server/api/auth.js

const log = require('../log')
const get = require('lodash/get')
const passport = require('passport')

// const oauth = require('./oauth')
// const User = require('./models/user')
// const OAuthClient = require('./models/oauth_client')
// const OAuthCode = require('./models/oauth_code')
// const OAuthToken = require('./models/oauth_token')


// const CustomStrategy = require('passport-custom').Strategy
// const LocalStrategy = require('passport-local').Strategy
// const BasicStrategy = require('passport-http').BasicStrategy
// const ClientPasswordStrategy = require('passport-oauth2-client-password').Strategy
// const BearerStrategy = require('passport-http-bearer').Strategy

// console.error('dentro passport setup!')
// passport.use('authenticate', new CustomStrategy(async (req, done) => {
//   console.error('dentro authenticate strategy')

//   // check if a cookie is passed
//   const token = get(req.cookies, 'auth._token.local', null)
//   const authorization = get(req.headers, 'authorization', null)
//   if (!authorization && token) {
//     req.headers.authorization = token
//   }

//   if (!authorization && !token) {
//     return done(null, false)
//   }

//   console.error(authorization, token)
//   return done(null, false)

// }))

/**
 * LocalStrategy
 *
 * This strategy is used to authenticate users based on a username and password.
 * Anytime a request is made to authorize an application, we must ensure that
 * a user is logged in before asking them to approve the request.
 */
// passport.use(new LocalStrategy(
//   async (username, password, done) => {
//     console.error(`sono qui dentro local strategy cerco ${username} ${password}}`)
//     const user = await User.findOne({ where: { email: username, is_active: true } })
//     console.error(user)
//     if (!user) {
//       return done(null, false)
//     }
//     // check if password matches
//     if (await user.comparePassword(password)) {
//       console.error('compare password ok!')
//       return done(null, user)
//     }
//     return done(null, false)
//   }
// // ))

// passport.serializeUser((user, done) =>  done(null, user.id))

// passport.deserializeUser(async (id, done) => {
//   const user = await User.findByPk(id)
//   done(null, user)
// })

/**
 * BasicStrategy & ClientPasswordStrategy
 *
 * These strategies are used to authenticate registered OAuth clients. They are
 * employed to protect the `token` endpoint, which consumers use to obtain
 * access tokens. The OAuth 2.0 specification suggests that clients use the
 * HTTP Basic scheme to authenticate. Use of the client password strategy
 * allows clients to send the same credentials in the request body (as opposed
 * to the `Authorization` header). While this approach is not recommended by
 * the specification, in practice it is quite common.
 */
// async function verifyClient(client_id, client_secret, done) {
//   console.error('Dentro verify client ', client_id, client_secret)
//   const client = await OAuthClient.findByPk(client_id, { raw: true })
//   console.error(client)
//   if (client_secret && client_secret !== client.client_secret) {
//     return done(null, false)
//   }

//   if (client) { client.grants = ['authorization_code', 'password'] } //sure ?

//   return done(null, client)
// }

// passport.use(new BasicStrategy(verifyClient))
// passport.use(new ClientPasswordStrategy(verifyClient))

/**
 * BearerStrategy
 *
 * This strategy is used to authenticate either users or clients based on an access token
 * (aka a bearer token). If a user, they must have previously authorized a client
 * application, which is issued an access token to make requests on behalf of
 * the authorizing user.
 */
// passport.use(new BearerStrategy(
//   async (accessToken, done) => {
//     console.error('dentro bearer strategy')
//     const token = await OAuthToken.findByPk(accessToken,
//         { include: [{ model: User, attributes: { exclude: ['password'] } }, { model: OAuthClient, as: 'client' }] })

//     if (!token) return done(null, false)
//     if (token.userId) {
//       if (!token.user) {
//         return done(null, false)
//       }
//       // To keep this example simple, restricted scopes are not implemented,
//       // and this is just for illustrative purposes.
//       done(null, user, { scope: '*' })
//     } else {
//       // The request came from a client only since userId is null,
//       // therefore the client is passed back instead of a user.
//       if (!token.client) {
//         return done(null, false)
//       }
//       // To keep this example simple, restricted scopes are not implemented,
//       // and this is just for illustrative purposes.
//       done(null, client, { scope: '*' })
//     }
//   }
// ))

const Auth = {

  isAuth (req, res, next) {
    // TODO: check anon user
    if (req.user) {
      next()
    } else {
      res.sendStatus(403)
    }
  },

  isAdmin (req, res, next) {
    if (req.user && req.user.is_admin) {
      next()
    } else {
      res.sendStatus(403)
    }
  },

  // TODO
  hasPerm (scope) {
    return (req, res, next) => {
      log.debug(scope, req.path)
      oauth.oauthServer.authenticate({ scope })(req, res, err => {
        if (err) {
          next()
        } else {
          next(Error(err))
        }
      })
    }
  }
}

module.exports = Auth
refactoring logs: use winston 2021-03-05 14:17:10 +01:00			`const log = require('../log')`
fix auth/oauth 2020-01-30 23:43:58 +01:00			`const get = require('lodash/get')`
squash new oauth2 flow 2022-11-04 12:22:21 +01:00			`const passport = require('passport')`
start with nuxt 2019-04-03 00:25:12 +02:00
squash new oauth2 flow 2022-11-04 12:22:21 +01:00			`// const oauth = require('./oauth')`
			`// const User = require('./models/user')`
			`// const OAuthClient = require('./models/oauth_client')`
			`// const OAuthCode = require('./models/oauth_code')`
			`// const OAuthToken = require('./models/oauth_token')`
[refactoring] auth as middleware 2019-10-30 14:58:40 +01:00
fix auth/oauth 2020-01-30 23:43:58 +01:00
squash new oauth2 flow 2022-11-04 12:22:21 +01:00			`// const CustomStrategy = require('passport-custom').Strategy`
			`// const LocalStrategy = require('passport-local').Strategy`
			`// const BasicStrategy = require('passport-http').BasicStrategy`
			`// const ClientPasswordStrategy = require('passport-oauth2-client-password').Strategy`
			`// const BearerStrategy = require('passport-http-bearer').Strategy`
fix auth/oauth 2020-01-30 23:43:58 +01:00
squash new oauth2 flow 2022-11-04 12:22:21 +01:00			`// console.error('dentro passport setup!')`
			`// passport.use('authenticate', new CustomStrategy(async (req, done) => {`
			`// console.error('dentro authenticate strategy')`

			`// // check if a cookie is passed`
			`// const token = get(req.cookies, 'auth._token.local', null)`
			`// const authorization = get(req.headers, 'authorization', null)`
			`// if (!authorization && token) {`
			`// req.headers.authorization = token`
			`// }`

			`// if (!authorization && !token) {`
			`// return done(null, false)`
			`// }`

			`// console.error(authorization, token)`
			`// return done(null, false)`

			`// }))`

			`/**`
			`* LocalStrategy`
			`*`
			`* This strategy is used to authenticate users based on a username and password.`
			`* Anytime a request is made to authorize an application, we must ensure that`
			`* a user is logged in before asking them to approve the request.`
			`*/`
			`// passport.use(new LocalStrategy(`
			`// async (username, password, done) => {`
			// console.error(`sono qui dentro local strategy cerco ${username} ${password}}`)
			`// const user = await User.findOne({ where: { email: username, is_active: true } })`
			`// console.error(user)`
			`// if (!user) {`
			`// return done(null, false)`
			`// }`
			`// // check if password matches`
			`// if (await user.comparePassword(password)) {`
			`// console.error('compare password ok!')`
			`// return done(null, user)`
			`// }`
			`// return done(null, false)`
			`// }`
			`// // ))`

			`// passport.serializeUser((user, done) => done(null, user.id))`

			`// passport.deserializeUser(async (id, done) => {`
			`// const user = await User.findByPk(id)`
			`// done(null, user)`
			`// })`

			`/**`
			`* BasicStrategy & ClientPasswordStrategy`
			`*`
			`* These strategies are used to authenticate registered OAuth clients. They are`
			* employed to protect the `token` endpoint, which consumers use to obtain
			`* access tokens. The OAuth 2.0 specification suggests that clients use the`
			`* HTTP Basic scheme to authenticate. Use of the client password strategy`
			`* allows clients to send the same credentials in the request body (as opposed`
			* to the `Authorization` header). While this approach is not recommended by
			`* the specification, in practice it is quite common.`
			`*/`
			`// async function verifyClient(client_id, client_secret, done) {`
			`// console.error('Dentro verify client ', client_id, client_secret)`
			`// const client = await OAuthClient.findByPk(client_id, { raw: true })`
			`// console.error(client)`
			`// if (client_secret && client_secret !== client.client_secret) {`
			`// return done(null, false)`
			`// }`

			`// if (client) { client.grants = ['authorization_code', 'password'] } //sure ?`

			`// return done(null, client)`
			`// }`

			`// passport.use(new BasicStrategy(verifyClient))`
			`// passport.use(new ClientPasswordStrategy(verifyClient))`

			`/**`
			`* BearerStrategy`
			`*`
			`* This strategy is used to authenticate either users or clients based on an access token`
			`* (aka a bearer token). If a user, they must have previously authorized a client`
			`* application, which is issued an access token to make requests on behalf of`
			`* the authorizing user.`
			`*/`
			`// passport.use(new BearerStrategy(`
			`// async (accessToken, done) => {`
			`// console.error('dentro bearer strategy')`
			`// const token = await OAuthToken.findByPk(accessToken,`
			`// { include: [{ model: User, attributes: { exclude: ['password'] } }, { model: OAuthClient, as: 'client' }] })`

			`// if (!token) return done(null, false)`
			`// if (token.userId) {`
			`// if (!token.user) {`
			`// return done(null, false)`
			`// }`
			`// // To keep this example simple, restricted scopes are not implemented,`
			`// // and this is just for illustrative purposes.`
			`// done(null, user, { scope: '*' })`
			`// } else {`
			`// // The request came from a client only since userId is null,`
			`// // therefore the client is passed back instead of a user.`
			`// if (!token.client) {`
			`// return done(null, false)`
			`// }`
			`// // To keep this example simple, restricted scopes are not implemented,`
			`// // and this is just for illustrative purposes.`
			`// done(null, client, { scope: '*' })`
			`// }`
			`// }`
			`// ))`

			`const Auth = {`
oauth fillUser 2020-01-30 12:39:32 +01:00
squash new oauth2 flow 2022-11-04 12:22:21 +01:00			`isAuth (req, res, next) {`
			`// TODO: check anon user`
			`if (req.user) {`
fix auth/oauth 2020-01-30 23:43:58 +01:00			`next()`
			`} else {`
minor with logging and cleanup bootstrap 2022-03-10 12:37:05 +01:00			`res.sendStatus(403)`
fix auth/oauth 2020-01-30 23:43:58 +01:00			`}`
			`},`

linting 2019-09-11 19:12:24 +02:00			`isAdmin (req, res, next) {`
squash new oauth2 flow 2022-11-04 12:22:21 +01:00			`if (req.user && req.user.is_admin) {`
fix auth/oauth 2020-01-30 23:43:58 +01:00			`next()`
			`} else {`
minor with logging and cleanup bootstrap 2022-03-10 12:37:05 +01:00			`res.sendStatus(403)`
fix auth/oauth 2020-01-30 23:43:58 +01:00			`}`
use oauth2 password flow for webclient 2020-01-27 00:47:03 +01:00			`},`

fix auth/oauth 2020-01-30 23:43:58 +01:00			`// TODO`
use oauth2 password flow for webclient 2020-01-27 00:47:03 +01:00			`hasPerm (scope) {`
			`return (req, res, next) => {`
refactoring logs: use winston 2021-03-05 14:17:10 +01:00			`log.debug(scope, req.path)`
refactoring acl 2021-05-19 16:38:22 +02:00			`oauth.oauthServer.authenticate({ scope })(req, res, err => {`
			`if (err) {`
			`next()`
			`} else {`
			`next(Error(err))`
			`}`
use oauth2 password flow for webclient 2020-01-27 00:47:03 +01:00			`})`
. 2019-06-06 23:54:32 +02:00			`}`
linting 2019-09-11 19:12:24 +02:00			`}`
start with nuxt 2019-04-03 00:25:12 +02:00			`}`

			`module.exports = Auth`