Make angular client load dynamically the generated client id/secret

client/angular/users/services/auth.service.ts

@@ -11,12 +11,29 @@ export class AuthService {
 
   private _loginChanged;
   private _baseLoginUrl = '/api/v1/users/token';
+  private _baseClientUrl = '/api/v1/users/client';
   private _clientId = '56f055587305d40b21904240';
   private _clientSecret = 'megustalabanana';
 
   constructor (private http: Http) {
     this._loginChanged = new Subject<AuthStatus>();
     this.loginChanged$ = this._loginChanged.asObservable();
+
+    // Fetch the client_id/client_secret
+    // FIXME: save in local storage?
+    this.http.get(this._baseClientUrl)
+      .map(res => res.json())
+      .catch(this.handleError)
+      .subscribe(
+        result => {
+          this._clientId = result.client_id;
+          this._clientSecret = result.client_secret;
+          console.log('Client credentials loaded.');
+        },
+        error => {
+          alert(error);
+        }
+      )
   }
 
   login(username: string, password: string) {

server/controllers/api/v1/users.js

@@ -1,13 +1,16 @@
 'use strict'
 
+const config = require('config')
 const express = require('express')
 const oAuth2 = require('../../../middlewares/oauth2')
 
 const middleware = require('../../../middlewares')
 const cacheMiddleware = middleware.cache
+const Users = require('../../../models/users')
 
 const router = express.Router()
 
+router.get('/client', cacheMiddleware.cache(false), getAngularClient)
 router.post('/token', cacheMiddleware.cache(false), oAuth2.token, success)
 
 // ---------------------------------------------------------------------------
@@ -16,6 +19,27 @@ module.exports = router
 
 // ---------------------------------------------------------------------------
 
+function getAngularClient (req, res, next) {
+  const server_host = config.get('webserver.host')
+  const server_port = config.get('webserver.port')
+  let header_host_should_be = server_host
+  if (server_port !== 80 && server_port !== 443) {
+    header_host_should_be += ':' + server_port
+  }
+
+  if (req.get('host') !== header_host_should_be) return res.type('json').status(403).end()
+
+  Users.getFirstClient(function (err, client) {
+    if (err) return next(err)
+    if (!client) return next(new Error('No client available.'))
+
+    res.json({
+      client_id: client._id,
+      client_secret: client.clientSecret
+    })
+  })
+}
+
 function success (req, res, next) {
   res.end()
 }

server/models/users.js

@@ -35,6 +35,7 @@ const Users = {
   getAccessToken: getAccessToken,
   getClient: getClient,
   getClients: getClients,
+  getFirstClient: getFirstClient,
   getRefreshToken: getRefreshToken,
   getUser: getUser,
   getUsers: getUsers,
@@ -64,6 +65,10 @@ function getAccessToken (bearerToken, callback) {
   return OAuthTokensDB.findOne({ accessToken: bearerToken }).populate('user')
 }
 
+function getFirstClient (callback) {
+  return OAuthClientsDB.findOne({}, callback)
+}
+
 function getClient (clientId, clientSecret) {
   logger.debug('Getting Client (clientId: ' + clientId + ', clientSecret: ' + clientSecret + ').')