Dimitrie Stefanescu
91 lines
3.2 KiB
JavaScript
91 lines
3.2 KiB
JavaScript
'use strict'
|
|
const appRoot = require( 'app-root-path' )
|
|
|
|
const redis = require( 'redis' )
|
|
const ExpressSession = require( 'express-session' )
|
|
const RedisStore = require( 'connect-redis' )( ExpressSession )
|
|
const passport = require( 'passport' )
|
|
const debug = require( 'debug' )
|
|
const { getApp, createAuthorizationCode, createAppTokenFromAccessCode, refreshAppToken } = require( './services/apps' )
|
|
|
|
let authStrategies = [ ]
|
|
|
|
exports.authStrategies = authStrategies
|
|
|
|
exports.init = ( app, options ) => {
|
|
|
|
debug( 'speckle:modules' )( '🔑 \tInit app, authn and authz module' )
|
|
|
|
passport.serializeUser( ( user, done ) => done( null, user ) )
|
|
passport.deserializeUser( ( user, done ) => done( null, user ) )
|
|
app.use( passport.initialize( ) )
|
|
|
|
let session = ExpressSession( {
|
|
store: new RedisStore( { client: redis.createClient( process.env.REDIS_URL ) } ),
|
|
secret: process.env.SESSION_SECRET,
|
|
saveUninitialized: false,
|
|
resave: false,
|
|
cookie: { maxAge: 60000 * 60 }
|
|
} )
|
|
|
|
let sessionAppId = ( req, res, next ) => {
|
|
req.session.appId = req.query.appId
|
|
req.session.challenge = req.query.challenge
|
|
next( )
|
|
}
|
|
|
|
let finalizeAuth = async ( req, res, next ) => {
|
|
if ( req.session.appId ) {
|
|
try {
|
|
let app = await getApp( { id: req.session.appId } )
|
|
let ac = await createAuthorizationCode( { appId: app.id, userId: req.user.id, challenge: req.session.challenge } )
|
|
return res.redirect( `/auth/finalize?appId=${req.session.appId}&access_code=${ac}` )
|
|
} catch ( err ) {
|
|
return res.status( 400 ).send( err.message )
|
|
}
|
|
} else {
|
|
return res.status( 200 ).end( )
|
|
}
|
|
}
|
|
|
|
// TODO: add cors
|
|
app.post( '/auth/token', async ( req, res, next ) => {
|
|
try {
|
|
if ( req.body.refreshToken ) {
|
|
if ( !req.body.appId || !req.body.appSecret )
|
|
throw new Error( 'Invalid request - refresh token' )
|
|
|
|
let authResponse = await refreshAppToken( { refreshToken: req.body.refreshToken, appId: req.body.appId, appSecret: req.body.appSecret } )
|
|
return res.send( authResponse )
|
|
}
|
|
|
|
if ( !req.body.appId || !req.body.appSecret || !req.body.accessCode || !req.body.challenge )
|
|
throw new Error( 'Invalid request' + JSON.stringify( req.body ) )
|
|
|
|
let authResponse = await createAppTokenFromAccessCode( { appId: req.body.appId, appSecret: req.body.appSecret, accessCode: req.body.accessCode, challenge: req.body.challenge } )
|
|
return res.send( authResponse )
|
|
|
|
} catch ( err ) {
|
|
debug( 'speckle:errors' )( err )
|
|
return res.status( 401 ).send( { err: err.message } )
|
|
}
|
|
} )
|
|
|
|
|
|
// Strategies initialisation & listing
|
|
|
|
if ( process.env.STRATEGY_GITHUB === 'true' ) {
|
|
let githubStrategy = require( './strategies/github' )( app, session, sessionAppId, finalizeAuth )
|
|
authStrategies.push( githubStrategy )
|
|
}
|
|
|
|
if ( process.env.STRATEGY_GOOGLE === 'true' ) {
|
|
let googStrategy = require( './strategies/google' )( app, session, sessionAppId, finalizeAuth )
|
|
authStrategies.push( googStrategy )
|
|
}
|
|
|
|
if ( process.env.STRATEGY_LOCAL === 'true' ) {
|
|
let localStrategy = require( './strategies/local' )( app, session, sessionAppId, finalizeAuth )
|
|
authStrategies.push( localStrategy )
|
|
}
|
|
} |