uri += `?error=${type}&state=${state}`));
};
const scopes = scope.split(";");
Logging.debug("Scopes:", scope);
try {
if (response_type !== "code") {
return sendError("unsupported_response_type");
} else {
let client = await Client.findOne({ client_id: client_id });
if (!client) {
return sendError("unauthorized_client");
}
let permissions: IPermission[] = [];
let proms: PromiseLike<void>[] = [];
if (scopes) {
for (let perm of scopes.filter(e => e !== "read_user")) {
proms.push(
Permission.findById(perm).then(p => {
if (!p) return Promise.reject(new Error());
permissions.push(p);
})
if (redirect_uri && client.redirect_url !== redirect_uri) {
Logging.log(redirect_uri, client.redirect_url);
return res.send(
"Invalid redirect_uri. Please check the integrity of the site requesting and contact the administrator of the page, you want to authorize!"
);
}
}
let err = undefined;
await Promise.all(proms).catch(e => {
err = e;
});
let permissions: IPermission[] = [];
let proms: PromiseLike<void>[] = [];
if (scopes) {
for (let perm of scopes.filter(e => e !== "read_user")) {
proms.push(
Permission.findById(perm).then(p => {
if (!p) return Promise.reject(new Error());
permissions.push(p);
})
);
}
}
if (err) {
Logging.error(err);
return sendError("invalid_scope");
}
let err = undefined;
await Promise.all(proms).catch(e => {
err = e;
});
let grant: IGrant | undefined = await Grant.findOne({
client: client._id,
user: req.user._id
})
if (err) {
Logging.error(err);
return sendError("invalid_scope");
}
Logging.debug("Grant", grant, permissions);
let grant: IGrant | undefined = await Grant.findOne({
client: client._id,
user: req.user._id
});
let missing_permissions: IPermission[] = [];
Logging.debug("Grant", grant, permissions);
if (grant) {
missing_permissions = grant.permissions.map(perm => permissions.find(p => p._id.equals(perm))).filter(e => !!e);
} else {
missing_permissions = permissions;
}
let missing_permissions: IPermission[] = [];
let client_granted_perm = missing_permissions.filter(e => e.grant_type == "client")
if (client_granted_perm.length > 0) {
return sendError("no_permission")
}
if (grant) {
missing_permissions = grant.permissions
.map(perm => permissions.find(p => p._id.equals(perm)))
.filter(e => !!e);
} else {
missing_permissions = permissions;
}
if (grant && missing_permissions.length > 0) {
await new Promise<void>((yes, no) => GetUserMiddleware(false, true)(req, res, (err?: Error) => err ? no(err) : yes())); // Maybe unresolved when redirect is happening
let client_granted_perm = missing_permissions.filter(
e => e.grant_type == "client"
);
if (client_granted_perm.length > 0) {
return sendError("no_permission");
}
if (view) {
res.send(GetAuthPage(req.__, client.name, permissions.map(perm => {
return {
name: perm.name,
description: perm.description,
logo: client.logo
}
})));
return;
} else {
if (req.body.allow = "true") {
if (!grant)
grant = Grant.new({
client: client._id,
user: req.user._id,
permissions: []
});
grant.permissions.push(...missing_permissions.map(e => e._id));
await Grant.save(grant);
if (!grant && missing_permissions.length > 0) {
await new Promise<void>((yes, no) =>
GetUserMiddleware(false, true)(req, res, (err?: Error) =>
err ? no(err) : yes()
)
); // Maybe unresolved when redirect is happening
if (view) {
res.send(
GetAuthPage(
req.__,
client.name,
permissions.map(perm => {
return {
name: perm.name,
description: perm.description,
logo: client.logo
};
})
)
);
return;
} else {
return sendError("access_denied");
if ((req.body.allow = "true")) {
if (!grant)
grant = Grant.new({
client: client._id,
user: req.user._id,
permissions: []
});
grant.permissions.push(
...missing_permissions.map(e => e._id)
);
await Grant.save(grant);
} else {
return sendError("access_denied");
}
}
}
}
let code = ClientCode.new({
user: req.user._id,
client: client._id,
permissions: permissions.map(p => p._id),
validTill: moment().add(30, "minutes").toDate(),
code: randomBytes(16).toString("hex")
});
await ClientCode.save(code);
let redir = client.redirect_url === "$local" ? "/code" : client.redirect_url;
let ruri = redir + `?code=${code.code}&state=${state}`;
if (nored === "true") {
res.json({
redirect_uri: ruri
})
} else {
res.redirect(ruri);
let code = ClientCode.new({
user: req.user._id,
client: client._id,
permissions: permissions.map(p => p._id),
validTill: moment()
.add(30, "minutes")
.toDate(),
code: randomBytes(16).toString("hex")
});
await ClientCode.save(code);
let redir =
client.redirect_url === "$local" ? "/code" : client.redirect_url;
let ruri = redir + `?code=${code.code}&state=${state}`;
if (nored === "true") {
res.json({
redirect_uri: ruri
});
} else {
res.redirect(ruri);
}
}
} catch (err) {
Logging.error(err);
sendError("server_error");
}
} catch (err) {
Logging.error(err);
sendError("server_error")
}
});
});
export default GetAuthRoute;

Write Preview
Loading…
Cancel
Save