You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

81 lines
2.9 KiB

import Stacker from "../middlewares/stacker";
import { GetUserMiddleware } from "../middlewares/user";
import { Request, Response } from "express";
import Client from "../../models/client";
import Logging from "@hibas123/nodelogging";
import Permission, { IPermission } from "../../models/permissions";
import { Sequelize } from "sequelize-typescript";
import ClientCode from "../../models/client_code";
import moment = require("moment");
import { randomBytes } from "crypto";
import { ObjectID } from "bson";
const AuthRoute = Stacker(GetUserMiddleware(true), async (req: Request, res: Response) => {
let { response_type, client_id, redirect_uri, scope, state, nored } = req.query;
const sendError = (type) => {
res.redirect(redirect_uri += `?error=${type}&state=${state}`);
}
/**
* error
REQUIRED. A single ASCII [USASCII] error code from the
following:
invalid_request
The request is missing a required parameter, includes an
invalid parameter value, includes a parameter more than
once, or is otherwise malformed.
unauthorized_client
The client is not authorized to request an authorization
code using this method.
access_denied
The resource owner or authorization server denied the
request.
*/
try {
if (response_type !== "code") {
return sendError("unsupported_response_type");
} else {
let client = await Client.findOne({ client_id: client_id })
if (!client) {
return sendError("unauthorized_client")
}
if (redirect_uri && client.redirect_url !== redirect_uri) {
Logging.log(redirect_uri, client.redirect_url);
return res.send("Invalid redirect_uri. Please check the integrity of the site requesting and contact the administrator of the page, you want to authorize!");
}
let permissions: IPermission[] = [];
if (scope) {
let perms = (<string>scope).split(";").map(p => new ObjectID(p));
permissions = await Permission.find({ _id: { $in: perms } })
if (permissions.length != perms.length) {
return sendError("invalid_scope");
}
}
let code = ClientCode.new({
user: req.user._id,
client: client._id,
permissions: permissions.map(p => p._id),
validTill: moment().add(30, "minutes").toDate(),
code: randomBytes(16).toString("hex")
});
await ClientCode.save(code);
let ruri = client.redirect_url + `?code=${code.code}&state=${state}`;
if (nored === "true") {
res.json({
redirect_uri: ruri
})
} else {
res.redirect(ruri);
}
}
} catch (err) {
Logging.error(err);
sendError("server_error")
}
})
export default AuthRoute;