2017-08-23 20:13:45 +00:00
|
|
|
import express from 'express'
|
2017-12-01 11:35:47 +00:00
|
|
|
|
2020-12-13 14:36:07 +00:00
|
|
|
import { User } from '../api'
|
|
|
|
|
import { OAuth2Provider } from '../api/oauth2'
|
2017-08-23 22:25:52 +00:00
|
|
|
import RateLimit from 'express-rate-limit'
|
2017-08-23 20:13:45 +00:00
|
|
|
import wrap from '../../scripts/asyncRoute'
|
2018-06-05 09:51:49 +00:00
|
|
|
import config from '../../scripts/load-config.js'
|
2017-08-23 20:13:45 +00:00
|
|
|
|
2020-05-28 18:30:21 +00:00
|
|
|
const router = express.Router()
|
2020-12-13 14:36:07 +00:00
|
|
|
const oauth = new OAuth2Provider()
|
2017-08-23 20:13:45 +00:00
|
|
|
|
|
|
|
|
router.use(oauth.express())
|
|
|
|
|
|
2020-05-28 18:30:21 +00:00
|
|
|
const oauthLimiter = new RateLimit({
|
2017-08-23 22:25:52 +00:00
|
|
|
windowMs: 5 * 60 * 1000, // 5 minutes
|
2017-08-27 11:48:47 +00:00
|
|
|
max: 10,
|
2017-08-23 22:25:52 +00:00
|
|
|
delayMs: 0
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
router.use(oauthLimiter)
|
|
|
|
|
|
2017-08-23 20:13:45 +00:00
|
|
|
function ensureLoggedIn (req, res, next) {
|
2017-08-25 11:37:34 +00:00
|
|
|
if (req.session.user) return next()
|
|
|
|
|
req.session.redirectUri = req.originalUrl
|
|
|
|
|
res.redirect('/login')
|
2017-08-23 20:13:45 +00:00
|
|
|
}
|
|
|
|
|
|
2017-08-27 11:48:47 +00:00
|
|
|
// Generic OAuth2 endpoints
|
2017-08-23 20:13:45 +00:00
|
|
|
router.use('/authorize', ensureLoggedIn, oauth.controller.authorization)
|
|
|
|
|
router.post('/token', oauth.controller.token)
|
|
|
|
|
router.post('/introspect', oauth.controller.introspection)
|
|
|
|
|
|
2017-08-27 11:48:47 +00:00
|
|
|
// Protected user information resource
|
2017-08-23 20:13:45 +00:00
|
|
|
router.get('/user', oauth.bearer, wrap(async (req, res) => {
|
2020-05-28 18:30:21 +00:00
|
|
|
const accessToken = req.oauth2.accessToken
|
2020-12-13 14:36:07 +00:00
|
|
|
const user = await User.get(accessToken.user_id)
|
2017-08-24 10:52:12 +00:00
|
|
|
|
2017-08-23 20:13:45 +00:00
|
|
|
if (!user) {
|
|
|
|
|
return res.status(404).jsonp({
|
|
|
|
|
error: 'No such user'
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-28 18:30:21 +00:00
|
|
|
const udata = {
|
2017-08-23 20:13:45 +00:00
|
|
|
id: user.id,
|
2017-09-22 20:59:43 +00:00
|
|
|
uuid: user.uuid,
|
2017-08-24 10:52:12 +00:00
|
|
|
username: user.username,
|
2018-06-05 09:51:49 +00:00
|
|
|
display_name: user.display_name
|
2017-08-23 20:13:45 +00:00
|
|
|
}
|
|
|
|
|
|
2017-08-24 10:52:12 +00:00
|
|
|
// Include Email
|
2017-08-24 18:36:40 +00:00
|
|
|
if (accessToken.scope.indexOf('email') !== -1) {
|
2017-08-23 20:13:45 +00:00
|
|
|
udata.email = user.email
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-05 09:51:49 +00:00
|
|
|
// Include Avatar
|
|
|
|
|
if (accessToken.scope.indexOf('image') !== -1 && user.avatar_file) {
|
|
|
|
|
udata.image = `${config.server.domain}/api/avatar/${user.uuid}`
|
|
|
|
|
udata.image_file = user.avatar_file
|
|
|
|
|
}
|
|
|
|
|
|
2017-08-24 10:52:12 +00:00
|
|
|
// Include privilege number
|
2017-08-24 18:36:40 +00:00
|
|
|
if (accessToken.scope.indexOf('privilege') !== -1) {
|
2017-08-23 20:13:45 +00:00
|
|
|
udata.privilege = user.nw_privilege
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
res.jsonp(udata)
|
|
|
|
|
}))
|
|
|
|
|
|
|
|
|
|
router.use((err, req, res, next) => {
|
|
|
|
|
if (err && err instanceof oauth.error) {
|
|
|
|
|
return oauth.response.error(req, res, err, req.body.redirectUri)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
next()
|
|
|
|
|
})
|
|
|
|
|
|
2020-12-13 14:36:07 +00:00
|
|
|
export default router
|
