IcyNet.eu/server/api/oauth2/middleware.js

import { AccessDenied, Forbidden } from './error'
import wrap from './wrap'

export const middleware = wrap(async function (req, res, next) {
  console.debug('Parsing bearer token')
  let token = null

  // Look for token in header
  if (req.headers.authorization) {
    const pieces = req.headers.authorization.split(' ', 2)

    // Check authorization header
    if (!pieces || pieces.length !== 2) {
      throw new AccessDenied('Wrong authorization header')
    }

    // Only bearer auth is supported
    if (pieces[0].toLowerCase() !== 'bearer') {
      throw new AccessDenied('Unsupported authorization method in header')
    }

    token = pieces[1]
    console.debug('Bearer token parsed from authorization header:', token)
  } else if (req.query && req.query.access_token) {
    token = req.query.access_token
    console.debug('Bearer token parsed from query params:', token)
  } else if (req.body && req.body.access_token) {
    token = req.body.access_token
    console.debug('Bearer token parsed from body params:', token)
  } else {
    throw new AccessDenied('Bearer token not found')
  }

  // Try to fetch access token
  const object = await req.oauth2.model.accessToken.fetchByToken(token)
  if (!object) {
    throw new Forbidden('Token not found or has expired')
  } else if (!req.oauth2.model.accessToken.checkTTL(object)) {
    throw new Forbidden('Token is expired')
  } else {
    req.oauth2.accessToken = object
    console.debug('AccessToken fetched', object)
    next()
  }
})
Major refactor and code modernization, vol. 1 2020-12-13 14:36:07 +00:00			`import { AccessDenied, Forbidden } from './error'`
Clean up OAuth2 provider code, support multiple request types in preparation for OIDC 2020-06-05 15:18:23 +00:00			`import wrap from './wrap'`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00
Major refactor and code modernization, vol. 1 2020-12-13 14:36:07 +00:00			`export const middleware = wrap(async function (req, res, next) {`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`console.debug('Parsing bearer token')`
			`let token = null`

			`// Look for token in header`
			`if (req.headers.authorization) {`
			`const pieces = req.headers.authorization.split(' ', 2)`

			`// Check authorization header`
			`if (!pieces \|\| pieces.length !== 2) {`
Major refactor and code modernization, vol. 1 2020-12-13 14:36:07 +00:00			`throw new AccessDenied('Wrong authorization header')`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`}`

			`// Only bearer auth is supported`
			`if (pieces[0].toLowerCase() !== 'bearer') {`
Major refactor and code modernization, vol. 1 2020-12-13 14:36:07 +00:00			`throw new AccessDenied('Unsupported authorization method in header')`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`}`

			`token = pieces[1]`
			`console.debug('Bearer token parsed from authorization header:', token)`
Maintenance commit. 2020-05-28 18:30:21 +00:00			`} else if (req.query && req.query.access_token) {`
			`token = req.query.access_token`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`console.debug('Bearer token parsed from query params:', token)`
Maintenance commit. 2020-05-28 18:30:21 +00:00			`} else if (req.body && req.body.access_token) {`
			`token = req.body.access_token`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`console.debug('Bearer token parsed from body params:', token)`
			`} else {`
Major refactor and code modernization, vol. 1 2020-12-13 14:36:07 +00:00			`throw new AccessDenied('Bearer token not found')`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`}`

			`// Try to fetch access token`
Maintenance commit. 2020-05-28 18:30:21 +00:00			`const object = await req.oauth2.model.accessToken.fetchByToken(token)`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`if (!object) {`
Major refactor and code modernization, vol. 1 2020-12-13 14:36:07 +00:00			`throw new Forbidden('Token not found or has expired')`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`} else if (!req.oauth2.model.accessToken.checkTTL(object)) {`
Major refactor and code modernization, vol. 1 2020-12-13 14:36:07 +00:00			`throw new Forbidden('Token is expired')`
OAuth2 provider implemented 2017-08-23 20:13:45 +00:00			`} else {`
			`req.oauth2.accessToken = object`
			`console.debug('AccessToken fetched', object)`
			`next()`
			`}`
			`})`