macchiato
/
server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
shared-server
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'shared-server'
${ noResults }
server/auth.js

241 lines
5.7 KiB
JavaScript
Raw Permalink Blame History

import * as cookie from 'https://deno.land/std@0.188.0/http/cookie.ts'
export class Auth {
constructor({
basePath,
remoteBaseUrl,
giteaAppBaseUrl,
giteaApiBaseUrl,
giteaWebBaseUrl,
giteaClientId,
giteaClientSecret
}) {
this.basePath = basePath
this.remoteBaseUrl = remoteBaseUrl
this.giteaAppBaseUrl = giteaAppBaseUrl
this.giteaApiBaseUrl = giteaApiBaseUrl
this.giteaWebBaseUrl = giteaWebBaseUrl
this.giteaClientId = giteaClientId
this.giteaClientSecret = giteaClientSecret
}
redirectUrl(state) {
const url = new URL(
this.giteaWebBaseUrl + '/login/oauth/authorize'
)
const search = new URLSearchParams()
search.set('response_type', 'code')
search.set('client_id', this.giteaClientId)
search.set('redirect_uri', this.callbackUrl)
search.set('state', state)
url.search = search.toString()
return url.toString()
}
buildState() {
const timestamp = new Date().valueOf()
const randomInt = Math.floor(Math.random() * 10000)
// TODO: sign
return `${randomInt}-${timestamp}`
}
get callbackUrl() {
return this.remoteBaseUrl + '/api/auth/callback'
}
async redirect(event) {
const state = this.buildState()
const url = this.redirectUrl(state)
const headers = new Headers({
Location: url
})
cookie.setCookie(headers, {
...this.cookieSettings,
name: 'oauth.gitea.state',
value: state,
maxAge: 600,
})
event.respondWith(new Response('', {
headers,
status: 302,
}))
}
get tokenEndpoint() {
return (
this.giteaAppBaseUrl +
'/login/oauth/access_token'
)
}
get userinfoEndpoint() {
return (
this.giteaAppBaseUrl +
'/login/oauth/userinfo'
)
}
get cookieSettings() {
return {
path: `${this.basePath}/api`,
}
}
async getToken(code) {
const resp = await fetch(this.tokenEndpoint, {
method: 'POST',
headers: {
Accept: 'application/json',
'Content-Type': 'application/json',
},
body: JSON.stringify({
grant_type: 'authorization_code',
code,
client_id: this.giteaClientId,
client_secret: this.giteaClientSecret,
redirect_uri: this.callbackUrl,
}),
})
return await resp.json()
}
saveTokens(headers, data) {
cookie.setCookie(headers, {
...this.cookieSettings,
name: 'oauth.gitea.accessToken',
value: data.access_token,
})
cookie.setCookie(headers, {
...this.cookieSettings,
name: 'oauth.gitea.refreshToken',
value: data.refresh_token,
})
cookie.setCookie(headers, {
...this.cookieSettings,
name: 'oauth.gitea.expires',
value: String(
Math.floor(new Date().valueOf() / 1000) +
data.expires_in
),
})
}
async callback(event) {
const url = new URL(event.request.url)
const { state, code } = Object.fromEntries(
url.searchParams.entries()
)
const cookies = cookie.getCookies(
event.request.headers
)
const headers = new Headers({
Location: '/#/'
})
if (cookies['oauth.gitea.state'] !== state) {
event.respondWith(new Response('invalid state', {
status: 401,
}))
return
}
const data = await this.getToken(code)
cookie.deleteCookie(headers, 'oauth.gitea.state')
this.saveTokens(headers, data)
event.respondWith(new Response('', {
headers,
status: 302,
}))
}
async refreshToken(refresh_token) {
const resp = await fetch(this.tokenEndpoint, {
method: 'POST',
headers: {
Accept: 'application/json',
'Content-Type': 'application/json',
},
body: JSON.stringify({
refresh_token,
grant_type: 'refresh_token',
})
})
return resp.ok
}
async refresh(event) {
const headers = new Headers()
const cookies = cookie.getCookies(
event.request.headers
)
const token = cookies['oauth.gitea.refreshToken']
const data = await this.refreshToken(token)
this.saveTokens(headers, data)
event.respondWith(
new Response(JSON.stringify({}), {headers})
)
}
async serve(event) {
const {pathname} = new URL(event.request.url)
const b = this.basePath
if (pathname === `${b}/api/auth`) {
await this.redirect(event)
} else if (pathname === `${b}/api/auth/callback`) {
await this.callback(event)
} else if (pathname === `${b}/api/auth/refresh`) {
await this.refresh(event)
} else {
event.respondWith(new Response(
'Not Found', {status: 404}
))
}
}
async userInfo(token) {
const resp = await fetch(this.userinfoEndpoint, {
method: 'GET',
headers: {
Accept: 'application/json',
'Content-Type': 'application/json',
Authorization: `Bearer ${token}`,
},
})
return {
resp,
json: await resp.json()
}
}
async requireAuth(event) {
const headers = new Headers()
const cookies = cookie.getCookies(
event.request.headers
)
const token = cookies['oauth.gitea.accessToken']
if (!token) {
event.respondWith(Response.json(
{error: 'Token missing'}, {status: 401}
))
return
}
const {resp, json} = await this.userInfo(token)
if (!resp.ok) {
const refresh = cookies['oauth.gitea.refreshToken']
if (refresh) {
const data = await this.refreshToken(token)
this.saveTokens(headers, data)
const token = data.access_token
if (token) {
const {resp, json} = await this.userInfo(token)
return {
allow: resp.ok,
headers,
}
}
}
}
return {
allow: resp.ok,
headers,
}
}
}
Reference in New Issue View Git Blame Copy Permalink