icynet-auth-server/src/modules/features/oauth2/oauth2.service.ts

import { OAuth2AdapterModel, OAuth2Provider } from '@icynet/oauth2-provider';
import { Injectable } from '@nestjs/common';
import { OAuth2ClientService } from 'src/modules/objects/oauth2-client/oauth2-client.service';
import { OAuth2TokenService } from 'src/modules/objects/oauth2-token/oauth2-token.service';
import { UserService } from 'src/modules/objects/user/user.service';
import { TokenService } from 'src/modules/utility/services/token.service';
import { AccessTokenAdapter } from './adapter/access-token.adapter';
import { ClientAdapter } from './adapter/client.adapter';
import { CodeAdapter } from './adapter/code.adapter';
import { RefreshTokenAdapter } from './adapter/refresh-token.adapter';
import { UserAdapter } from './adapter/user.adapter';

const SCOPE_DESCRIPTION: Record<string, string> = {
  email: 'Email address',
  image: 'Profile picture',
};

const ALWAYS_AVAILABLE = ['Username and display name'];
const ALWAYS_UNAVAILABLE = ['Password and other account settings'];

@Injectable()
export class OAuth2Service {
  private _oauthAdapter: OAuth2AdapterModel = {
    accessToken: new AccessTokenAdapter(this),
    refreshToken: new RefreshTokenAdapter(this),
    user: new UserAdapter(this),
    client: new ClientAdapter(this),
    code: new CodeAdapter(this),
  };

  public oauth = new OAuth2Provider(
    this._oauthAdapter,
    async (req, res, client, scope) => {
      const fullClient = await this.clientService.getById(client.id as string);
      const allowedScopes = [...ALWAYS_AVAILABLE];
      const disallowedScopes = [...ALWAYS_UNAVAILABLE];

      Object.keys(SCOPE_DESCRIPTION).forEach((item) => {
        if (scope.includes(item)) {
          allowedScopes.push(SCOPE_DESCRIPTION[item]);
        } else {
          disallowedScopes.push(SCOPE_DESCRIPTION[item]);
        }
      });

      res.render('authorize', {
        csrf: req.csrfToken(),
        user: req.user,
        client: fullClient,
        allowedScopes,
        disallowedScopes,
      });
    },
  );

  constructor(
    public token: TokenService,
    public userService: UserService,
    public clientService: OAuth2ClientService,
    public tokenService: OAuth2TokenService,
  ) {
    if (process.env.NODE_ENV === 'development') {
      this.oauth.logger.setLogLevel('debug');
    }
  }

  public splitScope(scope: string | string[]): string[] {
    if (!scope) {
      return [];
    }

    if (Array.isArray(scope)) {
      return scope;
    }

    return scope.includes(',')
      ? scope.split(',').map((item) => item.trim())
      : scope.split(' ');
  }
}
Initial service setup 2022-03-09 18:37:04 +00:00			`import { OAuth2AdapterModel, OAuth2Provider } from '@icynet/oauth2-provider';`
			`import { Injectable } from '@nestjs/common';`
			`import { OAuth2ClientService } from 'src/modules/objects/oauth2-client/oauth2-client.service';`
			`import { OAuth2TokenService } from 'src/modules/objects/oauth2-token/oauth2-token.service';`
			`import { UserService } from 'src/modules/objects/user/user.service';`
			`import { TokenService } from 'src/modules/utility/services/token.service';`
			`import { AccessTokenAdapter } from './adapter/access-token.adapter';`
			`import { ClientAdapter } from './adapter/client.adapter';`
			`import { CodeAdapter } from './adapter/code.adapter';`
			`import { RefreshTokenAdapter } from './adapter/refresh-token.adapter';`
			`import { UserAdapter } from './adapter/user.adapter';`

OAuth2 authorization view 2022-03-16 18:37:50 +00:00			`const SCOPE_DESCRIPTION: Record<string, string> = {`
			`email: 'Email address',`
			`image: 'Profile picture',`
			`};`

			`const ALWAYS_AVAILABLE = ['Username and display name'];`
			`const ALWAYS_UNAVAILABLE = ['Password and other account settings'];`

Initial service setup 2022-03-09 18:37:04 +00:00			`@Injectable()`
			`export class OAuth2Service {`
			`private _oauthAdapter: OAuth2AdapterModel = {`
			`accessToken: new AccessTokenAdapter(this),`
			`refreshToken: new RefreshTokenAdapter(this),`
			`user: new UserAdapter(this),`
			`client: new ClientAdapter(this),`
			`code: new CodeAdapter(this),`
			`};`

OAuth2 authorization view 2022-03-16 18:37:50 +00:00			`public oauth = new OAuth2Provider(`
			`this._oauthAdapter,`
redirect uri follows the user 2022-03-20 17:05:21 +00:00			`async (req, res, client, scope) => {`
OAuth2 authorization view 2022-03-16 18:37:50 +00:00			`const fullClient = await this.clientService.getById(client.id as string);`
			`const allowedScopes = [...ALWAYS_AVAILABLE];`
			`const disallowedScopes = [...ALWAYS_UNAVAILABLE];`

			`Object.keys(SCOPE_DESCRIPTION).forEach((item) => {`
			`if (scope.includes(item)) {`
			`allowedScopes.push(SCOPE_DESCRIPTION[item]);`
			`} else {`
			`disallowedScopes.push(SCOPE_DESCRIPTION[item]);`
			`}`
			`});`

			`res.render('authorize', {`
redirect uri follows the user 2022-03-20 17:05:21 +00:00			`csrf: req.csrfToken(),`
OAuth2 authorization view 2022-03-16 18:37:50 +00:00			`user: req.user,`
			`client: fullClient,`
			`allowedScopes,`
			`disallowedScopes,`
			`});`
			`},`
			`);`
Initial service setup 2022-03-09 18:37:04 +00:00
			`constructor(`
			`public token: TokenService,`
			`public userService: UserService,`
			`public clientService: OAuth2ClientService,`
			`public tokenService: OAuth2TokenService,`
			`) {`
			`if (process.env.NODE_ENV === 'development') {`
			`this.oauth.logger.setLogLevel('debug');`
			`}`
			`}`

oauth2 revokations 2022-03-20 14:50:12 +00:00			`public splitScope(scope: string \| string[]): string[] {`
OAuth2 authorization view 2022-03-16 18:37:50 +00:00			`if (!scope) {`
			`return [];`
			`}`

oauth2 revokations 2022-03-20 14:50:12 +00:00			`if (Array.isArray(scope)) {`
			`return scope;`
			`}`

Initial service setup 2022-03-09 18:37:04 +00:00			`return scope.includes(',')`
			`? scope.split(',').map((item) => item.trim())`
			`: scope.split(' ');`
			`}`
			`}`