67 lines
1.9 KiB
TypeScript
67 lines
1.9 KiB
TypeScript
import { InvalidRequest } from '../model/error';
|
|
import { data as dataResponse } from '../utils/response';
|
|
import wrap from '../utils/wrap';
|
|
|
|
export const introspection = wrap(async function (req, res) {
|
|
let clientId: string | null = null;
|
|
let clientSecret: string | null = null;
|
|
|
|
const { oauth2 } = req;
|
|
|
|
if (req.body.client_id && req.body.client_secret) {
|
|
clientId = req.body.client_id as string;
|
|
clientSecret = req.body.client_secret as string;
|
|
req.oauth2.logger.debug(
|
|
'Client credentials parsed from body parameters ',
|
|
clientId,
|
|
clientSecret
|
|
);
|
|
} else {
|
|
if (!req.headers || !req.headers.authorization) {
|
|
throw new InvalidRequest('No authorization header passed');
|
|
}
|
|
|
|
let pieces = req.headers.authorization.split(' ', 2);
|
|
if (!pieces || pieces.length !== 2) {
|
|
throw new InvalidRequest('Authorization header is corrupted');
|
|
}
|
|
|
|
if (pieces[0] !== 'Basic') {
|
|
throw new InvalidRequest(
|
|
`Unsupported authorization method: ${pieces[0]}`
|
|
);
|
|
}
|
|
|
|
pieces = Buffer.from(pieces[1], 'base64').toString('ascii').split(':', 2);
|
|
if (!pieces || pieces.length !== 2) {
|
|
throw new InvalidRequest('Authorization header has corrupted data');
|
|
}
|
|
|
|
clientId = pieces[0];
|
|
clientSecret = pieces[1];
|
|
req.oauth2.logger.debug(
|
|
'Client credentials parsed from basic auth header: ',
|
|
clientId,
|
|
clientSecret
|
|
);
|
|
}
|
|
|
|
if (!req.body.token) {
|
|
throw new InvalidRequest('Token not provided in request body');
|
|
}
|
|
|
|
const token = await oauth2.model.accessToken.fetchByToken(req.body.token);
|
|
if (!token) {
|
|
throw new InvalidRequest('Token does not exist');
|
|
}
|
|
|
|
const ttl = oauth2.model.accessToken.getTTL(token);
|
|
const resObj = {
|
|
token_type: 'bearer',
|
|
token: token.token,
|
|
expires_in: Math.floor(ttl / 1000),
|
|
};
|
|
|
|
dataResponse(req, res, resObj);
|
|
});
|