This repository has been archived on 2022-11-26. You can view files and clone it, but cannot push or open issues or pull requests.
IcyNet.eu/server/routes/oauth2.js

79 lines
1.9 KiB
JavaScript

import express from 'express'
import { User } from '../api'
import { OAuth2Provider } from '../api/oauth2'
import RateLimit from 'express-rate-limit'
import wrap from '../../scripts/asyncRoute'
import config from '../../scripts/load-config.js'
const router = express.Router()
const oauth = new OAuth2Provider()
router.use(oauth.express())
const oauthLimiter = new RateLimit({
windowMs: 5 * 60 * 1000, // 5 minutes
max: 10,
delayMs: 0
})
router.use(oauthLimiter)
function ensureLoggedIn (req, res, next) {
if (req.session.user) return next()
req.session.redirectUri = req.originalUrl
res.redirect('/login')
}
// Generic OAuth2 endpoints
router.use('/authorize', ensureLoggedIn, oauth.controller.authorization)
router.post('/token', oauth.controller.token)
router.post('/introspect', oauth.controller.introspection)
// Protected user information resource
router.get('/user', oauth.bearer, wrap(async (req, res) => {
const accessToken = req.oauth2.accessToken
const user = await User.get(accessToken.user_id)
if (!user) {
return res.status(404).jsonp({
error: 'No such user'
})
}
const udata = {
id: user.id,
uuid: user.uuid,
username: user.username,
display_name: user.display_name
}
// Include Email
if (accessToken.scope.indexOf('email') !== -1) {
udata.email = user.email
}
// Include Avatar
if (accessToken.scope.indexOf('image') !== -1 && user.avatar_file) {
udata.image = `${config.server.domain}/api/avatar/${user.uuid}`
udata.image_file = user.avatar_file
}
// Include privilege number
if (accessToken.scope.indexOf('privilege') !== -1) {
udata.privilege = user.nw_privilege
}
res.jsonp(udata)
}))
router.use((err, req, res, next) => {
if (err && err instanceof oauth.error) {
return oauth.response.error(req, res, err, req.body.redirectUri)
}
next()
})
export default router