65 lines
2.1 KiB
TypeScript
65 lines
2.1 KiB
TypeScript
import { OAuth2AdapterModel, OAuth2Provider } from '@icynet/oauth2-provider';
|
|
import { Injectable } from '@nestjs/common';
|
|
import { OAuth2ClientService } from 'src/modules/objects/oauth2-client/oauth2-client.service';
|
|
import { AccessTokenAdapter } from './adapter/access-token.adapter';
|
|
import { ClientAdapter } from './adapter/client.adapter';
|
|
import { CodeAdapter } from './adapter/code.adapter';
|
|
import { JWTAdapter } from './adapter/jwt.adapter';
|
|
import { RefreshTokenAdapter } from './adapter/refresh-token.adapter';
|
|
import { UserAdapter } from './adapter/user.adapter';
|
|
|
|
const SCOPE_DESCRIPTION: Record<string, string> = {
|
|
email: 'Email address',
|
|
picture: 'Profile picture',
|
|
};
|
|
|
|
const ALWAYS_AVAILABLE = ['Username and display name'];
|
|
const ALWAYS_UNAVAILABLE = ['Password and other account settings'];
|
|
|
|
@Injectable()
|
|
export class OAuth2Service implements OAuth2AdapterModel {
|
|
public oauth = new OAuth2Provider(this, async (req, res, client, scope) => {
|
|
const fullClient = await this.clientService.getById(client.id as string);
|
|
let allowedScopes = [...ALWAYS_AVAILABLE];
|
|
let disallowedScopes = [...ALWAYS_UNAVAILABLE];
|
|
|
|
Object.keys(SCOPE_DESCRIPTION).forEach((item) => {
|
|
if (scope.includes(item)) {
|
|
allowedScopes.push(SCOPE_DESCRIPTION[item]);
|
|
} else {
|
|
disallowedScopes.push(SCOPE_DESCRIPTION[item]);
|
|
}
|
|
});
|
|
|
|
if (scope.includes('management')) {
|
|
allowedScopes = [
|
|
'Manage Icy Network on your behalf',
|
|
'Commit administrative actions to the extent of your user privileges',
|
|
];
|
|
disallowedScopes = null;
|
|
}
|
|
|
|
res.render('authorize', {
|
|
csrf: req.csrfToken(),
|
|
user: req.user,
|
|
client: fullClient,
|
|
allowedScopes,
|
|
disallowedScopes,
|
|
});
|
|
});
|
|
|
|
constructor(
|
|
public clientService: OAuth2ClientService,
|
|
public accessToken: AccessTokenAdapter,
|
|
public refreshToken: RefreshTokenAdapter,
|
|
public user: UserAdapter,
|
|
public client: ClientAdapter,
|
|
public code: CodeAdapter,
|
|
public jwt: JWTAdapter,
|
|
) {
|
|
if (!!process.env.DEBUG_OAUTH2) {
|
|
this.oauth.logger.setLogLevel('debug');
|
|
}
|
|
}
|
|
}
|