OAuth server: first draft
This commit is contained in:
parent
233d12d8b1
commit
9457bf8807
|
@ -31,7 +31,7 @@
|
||||||
"client:tsc": "cd client && npm run tsc",
|
"client:tsc": "cd client && npm run tsc",
|
||||||
"client:tsc:watch": "cd client && npm run tsc:w",
|
"client:tsc:watch": "cd client && npm run tsc:w",
|
||||||
"client:tsc:clean": "cd client && find angular -regextype posix-egrep -regex \".*\\.(js|map)$\" -exec rm -f {} \\;",
|
"client:tsc:clean": "cd client && find angular -regextype posix-egrep -regex \".*\\.(js|map)$\" -exec rm -f {} \\;",
|
||||||
"dev": "npm run build && concurrently \"npm run livereload\" \"npm run client:tsc:watch\" \"npm run client:sass:watch\" \"npm start\"",
|
"dev": "npm run build && NODE_ENV=test concurrently \"npm run livereload\" \"npm run client:tsc:watch\" \"npm run client:sass:watch\" \"npm start\"",
|
||||||
"livereload": "livereload ./client",
|
"livereload": "livereload ./client",
|
||||||
"start": "node server",
|
"start": "node server",
|
||||||
"test": "standard && mocha server/tests",
|
"test": "standard && mocha server/tests",
|
||||||
|
@ -48,6 +48,7 @@
|
||||||
"dezalgo": "^1.0.3",
|
"dezalgo": "^1.0.3",
|
||||||
"electron-spawn": "https://github.com/Chocobozzz/electron-spawn",
|
"electron-spawn": "https://github.com/Chocobozzz/electron-spawn",
|
||||||
"express": "^4.12.4",
|
"express": "^4.12.4",
|
||||||
|
"express-oauth-server": "https://github.com/oauthjs/express-oauth-server",
|
||||||
"express-validator": "^2.11.0",
|
"express-validator": "^2.11.0",
|
||||||
"js-yaml": "^3.5.4",
|
"js-yaml": "^3.5.4",
|
||||||
"lodash-node": "^3.10.2",
|
"lodash-node": "^3.10.2",
|
||||||
|
@ -62,7 +63,7 @@
|
||||||
"segfault-handler": "^1.0.0",
|
"segfault-handler": "^1.0.0",
|
||||||
"ursa": "^0.9.1",
|
"ursa": "^0.9.1",
|
||||||
"validator": "^5.0.0",
|
"validator": "^5.0.0",
|
||||||
"webtorrent": "^0.85.1",
|
"webtorrent": "^0.86.0",
|
||||||
"winston": "^2.1.1",
|
"winston": "^2.1.1",
|
||||||
"ws": "^1.0.1"
|
"ws": "^1.0.1"
|
||||||
},
|
},
|
||||||
|
|
|
@ -119,6 +119,14 @@ app.use(function (err, req, res, next) {
|
||||||
res.sendStatus(err.status || 500)
|
res.sendStatus(err.status || 500)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
// TODO: move into initializer
|
||||||
|
require('./server/models/users').createClient('coucou', [ 'password' ], function (err, id) {
|
||||||
|
if (err) throw err
|
||||||
|
logger.info('Client id: ' + id)
|
||||||
|
|
||||||
|
require('./server/models/users').createUser('floflo', 'coucou', function () {})
|
||||||
|
})
|
||||||
|
|
||||||
// ----------- Create the certificates if they don't already exist -----------
|
// ----------- Create the certificates if they don't already exist -----------
|
||||||
peertubeCrypto.createCertsIfNotExist(function (err) {
|
peertubeCrypto.createCertsIfNotExist(function (err) {
|
||||||
if (err) throw err
|
if (err) throw err
|
||||||
|
|
|
@ -6,10 +6,12 @@ const router = express.Router()
|
||||||
|
|
||||||
const podsController = require('./pods')
|
const podsController = require('./pods')
|
||||||
const remoteVideosController = require('./remoteVideos')
|
const remoteVideosController = require('./remoteVideos')
|
||||||
|
const usersController = require('./users')
|
||||||
const videosController = require('./videos')
|
const videosController = require('./videos')
|
||||||
|
|
||||||
router.use('/pods', podsController)
|
router.use('/pods', podsController)
|
||||||
router.use('/remotevideos', remoteVideosController)
|
router.use('/remotevideos', remoteVideosController)
|
||||||
|
router.use('/users', usersController)
|
||||||
router.use('/videos', videosController)
|
router.use('/videos', videosController)
|
||||||
router.use('/*', badRequest)
|
router.use('/*', badRequest)
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,22 @@
|
||||||
|
'use strict'
|
||||||
|
|
||||||
|
var express = require('express')
|
||||||
|
var oAuth2 = require('../../../middlewares/oauth2')
|
||||||
|
|
||||||
|
const middleware = require('../../../middlewares')
|
||||||
|
const cacheMiddleware = middleware.cache
|
||||||
|
|
||||||
|
const router = express.Router()
|
||||||
|
|
||||||
|
router.post('/token', cacheMiddleware.cache(false), oAuth2.token(), success)
|
||||||
|
router.get('/authenticate', cacheMiddleware.cache(false), oAuth2.authenticate(), success)
|
||||||
|
|
||||||
|
// ---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
module.exports = router
|
||||||
|
|
||||||
|
// ---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
function success (req, res, next) {
|
||||||
|
res.end()
|
||||||
|
}
|
|
@ -0,0 +1,11 @@
|
||||||
|
'use strict'
|
||||||
|
|
||||||
|
const OAuthServer = require('express-oauth-server')
|
||||||
|
|
||||||
|
const oAuth2 = new OAuthServer({
|
||||||
|
model: require('../models/users')
|
||||||
|
})
|
||||||
|
|
||||||
|
// ---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
module.exports = oAuth2
|
|
@ -0,0 +1,108 @@
|
||||||
|
const mongoose = require('mongoose')
|
||||||
|
|
||||||
|
const logger = require('../helpers/logger')
|
||||||
|
|
||||||
|
// ---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
const oAuthTokensSchema = mongoose.Schema({
|
||||||
|
accessToken: String,
|
||||||
|
accessTokenExpiresOn: Date,
|
||||||
|
client: { type: mongoose.Schema.Types.ObjectId, ref: 'oAuthClients' },
|
||||||
|
refreshToken: String,
|
||||||
|
refreshTokenExpiresOn: Date,
|
||||||
|
user: { type: mongoose.Schema.Types.ObjectId, ref: 'users' }
|
||||||
|
})
|
||||||
|
const OAuthTokensDB = mongoose.model('oAuthTokens', oAuthTokensSchema)
|
||||||
|
|
||||||
|
const oAuthClientsSchema = mongoose.Schema({
|
||||||
|
clientSecret: String,
|
||||||
|
grants: Array,
|
||||||
|
redirectUris: Array
|
||||||
|
})
|
||||||
|
const OAuthClientsDB = mongoose.model('oAuthClients', oAuthClientsSchema)
|
||||||
|
|
||||||
|
const usersSchema = mongoose.Schema({
|
||||||
|
password: String,
|
||||||
|
username: String
|
||||||
|
})
|
||||||
|
const UsersDB = mongoose.model('users', usersSchema)
|
||||||
|
|
||||||
|
// ---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
const Users = {
|
||||||
|
createClient: createClient,
|
||||||
|
createUser: createUser,
|
||||||
|
getAccessToken: getAccessToken,
|
||||||
|
getClient: getClient,
|
||||||
|
getRefreshToken: getRefreshToken,
|
||||||
|
getUser: getUser,
|
||||||
|
saveToken: saveToken
|
||||||
|
}
|
||||||
|
|
||||||
|
function createClient (secret, grants, callback) {
|
||||||
|
logger.debug('Creating client.')
|
||||||
|
|
||||||
|
const mongo_id = new mongoose.mongo.ObjectID()
|
||||||
|
return OAuthClientsDB.create({ _id: mongo_id, clientSecret: secret, grants: grants }, function (err) {
|
||||||
|
if (err) return callback(err)
|
||||||
|
|
||||||
|
return callback(null, mongo_id)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
function createUser (username, password, callback) {
|
||||||
|
logger.debug('Creating user.')
|
||||||
|
|
||||||
|
return UsersDB.create({ username: username, password: password }, callback)
|
||||||
|
}
|
||||||
|
|
||||||
|
function getAccessToken (bearerToken, callback) {
|
||||||
|
logger.debug('Getting access token (bearerToken: ' + bearerToken + ').')
|
||||||
|
|
||||||
|
return OAuthTokensDB.findOne({ accessToken: bearerToken }).populate('user')
|
||||||
|
}
|
||||||
|
|
||||||
|
function getClient (clientId, clientSecret) {
|
||||||
|
logger.debug('Getting Client (clientId: ' + clientId + ', clientSecret: ' + clientSecret + ').')
|
||||||
|
|
||||||
|
// TODO req validator
|
||||||
|
const mongo_id = new mongoose.mongo.ObjectID(clientId)
|
||||||
|
return OAuthClientsDB.findOne({ _id: mongo_id, clientSecret: clientSecret })
|
||||||
|
}
|
||||||
|
|
||||||
|
function getRefreshToken (refreshToken) {
|
||||||
|
logger.debug('Getting RefreshToken (refreshToken: ' + refreshToken + ').')
|
||||||
|
|
||||||
|
return OAuthTokensDB.findOne({ refreshToken: refreshToken })
|
||||||
|
}
|
||||||
|
|
||||||
|
function getUser (username, password) {
|
||||||
|
logger.debug('Getting User (username: ' + username + ', password: ' + password + ').')
|
||||||
|
return UsersDB.findOne({ username: username, password: password })
|
||||||
|
}
|
||||||
|
|
||||||
|
function saveToken (token, client, user) {
|
||||||
|
logger.debug('Saving token for client ' + client.id + ' and user ' + user.id + '.')
|
||||||
|
|
||||||
|
const token_to_create = {
|
||||||
|
accessToken: token.accessToken,
|
||||||
|
accessTokenExpiresOn: token.accessTokenExpiresOn,
|
||||||
|
client: client.id,
|
||||||
|
refreshToken: token.refreshToken,
|
||||||
|
refreshTokenExpiresOn: token.refreshTokenExpiresOn,
|
||||||
|
user: user.id
|
||||||
|
}
|
||||||
|
|
||||||
|
return OAuthTokensDB.create(token_to_create, function (err, token_created) {
|
||||||
|
if (err) throw err // node-oauth2-server library use Promise.try
|
||||||
|
|
||||||
|
token_created.client = client
|
||||||
|
token_created.user = user
|
||||||
|
|
||||||
|
return token_created
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
// ---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
module.exports = Users
|
Loading…
Reference in New Issue