import error from '../error' import response from '../response' import wrap from '../wrap' module.exports = wrap(async function (req, res) { let clientId = null let clientSecret = null if (req.body.client_id && req.body.client_secret) { clientId = req.body.client_id clientSecret = req.body.client_secret console.debug('Client credentials parsed from body parameters ', clientId, clientSecret) } else { if (!req.headers || !req.headers.authorization) { throw new error.InvalidRequest('No authorization header passed') } let pieces = req.headers.authorization.split(' ', 2) if (!pieces || pieces.length !== 2) { throw new error.InvalidRequest('Authorization header is corrupted') } if (pieces[0] !== 'Basic') { throw new error.InvalidRequest('Unsupported authorization method:', pieces[0]) } pieces = Buffer.from(pieces[1], 'base64').toString('ascii').split(':', 2) if (!pieces || pieces.length !== 2) { throw new error.InvalidRequest('Authorization header has corrupted data') } clientId = pieces[0] clientSecret = pieces[1] console.debug('Client credentials parsed from basic auth header: ', clientId, clientSecret) } if (!req.body.token) { throw new error.InvalidRequest('Token not provided in request body') } const token = await req.oauth2.model.accessToken.fetchByToken(req.body.token) if (!token) { throw new error.InvalidRequest('Token does not exist') } const ttl = req.oauth2.model.accessToken.getTTL(token) const resObj = { token_type: 'bearer', token: token.token, expires_in: Math.floor(ttl / 1000) } response.data(req, res, resObj) })