You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
81 lines
2.9 KiB
81 lines
2.9 KiB
import Stacker from "../middlewares/stacker"; |
|
import { GetUserMiddleware } from "../middlewares/user"; |
|
import { Request, Response } from "express"; |
|
import Client from "../../models/client"; |
|
import Logging from "@hibas123/nodelogging"; |
|
import Permission, { IPermission } from "../../models/permissions"; |
|
import { Sequelize } from "sequelize-typescript"; |
|
import ClientCode from "../../models/client_code"; |
|
import moment = require("moment"); |
|
import { randomBytes } from "crypto"; |
|
import { ObjectID } from "bson"; |
|
|
|
const AuthRoute = Stacker(GetUserMiddleware(true), async (req: Request, res: Response) => { |
|
let { response_type, client_id, redirect_uri, scope, state, nored } = req.query; |
|
const sendError = (type) => { |
|
res.redirect(redirect_uri += `?error=${type}&state=${state}`); |
|
} |
|
/** |
|
* error |
|
REQUIRED. A single ASCII [USASCII] error code from the |
|
following: |
|
invalid_request |
|
The request is missing a required parameter, includes an |
|
invalid parameter value, includes a parameter more than |
|
once, or is otherwise malformed. |
|
unauthorized_client |
|
The client is not authorized to request an authorization |
|
code using this method. |
|
access_denied |
|
The resource owner or authorization server denied the |
|
request. |
|
*/ |
|
try { |
|
|
|
if (response_type !== "code") { |
|
return sendError("unsupported_response_type"); |
|
} else { |
|
let client = await Client.findOne({ client_id: client_id }) |
|
if (!client) { |
|
return sendError("unauthorized_client") |
|
} |
|
|
|
if (redirect_uri && client.redirect_url !== redirect_uri) { |
|
Logging.log(redirect_uri, client.redirect_url); |
|
return res.send("Invalid redirect_uri. Please check the integrity of the site requesting and contact the administrator of the page, you want to authorize!"); |
|
} |
|
|
|
let permissions: IPermission[] = []; |
|
if (scope) { |
|
let perms = (<string>scope).split(";").map(p => new ObjectID(p)); |
|
permissions = await Permission.find({ _id: { $in: perms } }) |
|
|
|
if (permissions.length != perms.length) { |
|
return sendError("invalid_scope"); |
|
} |
|
} |
|
|
|
let code = ClientCode.new({ |
|
user: req.user._id, |
|
client: client._id, |
|
permissions: permissions.map(p => p._id), |
|
validTill: moment().add(30, "minutes").toDate(), |
|
code: randomBytes(16).toString("hex") |
|
}); |
|
await ClientCode.save(code); |
|
|
|
let ruri = client.redirect_url + `?code=${code.code}&state=${state}`; |
|
if (nored === "true") { |
|
res.json({ |
|
redirect_uri: ruri |
|
}) |
|
} else { |
|
res.redirect(ruri); |
|
} |
|
} |
|
} catch (err) { |
|
Logging.error(err); |
|
sendError("server_error") |
|
} |
|
}) |
|
export default AuthRoute; |