diff --git a/.vscode/launch.json b/.vscode/launch.json index f84c986..ff20b91 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -14,7 +14,7 @@ "program": "${workspaceFolder:dtp-base}/dtp-webapp.js", "console": "integratedTerminal", "env": { - "HTTP_BIND_PORT": "3333" + "HTTP_BIND_PORT": "3310" } }, { diff --git a/app/controllers/welcome.js b/app/controllers/welcome.js index 763456f..fc8ecff 100644 --- a/app/controllers/welcome.js +++ b/app/controllers/welcome.js @@ -28,6 +28,7 @@ class WelcomeController extends SiteController { const router = express.Router(); this.dtp.app.use('/welcome', welcomeLimiter, router); + router.get('/core-member', this.getWelcomeCoreMember.bind(this)); router.get('/signup/captcha', this.getSignupCaptcha.bind(this)); router.get('/signup', this.getSignupView.bind(this)); router.get('/login', this.getLoginView.bind(this)); @@ -36,6 +37,10 @@ class WelcomeController extends SiteController { return router; } + async getWelcomeCoreMember (req, res) { + res.render('welcome/core-member'); + } + async getSignupCaptcha (req, res) { const signupCaptcha = captcha(req.session.captcha.signup, { color: false, diff --git a/app/models/oauth2-authorization-code.js b/app/models/oauth2-authorization-code.js index 86ab806..028c11e 100644 --- a/app/models/oauth2-authorization-code.js +++ b/app/models/oauth2-authorization-code.js @@ -11,7 +11,7 @@ const Schema = mongoose.Schema; const OAuth2AuthorizationCodeSchema = new Schema({ code: { type: String, required: true, index: 1 }, clientId: { type: Schema.ObjectId, required: true, index: 1 }, - redirectURI: { type: String, required: true }, + redirectUri: { type: String, required: true }, user: { type: Schema.ObjectId, required: true, index: 1 }, scope: { type: [String], required: true }, }); diff --git a/app/models/oauth2-client.js b/app/models/oauth2-client.js index 6f1808a..1db20bf 100644 --- a/app/models/oauth2-client.js +++ b/app/models/oauth2-client.js @@ -14,12 +14,13 @@ const OAuth2ClientSchema = new Schema({ site: { name: { type: String, required: true }, description: { type: String, required: true }, - domain: { type: String, required: true }, - domainKey: { type: String, required: true }, + domain: { type: String, required: true, index: 1 }, + domainKey: { type: String, required: true, index: 1 }, company: { type: String, required: true }, }, secret: { type: String, required: true }, - redirectURI: { type: String, required: true }, + scopes: { type: [String], required: true }, + redirectUri: { type: String, required: true }, }); module.exports = mongoose.model('OAuth2Client', OAuth2ClientSchema); \ No newline at end of file diff --git a/app/services/oauth2.js b/app/services/oauth2.js index 1b10ee0..cbcdb7b 100644 --- a/app/services/oauth2.js +++ b/app/services/oauth2.js @@ -91,29 +91,29 @@ class OAuth2Service extends SiteService { res.render('oauth2/authorize-dialog'); } - async processAuthorize (clientID, redirectURI, done) { + async processAuthorize (clientID, redirectUri, done) { try { const client = await OAuth2Client.findOne({ clientID }); if (!client) { return done(null, false); } - if (client.redirectUri !== redirectURI) { + if (client.redirectUri !== redirectUri) { return done(null, false); } - return done(null, client, client.redirectURI); + return done(null, client, client.redirectUri); } catch (error) { this.log.error('failed to process OAuth2 authorize', { error }); return done(error); } } - async processGrant (client, redirectURI, user, ares, done) { + async processGrant (client, redirectUri, user, ares, done) { try { var code = uuidv4(); var ac = new OAuth2AuthorizationCode({ code, clientId: client.id, - redirectURI, + redirectUri, user: user.id, scope: ares.scope, }); @@ -125,13 +125,13 @@ class OAuth2Service extends SiteService { } } - async processExchange (client, code, redirectURI, done) { + async processExchange (client, code, redirectUri, done) { try { const ac = await OAuth2AuthorizationCode.findOne({ code }); if (client.id !== ac.clientId) { return done(null, false); } - if (redirectURI !== ac.redirectUri) { + if (redirectUri !== ac.redirectUri) { return done(null, false); } @@ -172,7 +172,8 @@ class OAuth2Service extends SiteService { client.site.company = striptags(clientDefinition.company); client.secret = generatePassword(PASSWORD_LEN, false); - client.redirectURI = clientDefinition.redirectURI; + client.scopes = clientDefinition.coreAuth.redirectUri.map((scope) => striptags(scope)); + client.redirectUri = striptags(clientDefinition.coreAuth.redirectUri); await client.save(); @@ -191,6 +192,20 @@ class OAuth2Service extends SiteService { .lean(); return client; } + + async getClientByDomain (domain) { + const client = await OAuth2Client + .findOne({ 'site.domain': domain }) + .lean(); + return client; + } + + async getClientByDomainKey (domainKey) { + const client = await OAuth2Client + .findOne({ 'site.domainKey': domainKey }) + .lean(); + return client; + } } module.exports = { diff --git a/app/views/admin/core-node/connect.pug b/app/views/admin/core-node/connect.pug index 66b2226..0ef34f7 100644 --- a/app/views/admin/core-node/connect.pug +++ b/app/views/admin/core-node/connect.pug @@ -18,7 +18,7 @@ block content .uk-margin label.uk-form-label Site Information - textarea(style="font-family: Courier New, fixed; font-size: 12px;", rows= 7, disabled).uk-textarea= JSON.stringify(site, null, 2) + textarea(style="font-family: Courier New, fixed; font-size: 12px;", rows= 10, disabled).uk-textarea= JSON.stringify(site, null, 2) .uk-margin label(for="host").uk-form-label Core Host diff --git a/app/views/welcome/core-member.pug b/app/views/welcome/core-member.pug new file mode 100644 index 0000000..bbb7225 --- /dev/null +++ b/app/views/welcome/core-member.pug @@ -0,0 +1,8 @@ +extends ../layouts/main +block content + + section.uk-section.uk-section-default + .uk-container + h1 Thank You For Joining! + p #{site.name} is happy to provide our services to your community. + a(href="/").uk-button.uk-button-default Home \ No newline at end of file diff --git a/app/views/welcome/index.pug b/app/views/welcome/index.pug index e525194..d75df26 100644 --- a/app/views/welcome/index.pug +++ b/app/views/welcome/index.pug @@ -11,7 +11,15 @@ block content .uk-margin-medium-top div(uk-grid).uk-flex-center - .uk-width-auto - a(href="/welcome/signup").uk-button.dtp-button-primary Create Account - .uk-width-auto - a(href="/welcome/login").uk-button.dtp-button-secondary Sign In \ No newline at end of file + div(class="uk-width-1-1 uk-width-1-3@m") + .uk-margin-small + a(href="/auth/core").uk-button.dtp-button-primary.uk-border-rounded DTP Connect + .uk-text-small Connect using DTP Core + div(class="uk-width-1-1 uk-width-1-3@m") + .uk-margin-small + a(href="/welcome/signup").uk-button.dtp-button-secondary.uk-border-rounded Create Account + .uk-text-small Create a local account + div(class="uk-width-1-1 uk-width-1-3@m") + .uk-margin-small + a(href="/welcome/login").uk-button.dtp-button-secondary.uk-border-rounded Sign In + .uk-text-small Log in with your local account \ No newline at end of file diff --git a/config/site.js b/config/site.js index a44e42a..f372528 100644 --- a/config/site.js +++ b/config/site.js @@ -10,4 +10,8 @@ module.exports = { domain: process.env.DTP_SITE_DOMAIN, domainKey: process.env.DTP_SITE_DOMAIN_KEY, company: process.env.DTP_SITE_COMPANY || 'Digital Telepresence, LLC', + coreAuth: { + scopes: ['account-read', 'event-write'], + redirectUri: '/auth/core/callback', + }, }; \ No newline at end of file