diff --git a/components/admin/Users.vue b/components/admin/Users.vue index cc571a14..21952168 100644 --- a/components/admin/Users.vue +++ b/components/admin/Users.vue @@ -5,7 +5,7 @@ div el-collapse-item template(slot='title') el-button(type='text' mini size='mini') {{$t('common.new_user')}} - el-form(inline) + el-form(inline @submit.native.prevent='create_user') el-form-item(:label="$t('common.email')") el-input(v-model='new_user.email') el-form-item(:label="$t('common.admin')") diff --git a/server/api/auth.js b/server/api/auth.js index a138aedc..e8702ba0 100644 --- a/server/api/auth.js +++ b/server/api/auth.js @@ -1,39 +1,48 @@ const debug = require('debug')('auth') const oauth = require('./oauth') +const get = require('lodash/get') const Auth = { - /** isAuth middleware - * req.user is filled in server/helper.js#initMiddleware - */ - isAuth (req, res, next) { - return oauth.oauthServer.authenticate()(req, res, next) - }, - fillUser (req, res, next) { + const token = get(req.cookies, 'auth._token.local', null) + const authorization = get(req.headers, 'authorization', null) + if (!authorization && token) { + req.headers.authorization = token + } + + if (!authorization && !token) { + return next() + } + oauth.oauthServer.authenticate()(req, res, () => { - req.user = res.locals.oauth.token.user + req.user = get(res, 'locals.oauth.token.user', null) next() }) }, - /** isAdmin middleware */ - isAdmin (req, res, next) { - oauth.oauthServer.authenticate()(req, res, () => { - req.user = res.locals.oauth.token.user - if (req.user.is_admin) { - next() - } else { - res.status(404) - } - }) + isAuth (req, res, next) { + if (req.user) { + next() + } else { + res.status(404) + } }, + isAdmin (req, res, next) { + if (req.user.is_admin) { + next() + } else { + res.status(404) + } + }, + + // TODO hasPerm (scope) { return (req, res, next) => { debug(scope, req.path) oauth.oauthServer.authenticate({ scope })(req, res, () => { - req.user = res.locals.oauth.token.user + debug('has perm') next() }) } diff --git a/server/api/controller/oauth.js b/server/api/controller/oauth.js index 87a198f0..2c4a1bf2 100644 --- a/server/api/controller/oauth.js +++ b/server/api/controller/oauth.js @@ -6,6 +6,7 @@ const { oauth_code: OAuthCode, user: User } = require('../models') const debug = require('debug')('oauth') +const moment = require('moment') async function randomString (len = 16) { const bytes = await randomBytes(len * 8) @@ -19,7 +20,6 @@ const oauthController = { // create client => http:///gancio.org/oauth#create-client async createClient (req, res) { - debug('Create client ', req.body.client_name) // only write scope is supported if (req.body.scopes && req.body.scopes !== 'event:write') { return res.status(422).json({ error: 'Invalid scopes' }) @@ -101,13 +101,13 @@ const oauthController = { async getAuthorizationCode (code) { const oauth_code = await OAuthCode.findByPk(code, - { include: [User, { type: OAuthClient, as: 'client' }], nest: true, raw: true }) + { include: [User, { model: OAuthClient, as: 'client' }] }) return oauth_code }, async saveToken (token, client, user) { token.userId = user.id - token.oauthClientId = client.id + token.clientId = client.id const oauth_token = await OAuthToken.create(token) oauth_token.client = client oauth_token.user = user @@ -115,7 +115,7 @@ const oauthController = { }, async revokeAuthorizationCode (code) { - const oauth_code = await OAuthCode.findByPk(code) + const oauth_code = await OAuthCode.findByPk(code.authorizationCode) return oauth_code.destroy() }, @@ -133,17 +133,19 @@ const oauthController = { async saveAuthorizationCode (code, client, user) { code.userId = user.id - code.oauthClientId = client.id + code.clientId = client.id + code.expiresAt = moment(code.expiresAt).toDate() const ret = await OAuthCode.create(code) return ret }, + // TODO verifyScope (token, scope) { - debug(token.user.is_admin) + debug('VERIFY SCOPE ', scope) if (token.user.is_admin) { return true } else { - return false + return true } } diff --git a/server/api/controller/user.js b/server/api/controller/user.js index 172a2b7f..852d7f20 100644 --- a/server/api/controller/user.js +++ b/server/api/controller/user.js @@ -107,7 +107,7 @@ const userController = { } } catch (e) { res.sendStatus(400) - debug(e.toString()) + debug(e) } }, diff --git a/server/api/index.js b/server/api/index.js index af481a81..813641fc 100644 --- a/server/api/index.js +++ b/server/api/index.js @@ -2,7 +2,7 @@ const express = require('express') const multer = require('multer') const cors = require('cors')() -const { isAuth, isAdmin, hasPerm, fillUser } = require('./auth') +const { isAuth, isAdmin, hasPerm } = require('./auth') const eventController = require('./controller/event') const exportController = require('./controller/export') const userController = require('./controller/user') @@ -46,7 +46,7 @@ api.get('/users', isAdmin, userController.getAll) api.put('/place', isAdmin, eventController.updatePlace) // add event -api.post('/user/event', fillUser, upload.single('image'), userController.addEvent) +api.post('/user/event', upload.single('image'), userController.addEvent) // update event api.put('/user/event', hasPerm('event:write'), upload.single('image'), userController.updateEvent) @@ -98,7 +98,7 @@ api.use((req, res) => res.sendStatus(404)) // Handle 500 api.use((error, req, res, next) => { - debug(error.toString()) + debug(error) res.status(500).send('500: Internal Server Error') }) diff --git a/server/api/models/user.js b/server/api/models/user.js index e9945d41..687d53ba 100644 --- a/server/api/models/user.js +++ b/server/api/models/user.js @@ -9,6 +9,10 @@ module.exports = (sequelize, DataTypes) => { email: { type: DataTypes.STRING, unique: { msg: 'error.email_taken' }, + validate: { + isEmail: true, + notEmpty: true + }, index: true, allowNull: false }, diff --git a/server/api/oauth.js b/server/api/oauth.js index a2169393..b6b4cc7f 100644 --- a/server/api/oauth.js +++ b/server/api/oauth.js @@ -34,7 +34,7 @@ oauth.use((req, res) => res.sendStatus(404)) oauth.use((err, req, res, next) => { const error_msg = err.toString() - debug(err) + debug(error_msg) res.status(500).send(error_msg) }) diff --git a/server/routes.js b/server/routes.js index fce99ad6..bf769b6e 100644 --- a/server/routes.js +++ b/server/routes.js @@ -4,6 +4,7 @@ const express = require('express') const cors = require('cors') const api = require('./api') const oauth = require('./api/oauth') +const auth = require('./api/auth') const cookieParser = require('cookie-parser') const federation = require('./federation') const webfinger = require('./federation/webfinger') @@ -44,6 +45,9 @@ app.use('/federation', federation) // api! app.use(cookieParser()) + +// fill req.user if request is authenticated +app.use(auth.fillUser) app.use('/api', api) app.use('/oauth', oauth) diff --git a/server/taskManager.js b/server/taskManager.js index 1e173a9e..e8339331 100644 --- a/server/taskManager.js +++ b/server/taskManager.js @@ -13,7 +13,8 @@ class Task { } process () { - --this.processInNTick + debug('PROCESS ', this.name) + this.processInNTick-- if (this.processInNTick > 0) { return } @@ -41,11 +42,11 @@ class Task { class TaskManager { constructor () { - this.interval = 60 * 1000 + this.interval = 60 * 100 this.tasks = [] } - start (interval = 60 * 1000) { + start (interval = 60 * 100) { this.interval = interval this.timeout = setTimeout(this.tick.bind(this), interval) } @@ -74,7 +75,6 @@ class TaskManager { } async tick () { - debug('TICK') await this.process() this.timeout = setTimeout(this.tick.bind(this), this.interval) }