import express from 'express' import UAPI from '../api' import OAuth2 from '../api/oauth2' import RateLimit from 'express-rate-limit' import wrap from '../../scripts/asyncRoute' import config from '../../scripts/load-config.js' let router = express.Router() let oauth = new OAuth2() router.use(oauth.express()) let oauthLimiter = new RateLimit({ windowMs: 5 * 60 * 1000, // 5 minutes max: 10, delayMs: 0 }) router.use(oauthLimiter) function ensureLoggedIn (req, res, next) { if (req.session.user) return next() req.session.redirectUri = req.originalUrl res.redirect('/login') } // Generic OAuth2 endpoints router.use('/authorize', ensureLoggedIn, oauth.controller.authorization) router.post('/token', oauth.controller.token) router.post('/introspect', oauth.controller.introspection) // Protected user information resource router.get('/user', oauth.bearer, wrap(async (req, res) => { let accessToken = req.oauth2.accessToken let user = await UAPI.User.get(accessToken.user_id) if (!user) { return res.status(404).jsonp({ error: 'No such user' }) } let udata = { id: user.id, uuid: user.uuid, username: user.username, display_name: user.display_name } // Include Email if (accessToken.scope.indexOf('email') !== -1) { udata.email = user.email } // Include Avatar if (accessToken.scope.indexOf('image') !== -1 && user.avatar_file) { udata.image = `${config.server.domain}/api/avatar/${user.uuid}` udata.image_file = user.avatar_file } // Include privilege number if (accessToken.scope.indexOf('privilege') !== -1) { udata.privilege = user.nw_privilege } res.jsonp(udata) })) router.use((err, req, res, next) => { if (err && err instanceof oauth.error) { return oauth.response.error(req, res, err, req.body.redirectUri) } next() }) module.exports = router