This commit is contained in:
Evert Prants 2023-01-11 18:23:08 +02:00
parent 2305b97364
commit 799f50ea08
Signed by: evert
GPG Key ID: 1688DA83D222D0B5
7 changed files with 30 additions and 21 deletions

View File

@ -2,7 +2,7 @@ import * as toml from 'toml';
import { resolve } from 'path'; import { resolve } from 'path';
import { readFile } from 'fs/promises'; import { readFile } from 'fs/promises';
import { Configuration } from './config.interfaces'; import { Configuration } from './config.interfaces';
import { FactoryProvider, ValueProvider } from '@nestjs/common'; import { FactoryProvider, Logger, ValueProvider } from '@nestjs/common';
const CONFIG_ENV = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'; const CONFIG_ENV = process.env.NODE_ENV === 'production' ? 'prod' : 'dev';
const CONFIG_FILENAME = process.env.CONFIG || `config.${CONFIG_ENV}.toml`; const CONFIG_FILENAME = process.env.CONFIG || `config.${CONFIG_ENV}.toml`;
@ -71,7 +71,7 @@ export const configProviders = [
...JSON.parse(JSON.stringify(toml.parse(file))), ...JSON.parse(JSON.stringify(toml.parse(file))),
}; };
} catch (e: unknown) { } catch (e: unknown) {
console.error('Failed to load configuration:', (e as Error).message); Logger.error('Failed to load configuration:', (e as Error).message);
return defaultConfig; return defaultConfig;
} }
}, },

View File

@ -73,9 +73,9 @@ export class OAuth2Service {
public clientService: OAuth2ClientService, public clientService: OAuth2ClientService,
public tokenService: OAuth2TokenService, public tokenService: OAuth2TokenService,
) { ) {
// if (process.env.NODE_ENV === 'development') { if (!!process.env.DEBUG_OAUTH2) {
// this.oauth.logger.setLogLevel('debug'); this.oauth.logger.setLogLevel('debug');
// } }
} }
public splitScope(scope: string | string[]): string[] { public splitScope(scope: string | string[]): string[] {

View File

@ -1,5 +1,5 @@
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import { Repository } from 'typeorm'; import { Raw, Repository } from 'typeorm';
import { OAuth2Client } from '../oauth2-client/oauth2-client.entity'; import { OAuth2Client } from '../oauth2-client/oauth2-client.entity';
import { User } from '../user/user.entity'; import { User } from '../user/user.entity';
import { OAuth2Token, OAuth2TokenType } from './oauth2-token.entity'; import { OAuth2Token, OAuth2TokenType } from './oauth2-token.entity';
@ -78,6 +78,12 @@ export class OAuth2TokenService {
}); });
} }
public async wipeExpiredTokens() {
await this.tokenRepository.delete({
expires_at: Raw((alias) => `${alias} < NOW()`),
});
}
public async remove(token: OAuth2Token): Promise<void> { public async remove(token: OAuth2Token): Promise<void> {
await this.tokenRepository.remove(token); await this.tokenRepository.remove(token);
} }

View File

@ -1,4 +1,4 @@
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable, Logger } from '@nestjs/common';
import { readFile, unlink } from 'fs/promises'; import { readFile, unlink } from 'fs/promises';
import { imageSize } from 'image-size'; import { imageSize } from 'image-size';
import { join } from 'path'; import { join } from 'path';
@ -57,7 +57,7 @@ export class UploadService {
try { try {
await unlink(path); await unlink(path);
} catch (e: unknown) { } catch (e: unknown) {
console.error('Failed to unlink avatar file:', (e as Error).stack); Logger.error('Failed to unlink avatar file:', (e as Error).stack);
} }
await this.uploadRepository.remove(upload); await this.uploadRepository.remove(upload);

View File

@ -14,7 +14,6 @@ import { Scope } from 'src/decorators/scope.decorator';
import { CurrentUser } from 'src/decorators/user.decorator'; import { CurrentUser } from 'src/decorators/user.decorator';
import { OAuth2Guard } from 'src/guards/oauth2.guard'; import { OAuth2Guard } from 'src/guards/oauth2.guard';
import { ConfigurationService } from 'src/modules/config/config.service'; import { ConfigurationService } from 'src/modules/config/config.service';
import { JWTService } from 'src/modules/jwt/jwt.service';
import { User } from 'src/modules/objects/user/user.entity'; import { User } from 'src/modules/objects/user/user.entity';
import { OAuth2Service } from '../../oauth2/oauth2.service'; import { OAuth2Service } from '../../oauth2/oauth2.service';
@ -24,7 +23,6 @@ export class OAuth2Controller {
constructor( constructor(
private _service: OAuth2Service, private _service: OAuth2Service,
private _config: ConfigurationService, private _config: ConfigurationService,
private _jwt: JWTService,
) {} ) {}
// These requests are just passed straight on to the provider controller // These requests are just passed straight on to the provider controller
@ -119,11 +117,4 @@ export class OAuth2Controller {
return userData; return userData;
} }
@Get('jwks')
getJWKS() {
return {
keys: [this._jwt.jwks],
};
}
} }

View File

@ -1,12 +1,16 @@
import { Controller, Get, Redirect, Res } from '@nestjs/common'; import { Controller, Get, Redirect, Res } from '@nestjs/common';
import { Response } from 'express'; import { Response } from 'express';
import { ConfigurationService } from '../config/config.service'; import { ConfigurationService } from '../config/config.service';
import { JWTService } from '../jwt/jwt.service';
@Controller({ @Controller({
path: '/.well-known/', path: '/.well-known/',
}) })
export class WellKnownController { export class WellKnownController {
constructor(private config: ConfigurationService) {} constructor(
private readonly config: ConfigurationService,
private readonly jwt: JWTService,
) {}
@Get('security.txt') @Get('security.txt')
securityTXT(@Res({ passthrough: true }) res: Response) { securityTXT(@Res({ passthrough: true }) res: Response) {
@ -28,6 +32,13 @@ Contact: mailto:evert@lunasqu.ee
return; return;
} }
@Get('jwks.json')
getJWKS() {
return {
keys: [this.jwt.jwks],
};
}
@Get('openid-configuration') @Get('openid-configuration')
openidConfiguration() { openidConfiguration() {
const base = this.config.get<string>('app.base_url'); const base = this.config.get<string>('app.base_url');
@ -35,7 +46,7 @@ Contact: mailto:evert@lunasqu.ee
issuer: this.config.get('jwt.issuer'), issuer: this.config.get('jwt.issuer'),
authorization_endpoint: `${base}/oauth2/authorize`, authorization_endpoint: `${base}/oauth2/authorize`,
token_endpoint: `${base}/oauth2/token`, token_endpoint: `${base}/oauth2/token`,
jwks_uri: `${base}/oauth2/jwks`, jwks_uri: `${base}/.well-known/jwks.json`,
userinfo_endpoint: `${base}/api/user`, userinfo_endpoint: `${base}/api/user`,
introspection_endpoint: `${base}/oauth2/introspect`, introspection_endpoint: `${base}/oauth2/introspect`,
response_types_supported: ['code', 'id_token'], response_types_supported: ['code', 'id_token'],

View File

@ -1,2 +1,3 @@
div.logo-container .logo-container
a(href="/", aria-label="Icy Network Home")
img(src="/public/image/icynet-icon.svg", alt="Icy Network") img(src="/public/image/icynet-icon.svg", alt="Icy Network")