more OAuth2 integration

3 years ago · 803edf07c2
6 changed files with 81 additions and 8 deletions
--- a/app/controllers/auth.js
+++ b/app/controllers/auth.js
@ -31,34 +31,51 @@ class AuthController extends SiteController {

    const authRequired = this.dtp.services.session.authCheckMiddleware({ requireLogin: true });

-    router.post('/otp/enable',
+    router.post(
+      '/otp/enable',
      limiterService.create(limiterService.config.auth.postOtpEnable),
      this.postOtpEnable.bind(this),
    );
-    router.post('/otp/auth',
+    router.post(
+      '/otp/auth',
      limiterService.create(limiterService.config.auth.postOtpAuthenticate),
      this.postOtpAuthenticate.bind(this),
    );

-    router.post('/login',
+    router.post(
+      '/login',
      limiterService.create(limiterService.config.auth.postLogin),
      upload.none(),
      this.postLogin.bind(this),
    );

-    router.get('/api-token/personal',
+    router.get(
+      '/api-token/personal',
      authRequired,
      limiterService.create(limiterService.config.auth.getPersonalApiToken),
      this.getPersonalApiToken.bind(this),
    );

-    router.get('/socket-token',
+    router.get(
+      '/socket-token',
      authRequired,
      limiterService.create(limiterService.config.auth.getSocketToken),
      this.getSocketToken.bind(this),
    );

-    router.get('/logout',
+    router.get(
+      '/core',
+      passport.authenticate('oauth2'),
+    );
+
+    router.get(
+      '/core/callback',
+      passport.authenticate('oauth2', { failureRedirect: '/' }),
+      this.getCoreCallback.bind(this),
+    );
+
+    router.get(
+      '/logout',
      authRequired,
      limiterService.create(limiterService.config.auth.getLogout),
      this.getLogout.bind(this),
@ -173,6 +190,16 @@ class AuthController extends SiteController {
    }
  }

+  async getCoreCallback (req, res) {
+    // req.login(user, (error) => {
+    //   if (error) {
+    //     return next(error);
+    //   }
+    //   return res.redirect('/');
+    // });
+    return res.redirect('/');
+  }
+
  async getLogout (req, res, next) {
    if (!req.user) {
      return next(new SiteError(403, 'You are not signed in'));
--- a/app/services/oauth2.js
+++ b/app/services/oauth2.js
@ -97,14 +97,14 @@ class OAuth2Service extends SiteService {
    const requireLogin = sessionService.authCheckMiddleware({ requireLogin: true });

    app.get(
-      '/dialog/authorize',
+      '/oauth2/authorize',
      requireLogin,
      this.server.authorize(this.processAuthorize.bind(this)),
      this.renderAuthorizeDialog.bind(this),
    );

    app.post(
-      '/dialog/authorize/decision',
+      '/oauth2/authorize/decision',
      requireLogin,
      this.server.decision(),
    );
--- a/app/services/user.js
+++ b/app/services/user.js
@ -13,6 +13,7 @@ const UserBlock = mongoose.model('UserBlock');

 const passport = require('passport');
 const PassportLocal = require('passport-local');
+const OAuth2Strategy = require('passport-oauth2');

 const striptags = require('striptags');
 const uuidv4 = require('uuid').v4;
@ -39,7 +40,10 @@ class UserService {

  async start ( ) {
    this.log.info(`starting ${module.exports.name} service`);
+
    this.registerPassportLocal();
+    this.registerPassportOAuth2();
+
    if (process.env.DTP_ADMIN === 'enabled') {
      this.registerPassportAdmin();
    }
@ -327,6 +331,25 @@ class UserService {
    }
  }

+  registerPassportOAuth2 ( ) {
+    const AUTH_HOST = process.env.DTP_CORE_AUTH_HOST || 'localhost';
+    const oauthOptions = {
+      authorizationURL: `http://${AUTH_HOST}/oauth2/authorize`,
+      tokenURL: `http://${AUTH_HOST}/oauth2/token`,
+      clientID: process.env.DTP_CORE_CLIENT_ID,
+      clientSecret: process.env.DTP_CORE_CLIENT_SECRET,
+      callbackURL: `http://${process.env.DTP_SITE_DOMAIN}/auth/example/callback`,
+    };
+    passport.use(new OAuth2Strategy(oauthOptions, this.handleOAuth2Login.bind(this)));
+  }
+
+  async handleOAuth2Login (accessToken, refreshToken, profile, cb) {
+    this.log.info('OAuth2 login', { accessToken, refreshToken, profile });
+    User.findOrCreate({ exampleId: profile.id }, function (err, user) {
+      return cb(err, user);
+    });
+  }
+
  registerPassportAdmin ( ) {
    const options = {
      usernameField: 'username',
--- a/lib/site-platform.js
+++ b/lib/site-platform.js
@ -342,6 +342,7 @@ module.exports.startWebServer = async (dtp) => {
   * System Init
   */
  try {
+    dtp.services.oauth2.attachRoutes(module.app);
    await module.loadControllers(dtp);
  } catch (error) {
    module.log.error('failed to initialize application controller', { error });
--- a/package.json
+++ b/package.json
@ -58,6 +58,7 @@
    "otplib": "^12.0.1",
    "passport": "^0.5.2",
    "passport-local": "^1.0.0",
+    "passport-oauth2": "^1.6.1",
    "pug": "^3.0.2",
    "qrcode": "^1.5.0",
    "rate-limiter-flexible": "^2.3.6",
--- a/yarn.lock
+++ b/yarn.lock
@ -1773,6 +1773,11 @@ [email protected], base64id@~2.0.0:
  resolved "https://registry.yarnpkg.com/base64id/-/base64id-2.0.0.tgz#2770ac6bc47d312af97a8bf9a634342e0cd25cb6"
  integrity sha512-lGe34o6EHj9y3Kts9R4ZYs/Gr+6N7MCaMlIFA3F1R2O5/m7K06AxfSeO5530PEERE6/WyEg3lsuyw4GHlPZHog==

+[email protected]:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/base64url/-/base64url-3.0.1.tgz#6399d572e2bc3f90a9a8b22d5dbb0a32d33f788d"
+  integrity sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==
+
 base@^0.11.1:
  version "0.11.2"
  resolved "https://registry.yarnpkg.com/base/-/base-0.11.2.tgz#7bde5ced145b6d551a90db87f83c558b4eb48a8f"
@ -6070,6 +6075,11 @@ oauth2orize@^1.11.1:
    uid2 "0.0.x"
    utils-merge "1.x.x"

+[email protected]:
+  version "0.9.15"
+  resolved "https://registry.yarnpkg.com/oauth/-/oauth-0.9.15.tgz#bd1fefaf686c96b75475aed5196412ff60cfb9c1"
+  integrity sha512-a5ERWK1kh38ExDEfoO6qUHJb32rd7aYmPHuyCu3Fta/cnICvYmgd2uhuKXvPD+PXB+gCEYYEaQdIRAjCOwAKNA==
+
 object-assign@^4, object-assign@^4.0.1, object-assign@^4.1.0, object-assign@^4.1.1:
  version "4.1.1"
  resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863"
@ -6344,6 +6354,17 @@ passport-local@^1.0.0:
  dependencies:
    passport-strategy "1.x.x"

+passport-oauth2@^1.6.1:
+  version "1.6.1"
+  resolved "https://registry.yarnpkg.com/passport-oauth2/-/passport-oauth2-1.6.1.tgz#c5aee8f849ce8bd436c7f81d904a3cd1666f181b"
+  integrity sha512-ZbV43Hq9d/SBSYQ22GOiglFsjsD1YY/qdiptA+8ej+9C1dL1TVB+mBE5kDH/D4AJo50+2i8f4bx0vg4/yDDZCQ==
+  dependencies:
+    base64url "3.x.x"
+    oauth "0.9.x"
+    passport-strategy "1.x.x"
+    uid2 "0.0.x"
+    utils-merge "1.x.x"
+
 [email protected]:
  version "1.0.0"
  resolved "https://registry.yarnpkg.com/passport-strategy/-/passport-strategy-1.0.0.tgz#b5539aa8fc225a3d1ad179476ddf236b440f52e4"