-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.js
140 lines (115 loc) · 3.76 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
'use strict';
const normalize = require('./src/normalize');
const utils = require('./src/utils');
const Router = require('./src/router');
const TOKEN_FIELD_KEYWORD = [
'access_token',
'refresh_token',
'scope',
'token_type',
'expires_in',
];
const OAuth = module.exports = function OAuthHandler(options) {
const finalOptions = normalize(options);
const router = Router(finalOptions.prefix, finalOptions.client.get);
router.post(finalOptions.token.path, async ctx => {
const requestBody = ctx.request.body;
if ((ctx.req.headers['content-type'] !== 'application/x-www-form-urlencoded')) {
ctx.res.statusCode = 400;
ctx.res.end('Invalid request');
}
const grantType = finalOptions.grantTypes.find(grantType => {
return grantType.type === requestBody.grant_type;
});
if (!grantType) {
ctx.res.statusCode = 400;
ctx.res.end('Bad request');
}
const clientQuery = utils.ClientQuery({
query: ctx.query,
headers: ctx.req.headers,
body: requestBody
});
if (finalOptions.client.secret && !clientQuery.secret) {
ctx.res.statusCode = 400;
ctx.res.end('Invalid client query.');
}
const token = {
accessToken: Object.freeze({
id: finalOptions.token.Id.Access(),
expiredAt: Date.now() + finalOptions.token.lifetime.access
}),
scope: finalOptions.scope.set(finalOptions.scope.accept, requestBody.scope, finalOptions.scope.valueValidate),
extension: {}
};
if (!token.scope) {
ctx.res.statusCode = 400;
ctx.res.end('Invalid request: validate scope failed');
}
if (grantType.setScope) {
token.scope = grantType.setScope(requestBody.scope);
}
if (grantType.refreshable && finalOptions.token.refreshable) {
token.refreshToken = Object.freeze({
id: finalOptions.token.Id.Refresh(),
expiredAt: Date.now() + finalOptions.token.lifetime.refresh
});
}
await grantType.createToken({
res: ctx.res,
body: requestBody,
clientQuery,
token: {
get accessToken() {
return token.accessToken;
},
get refreshToken() {
return token.refreshToken;
},
get scope() {
return token.scope;
},
queryClient(id, secret, isAuthorize = false) {
return finalOptions.client.get(id, secret, isAuthorize);
},
extends(extensionObject) {
if (!finalOptions.token.extensible) {
throw new Error('The options is set to token extending NOT be allowed.');
}
const matchedKeyword = TOKEN_FIELD_KEYWORD.find(keyName => {
return Object.prototype.hasOwnProperty.call(extensionObject, keyName);
});
if (matchedKeyword) {
throw new Error(`The keyword field name '${matchedKeyword}' is found in extensionObject.`);
}
token.extension = extensionObject;
},
refreshed(refreshTokenId) {
if (!finalOptions.token.refreshable) {
throw new Error('The options is set to token refreshed NOT be allowed.');
}
return finalOptions.token.refreshed(refreshTokenId);
}
}
});
await finalOptions.token.save(token, grantType.type);
ctx.res.statusCode = 200;
ctx.res.setHeader['Cache-Control'] = 'no-store';
ctx.res.setHeader['Pragma'] = 'no-cache';
const tokenResponseBody = JSON.stringify(Object.assign({
token_type: 'Bearer',
access_token: token.accessToken.id,
expires_in: finalOptions.token.lifetime.access,
refresh_token: token.refreshToken && token.refreshToken.id
}, token.extension));
ctx.res.end(tokenResponseBody);
});
finalOptions.grantTypes.forEach(grantType => {
grantType.install({ router });
});
return router.callback();
};
OAuth.AuthorizationCode = require('./src/grant/AuthorizationCode');
OAuth.PasswordCredentials = require('./src/grant/PasswordCredentials');
OAuth.ClientCredentials = require('./src/grant/ClientCredentials');
OAuth.RefershToken = require('./src/grant/RefreshToken');