Merge branch 'develop' of git.digitaltelepresence.com:digital-telepresence/dtp-base into develop

2 years ago · e72ac249c5
parent 9505539c0c 803edf07c2
commit e72ac249c5
5 changed files with 64 additions and 8 deletions
--- a/app/controllers/auth.js
+++ b/app/controllers/auth.js
@ -31,34 +31,51 @@ class AuthController extends SiteController {

    const authRequired = this.dtp.services.session.authCheckMiddleware({ requireLogin: true });

-    router.post('/otp/enable',
+    router.post(
+      '/otp/enable',
      limiterService.create(limiterService.config.auth.postOtpEnable),
      this.postOtpEnable.bind(this),
    );
-    router.post('/otp/auth',
+    router.post(
+      '/otp/auth',
      limiterService.create(limiterService.config.auth.postOtpAuthenticate),
      this.postOtpAuthenticate.bind(this),
    );

-    router.post('/login',
+    router.post(
+      '/login',
      limiterService.create(limiterService.config.auth.postLogin),
      upload.none(),
      this.postLogin.bind(this),
    );

-    router.get('/api-token/personal',
+    router.get(
+      '/api-token/personal',
      authRequired,
      limiterService.create(limiterService.config.auth.getPersonalApiToken),
      this.getPersonalApiToken.bind(this),
    );

-    router.get('/socket-token',
+    router.get(
+      '/socket-token',
      authRequired,
      limiterService.create(limiterService.config.auth.getSocketToken),
      this.getSocketToken.bind(this),
    );

-    router.get('/logout',
+    router.get(
+      '/core',
+      passport.authenticate('oauth2'),
+    );
+
+    router.get(
+      '/core/callback',
+      passport.authenticate('oauth2', { failureRedirect: '/' }),
+      this.getCoreCallback.bind(this),
+    );
+
+    router.get(
+      '/logout',
      authRequired,
      limiterService.create(limiterService.config.auth.getLogout),
      this.getLogout.bind(this),
@ -173,6 +190,16 @@ class AuthController extends SiteController {
    }
  }

+  async getCoreCallback (req, res) {
+    // req.login(user, (error) => {
+    //   if (error) {
+    //     return next(error);
+    //   }
+    //   return res.redirect('/');
+    // });
+    return res.redirect('/');
+  }
+
  async getLogout (req, res, next) {
    if (!req.user) {
      return next(new SiteError(403, 'You are not signed in'));
--- a/app/services/oauth2.js
+++ b/app/services/oauth2.js
@ -97,14 +97,14 @@ class OAuth2Service extends SiteService {
    const requireLogin = sessionService.authCheckMiddleware({ requireLogin: true });

    app.get(
-      '/dialog/authorize',
+      '/oauth2/authorize',
      requireLogin,
      this.server.authorize(this.processAuthorize.bind(this)),
      this.renderAuthorizeDialog.bind(this),
    );

    app.post(
-      '/dialog/authorize/decision',
+      '/oauth2/authorize/decision',
      requireLogin,
      this.server.decision(),
    );
--- a/app/services/user.js
+++ b/app/services/user.js
@ -13,6 +13,7 @@ const UserBlock = mongoose.model('UserBlock');

 const passport = require('passport');
 const PassportLocal = require('passport-local');
+const OAuth2Strategy = require('passport-oauth2');

 const striptags = require('striptags');
 const uuidv4 = require('uuid').v4;
@ -39,7 +40,10 @@ class UserService {

  async start ( ) {
    this.log.info(`starting ${module.exports.name} service`);
+
    this.registerPassportLocal();
+    this.registerPassportOAuth2();
+
    if (process.env.DTP_ADMIN === 'enabled') {
      this.registerPassportAdmin();
    }
@ -336,6 +340,25 @@ class UserService {
    }
  }

+  registerPassportOAuth2 ( ) {
+    const AUTH_HOST = process.env.DTP_CORE_AUTH_HOST || 'localhost';
+    const oauthOptions = {
+      authorizationURL: `http://${AUTH_HOST}/oauth2/authorize`,
+      tokenURL: `http://${AUTH_HOST}/oauth2/token`,
+      clientID: process.env.DTP_CORE_CLIENT_ID,
+      clientSecret: process.env.DTP_CORE_CLIENT_SECRET,
+      callbackURL: `http://${process.env.DTP_SITE_DOMAIN}/auth/example/callback`,
+    };
+    passport.use(new OAuth2Strategy(oauthOptions, this.handleOAuth2Login.bind(this)));
+  }
+
+  async handleOAuth2Login (accessToken, refreshToken, profile, cb) {
+    this.log.info('OAuth2 login', { accessToken, refreshToken, profile });
+    User.findOrCreate({ exampleId: profile.id }, function (err, user) {
+      return cb(err, user);
+    });
+  }
+
  registerPassportAdmin ( ) {
    const options = {
      usernameField: 'username',
--- a/lib/site-platform.js
+++ b/lib/site-platform.js
@ -345,6 +345,7 @@ module.exports.startWebServer = async (dtp) => {
   * System Init
   */
  try {
+    dtp.services.oauth2.attachRoutes(module.app);
    await module.loadControllers(dtp);
  } catch (error) {
    module.log.error('failed to initialize application controller', { error });
--- a/yarn.lock
+++ b/yarn.lock
@ -6080,6 +6080,11 @@ oauth2orize@^1.11.1:
    uid2 "0.0.x"
    utils-merge "1.x.x"

+oauth@0.9.x:
+  version "0.9.15"
+  resolved "https://registry.yarnpkg.com/oauth/-/oauth-0.9.15.tgz#bd1fefaf686c96b75475aed5196412ff60cfb9c1"
+  integrity sha512-a5ERWK1kh38ExDEfoO6qUHJb32rd7aYmPHuyCu3Fta/cnICvYmgd2uhuKXvPD+PXB+gCEYYEaQdIRAjCOwAKNA==
+
 object-assign@^4, object-assign@^4.0.1, object-assign@^4.1.0, object-assign@^4.1.1:
  version "4.1.1"
  resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863"