Home Explore Help
Sign In
OWEALs
/
PeerTube
mirror of https://github.com/Chocobozzz/PeerTube.git
2
1
Fork 0
Files Issues 2 Wiki
Tree: 166311358d
Branches Tags
PeerTube
/
server
/
middlewares
/
auth.ts

auth.ts 2.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081 
  1. import express from 'express'
    2. 

  2. import { Socket } from 'socket.io'
    3. 

  3. import { getAccessToken } from '@server/lib/auth/oauth-model'
    4. 

  4. import { HttpStatusCode } from '../../shared/models/http/http-error-codes'
    5. 

  5. import { logger } from '../helpers/logger'
    6. 

  6. import { handleOAuthAuthenticate } from '../lib/auth/oauth'
    7. 

  7. 

  8. function authenticate (req: express.Request, res: express.Response, next: express.NextFunction) {
    9. 

  9.   handleOAuthAuthenticate(req, res)
    10. 

  10.     .then((token: any) => {
    11. 

  11.       res.locals.oauth = { token }
    12. 

  12.       res.locals.authenticated = true
    13. 

  13. 

  14.       return next()
    15. 

  15.     })
    16. 

  16.     .catch(err => {
    17. 

  17.       logger.info('Cannot authenticate.', { err })
    18. 

  18. 

  19.       return res.fail({
    20. 

  20.         status: err.status,
    21. 

  21.         message: 'Token is invalid',
    22. 

  22.         type: err.name
    23. 

  23.       })
    24. 

  24.     })
    25. 

  25. }
    26. 

  26. 

  27. function authenticateSocket (socket: Socket, next: (err?: any) => void) {
    28. 

  28.   const accessToken = socket.handshake.query['accessToken']
    29. 

  29. 

  30.   logger.debug('Checking socket access token %s.', accessToken)
    31. 

  31. 

  32.   if (!accessToken) return next(new Error('No access token provided'))
    33. 

  33.   if (typeof accessToken !== 'string') return next(new Error('Access token is invalid'))
    34. 

  34. 

  35.   getAccessToken(accessToken)
    36. 

  36.     .then(tokenDB => {
    37. 

  37.       const now = new Date()
    38. 

  38. 

  39.       if (!tokenDB || tokenDB.accessTokenExpiresAt < now || tokenDB.refreshTokenExpiresAt < now) {
    40. 

  40.         return next(new Error('Invalid access token.'))
    41. 

  41.       }
    42. 

  42. 

  43.       socket.handshake.auth.user = tokenDB.User
    44. 

  44. 

  45.       return next()
    46. 

  46.     })
    47. 

  47.     .catch(err => logger.error('Cannot get access token.', { err }))
    48. 

  48. }
    49. 

  49. 

  50. function authenticatePromise (req: express.Request, res: express.Response) {
    51. 

  51.   return new Promise<void>(resolve => {
    52. 

  52.     // Already authenticated? (or tried to)
    53. 

  53.     if (res.locals.oauth?.token.User) return resolve()
    54. 

  54. 

  55.     if (res.locals.authenticated === false) {
    56. 

  56.       return res.fail({
    57. 

  57.         status: HttpStatusCode.UNAUTHORIZED_401,
    58. 

  58.         message: 'Not authenticated'
    59. 

  59.       })
    60. 

  60.     }
    61. 

  61. 

  62.     authenticate(req, res, () => resolve())
    63. 

  63.   })
    64. 

  64. }
    65. 

  65. 

  66. function optionalAuthenticate (req: express.Request, res: express.Response, next: express.NextFunction) {
    67. 

  67.   if (req.header('authorization')) return authenticate(req, res, next)
    68. 

  68. 

  69.   res.locals.authenticated = false
    70. 

  70. 

  71.   return next()
    72. 

  72. }
    73. 

  73. 

  74. // ---------------------------------------------------------------------------
    75. 

  75. 

  76. export {
    77. 

  77.   authenticate,
    78. 

  78.   authenticateSocket,
    79. 

  79.   authenticatePromise,
    80. 

  80.   optionalAuthenticate
    81. 

  81. }
    82.