import { OAuth2AdapterModel, OAuth2Provider } from '@icynet/oauth2-provider'; import { Injectable } from '@nestjs/common'; import { OAuth2ClientService } from 'src/modules/objects/oauth2-client/oauth2-client.service'; import { AccessTokenAdapter } from './adapter/access-token.adapter'; import { ClientAdapter } from './adapter/client.adapter'; import { CodeAdapter } from './adapter/code.adapter'; import { JWTAdapter } from './adapter/jwt.adapter'; import { RefreshTokenAdapter } from './adapter/refresh-token.adapter'; import { UserAdapter } from './adapter/user.adapter'; const SCOPE_DESCRIPTION: Record = { email: 'Email address', picture: 'Profile picture', }; const ALWAYS_AVAILABLE = ['Username and display name']; const ALWAYS_UNAVAILABLE = ['Password and other account settings']; @Injectable() export class OAuth2Service implements OAuth2AdapterModel { public oauth = new OAuth2Provider(this, async (req, res, client, scope) => { const fullClient = await this.clientService.getById(client.id as string); let allowedScopes = [...ALWAYS_AVAILABLE]; let disallowedScopes = [...ALWAYS_UNAVAILABLE]; Object.keys(SCOPE_DESCRIPTION).forEach((item) => { if (scope.includes(item)) { allowedScopes.push(SCOPE_DESCRIPTION[item]); } else { disallowedScopes.push(SCOPE_DESCRIPTION[item]); } }); if (scope.includes('management')) { allowedScopes = [ 'Manage Icy Network on your behalf', 'Commit administrative actions to the extent of your user privileges', ]; disallowedScopes = null; } res.render('authorize', { csrf: req.csrfToken(), user: req.user, client: fullClient, allowedScopes, disallowedScopes, }); }); constructor( public clientService: OAuth2ClientService, public accessToken: AccessTokenAdapter, public refreshToken: RefreshTokenAdapter, public user: UserAdapter, public client: ClientAdapter, public code: CodeAdapter, public jwt: JWTAdapter, ) { if (!!process.env.DEBUG_OAUTH2) { this.oauth.logger.setLogLevel('debug'); } } }