[oauth] start oauth auth_code server implementation

2019-12-26 11:46:21 +01:00
parent c510541c50
commit 7ab81be418
17 changed files with 1631 additions and 838 deletions
--- a/server/api/controller/oauth.js
+++ b/server/api/controller/oauth.js
@@ -0,0 +1,58 @@
+const crypto = require('crypto')
+const { promisify } = require('util')
+const randomBytes = promisify(crypto.randomBytes)
+const { oauth_client: OAuthClient, oauth_token: OAuthToken, 
+  oauth_code: OAuthCode } = require('../models')
+
+async function randomString(len = 16) {
+  const bytes = await randomBytes(len*8)
+  return crypto
+    .createHash('sha1')
+    .update(bytes)
+    .digest('hex')
+}
+
+
+const oauthController = {
+
+  async getClient (req, res) {
+    const client_id = req.params.client_id
+    const client = await OAuthClient.findOne({ where: { client_id }})
+    console.error('ma non ho trovato il client ', client_id, client )
+    res.json(client)
+  },
+
+  async createClient (req, res) {
+
+    const client = {
+      name: req.body.client_name,
+      redirectUris: req.body.redirect_uris || 'urn:ietf:wg:oauth:2.0:oob',
+      scopes: req.body.scopes || 'write',
+      client_id: await randomString(256),
+      client_secret: await randomString(256)
+    }
+    res.json(await OAuthClient.create(client))
+  },
+
+  async associate (req, res) {
+    const { client_id, redirect_uri, response_type } = req.query
+    console.error('dentro associate ', client_id, redirect_uri, response_type )
+  },
+
+  model: {
+    async getClient (clientId, clientSecret) {
+      console.error(`model getClient ${clientId} / ${clientSecret}`)
+      const client = await OAuthClient.findByPk(clientId)
+      client.grants = ['authorization_code']
+      return client || false      
+    },
+
+    async saveAuthorizationCode(code, client, user) {
+      console.error('dentro save auth code ', client, user, code)
+      const ret = await OAuthCode.create(code)
+      return ret    
+    }
+  }
+}
+
+module.exports = oauthController
--- a/server/api/index.js
+++ b/server/api/index.js
@@ -1,6 +1,5 @@
 const express = require('express')
 const multer = require('multer')
-const cookieParser = require('cookie-parser')
 const bodyParser = require('body-parser')
 const cors = require('cors')()

@@ -12,6 +11,7 @@ const settingsController = require('./controller/settings')
 const instanceController = require('./controller/instance')
 const apUserController = require('./controller/ap_user')
 const resourceController = require('./controller/resource')
+const oauthController = require('./controller/oauth')

 const storage = require('./storage')
 const upload = multer({ storage })
@@ -19,9 +19,8 @@ const upload = multer({ storage })
 const debug = require('debug')('api')

 const api = express.Router()
-api.use(cookieParser())
-api.use(bodyParser.urlencoded({ extended: false }))
-api.use(bodyParser.json())
+api.use(express.urlencoded({ extended: false }))
+api.use(express.json())

 // AUTH
 api.post('/auth/login', userController.login)
@@ -94,6 +93,9 @@ api.put('/resources/:resource_id', isAdmin, resourceController.hide)
 api.delete('/resources/:resource_id', isAdmin, resourceController.remove)
 api.get('/resources', isAdmin, resourceController.getAll)

+api.get('/client/:client_id', isAuth, oauthController.getClient)
+api.post('/client', oauthController.createClient)
+
 // Handle 404
 api.use((req, res) => {
  debug('404 Page not found: %s', req.path)
--- a/server/api/models/oauth_client.js
+++ b/server/api/models/oauth_client.js
@@ -0,0 +1,19 @@
+
+module.exports = (sequelize, DataTypes) => {
+  const OAuthClient = sequelize.define('oauth_client', {
+    client_id: {
+      type: DataTypes.STRING,
+      primaryKey: true
+    },
+    name: DataTypes.STRING,
+    scopes: DataTypes.STRING,
+    client_secret: DataTypes.STRING,
+    redirectUris: DataTypes.STRING
+  }, {})
+
+  OAuthClient.associate = function (models) {
+    OAuthClient.belongsTo(models.user)
+  }
+
+  return OAuthClient
+}
--- a/server/api/models/oauth_code.js
+++ b/server/api/models/oauth_code.js
@@ -0,0 +1,18 @@
+
+module.exports = (sequelize, DataTypes) => {
+  const OAuthCode = sequelize.define('oauth_code', {
+    authorizationCode: {
+      type: DataTypes.STRING,
+      primaryKey: true
+    },
+    scope: DataTypes.STRING,
+    redirect_uri: DataTypes.STRING
+  }, {})
+
+  OAuthCode.associate = function (models) {
+    OAuthCode.belongsTo(models.user)
+    OAuthCode.belongsTo(models.oauth_client)
+  }
+
+  return OAuthCode
+}
--- a/server/api/models/oauth_token.js
+++ b/server/api/models/oauth_token.js
@@ -0,0 +1,15 @@
+
+module.exports = (sequelize, DataTypes) => {
+  const OAuthToken = sequelize.define('oauth_token', {
+    access_token: DataTypes.STRING,
+    refresh_token: DataTypes.STRING,
+    scope: DataTypes.STRING,
+  }, {})
+
+  OAuthToken.associate = function (models) {
+    OAuthToken.belongsTo(models.user)
+    OAuthToken.belongsTo(models.oauth_client)
+  }
+
+  return OAuthToken
+}
--- a/server/api/oauth.js
+++ b/server/api/oauth.js
@@ -0,0 +1,74 @@
+const express = require('express')
+const OAuthServer = require('express-oauth-server')
+const oauth = express.Router()
+const bodyParser = require('body-parser')
+const oauthController = require('./controller/oauth')
+
+const oauthServer = new OAuthServer({
+  model: oauthController.model,
+  useErrorHandler: true,
+  debug: true,
+  authenticateHandler: { handle(req) { return req.user } }
+})
+
+oauth.oauth = oauthServer
+oauth.use(bodyParser.json())
+oauth.use(bodyParser.urlencoded({ extended: false }))
+
+// post token
+// oauth.post(oauthServer.authorize())
+oauth.post('/token', (req, res, next) => {
+  return oauthServer.token()(req, res, next)
+    .then(code => {
+      console.error('dopo il token', code)
+    })
+    .catch(e => console.error('nel catch ', e))
+})
+
+
+/**
+ * create a new application
+ */
+oauth.get('/authorize', async (req, res, next) => {
+  if (!req.user) {
+    return res.redirect(`/?ref=login&redirect=${req.path}&client_id=${req.query.client_id}&redirect_uri=${req.query.redirect_uri}`)
+  }
+
+  return oauthServer.authorize()(req, res, next).then(code => {
+    console.error('dentro authorize?', code)
+    console.error(req.locals)
+    return
+    // return res.redirect(`/?ref=authorize&client_id=${req.query.client_id}&redirect_uri=${req.query.redirect_uri}&code=${code}`)
+  }).catch(e => { console.error('porcodio catch ', e) })
+})
+
+oauth.post('/authorize', (req, res, next) => {
+  if (!req.user) {
+    return res.redirect(`/?ref=login&redirect=${req.path}&client_id=${req.query.client_id}&redirect_uri=${req.query.redirect_uri}`)
+  }
+  console.error('sono nel post di authorize!')
+  const ret = oauthServer.authorize()
+  console.error('PORCODIO ', ret)
+  return ret(req, res, next).then(code => {
+    console.error('DAJE CHE ARRIVO QUI ', code)
+    console.error(req.locals)
+    next()
+  }).catch(e => console.error('CATCH ', e))
+})
+
+oauth.get('/login', (req, res) => {
+  res.render('login', {
+    client_id: req.query.client_id,
+    redirect_uri: req.query.redirect_uri,
+    redirect: req.query.redirect,
+  })
+})
+
+
+oauth.use((err, req, res, next) => {
+  res.status(400).json(err)
+})
+
+// oauth.post('/login', )
+
+module.exports = oauth