src/clients.js

'use strict';

exports = module.exports = {
    ClientsError: ClientsError,

    add: add,
    get: get,
    del: del,
    getAll: getAll,
    getByAppIdAndType: getByAppIdAndType,
    getClientTokensByUserId: getClientTokensByUserId,
    delClientTokensByUserId: delClientTokensByUserId,
    delByAppIdAndType: delByAppIdAndType,
    addClientTokenByUserId: addClientTokenByUserId,
    delToken: delToken,

    addDefaultClients: addDefaultClients,

    // keep this in sync with start.sh ADMIN_SCOPES that generates the cid-webadmin
    SCOPE_APPS: 'apps',
    SCOPE_DEVELOPER: 'developer',
    SCOPE_PROFILE: 'profile',
    SCOPE_CLOUDRON: 'cloudron',
    SCOPE_SETTINGS: 'settings',
    SCOPE_USERS: 'users',

    // roles are handled just like the above scopes, they are parallel to scopes
    // scopes enclose API groups, roles specify the usage role
    SCOPE_ROLE_SDK: 'roleSdk',

    // client type enums
    TYPE_EXTERNAL: 'external',
    TYPE_BUILT_IN: 'built-in',
    TYPE_OAUTH: 'addon-oauth',
    TYPE_PROXY: 'addon-proxy'
};

var appdb = require('./appdb.js'),
    assert = require('assert'),
    async = require('async'),
    clientdb = require('./clientdb.js'),
    config = require('./config.js'),
    DatabaseError = require('./databaseerror.js'),
    debug = require('debug')('box:clients'),
    hat = require('hat'),
    tokendb = require('./tokendb.js'),
    util = require('util'),
    uuid = require('uuid');

function ClientsError(reason, errorOrMessage) {
    assert.strictEqual(typeof reason, 'string');
    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');

    Error.call(this);
    Error.captureStackTrace(this, this.constructor);

    this.name = this.constructor.name;
    this.reason = reason;
    if (typeof errorOrMessage === 'undefined') {
        this.message = reason;
    } else if (typeof errorOrMessage === 'string') {
        this.message = errorOrMessage;
    } else {
        this.message = 'Internal error';
        this.nestedError = errorOrMessage;
    }
}
util.inherits(ClientsError, Error);
ClientsError.INVALID_SCOPE = 'Invalid scope';
ClientsError.INVALID_CLIENT = 'Invalid client';
ClientsError.INVALID_TOKEN = 'Invalid token';
ClientsError.BAD_FIELD = 'Bad field';
ClientsError.NOT_FOUND = 'Not found';
ClientsError.INTERNAL_ERROR = 'Internal Error';
ClientsError.NOT_ALLOWED = 'Not allowed to remove this client';

function validateName(name) {
    assert.strictEqual(typeof name, 'string');

    if (name.length < 1) return new ClientsError(ClientsError.BAD_FIELD, 'Name must be atleast 1 character');
    if (name.length > 128) return new ClientsError(ClientsError.BAD_FIELD, 'Name too long');

    if (/[^a-zA-Z0-9\-]/.test(name)) return new ClientsError(ClientsError.BAD_FIELD, 'Username can only contain alphanumerals and dash');

    return null;
}

function validateScope(scope) {
    assert.strictEqual(typeof scope, 'string');

    var VALID_SCOPES = [
        exports.SCOPE_APPS,
        exports.SCOPE_DEVELOPER,
        exports.SCOPE_PROFILE,
        exports.SCOPE_CLOUDRON,
        exports.SCOPE_SETTINGS,
        exports.SCOPE_USERS,
        '*',    // includes all scopes, but not roles
        exports.SCOPE_ROLE_SDK
    ];

    if (scope === '') return new ClientsError(ClientsError.INVALID_SCOPE, 'Empty scope not allowed');

    var allValid = scope.split(',').every(function (s) { return VALID_SCOPES.indexOf(s) !== -1; });
    if (!allValid) return new ClientsError(ClientsError.INVALID_SCOPE, 'Invalid scope. Available scopes are ' + VALID_SCOPES.join(', '));

    return null;
}

function add(appId, type, redirectURI, scope, callback) {
    assert.strictEqual(typeof appId, 'string');
    assert.strictEqual(typeof type, 'string');
    assert.strictEqual(typeof redirectURI, 'string');
    assert.strictEqual(typeof scope, 'string');
    assert.strictEqual(typeof callback, 'function');

    // allow whitespace
    scope = scope.split(',').map(function (s) { return s.trim(); }).join(',');

    var error = validateScope(scope);
    if (error) return callback(error);

    // appId is also client name
    error = validateName(appId);
    if (error) return callback(error);

    var id = 'cid-' + uuid.v4();
    var clientSecret = hat(8 * 128);

    clientdb.add(id, appId, type, clientSecret, redirectURI, scope, function (error) {
        if (error) return callback(error);

        var client = {
            id: id,
            appId: appId,
            type: type,
            clientSecret: clientSecret,
            redirectURI: redirectURI,
            scope: scope
        };

        callback(null, client);
    });
}

function get(id, callback) {
    assert.strictEqual(typeof id, 'string');
    assert.strictEqual(typeof callback, 'function');

    clientdb.get(id, function (error, result) {
        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));
        if (error) return callback(error);
        callback(null, result);
    });
}

function del(id, callback) {
    assert.strictEqual(typeof id, 'string');
    assert.strictEqual(typeof callback, 'function');

    clientdb.del(id, function (error, result) {
        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));
        if (error) return callback(error);
        callback(null, result);
    });
}

function getAll(callback) {
    assert.strictEqual(typeof callback, 'function');

    clientdb.getAll(function (error, results) {
        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, []);
        if (error) return callback(error);

        var tmp = [];
        async.each(results, function (record, callback) {
            if (record.type === exports.TYPE_EXTERNAL || record.type === exports.TYPE_BUILT_IN) {
                // the appId in this case holds the name
                record.name = record.appId;

                tmp.push(record);

                return callback(null);
            }

            appdb.get(record.appId, function (error, result) {
                if (error) {
                    console.error('Failed to get app details for oauth client', record.appId, error);
                    return callback(null);  // ignore error so we continue listing clients
                }

                if (record.type === exports.TYPE_PROXY) record.name = result.manifest.title + ' Website Proxy';
                if (record.type === exports.TYPE_OAUTH) record.name = result.manifest.title + ' OAuth';

                record.location = result.location;

                tmp.push(record);

                callback(null);
            });
        }, function (error) {
            if (error) return callback(error);
            callback(null, tmp);
        });
    });
}

function getByAppIdAndType(appId, type, callback) {
    assert.strictEqual(typeof appId, 'string');
    assert.strictEqual(typeof type, 'string');
    assert.strictEqual(typeof callback, 'function');

    clientdb.getByAppIdAndType(appId, type, function (error, result) {
        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));
        if (error) return callback(error);
        callback(null, result);
    });
}

function getClientTokensByUserId(clientId, userId, callback) {
    assert.strictEqual(typeof clientId, 'string');
    assert.strictEqual(typeof userId, 'string');
    assert.strictEqual(typeof callback, 'function');

    tokendb.getByIdentifierAndClientId(userId, clientId, function (error, result) {
        if (error && error.reason === DatabaseError.NOT_FOUND) {
            // this can mean either that there are no tokens or the clientId is actually unknown
            get(clientId, function (error/*, result*/) {
                if (error) return callback(error);
                callback(null, []);
            });
            return;
        }
        if (error) return callback(error);
        callback(null, result || []);
    });
}

function delClientTokensByUserId(clientId, userId, callback) {
    assert.strictEqual(typeof clientId, 'string');
    assert.strictEqual(typeof userId, 'string');
    assert.strictEqual(typeof callback, 'function');

    tokendb.delByIdentifierAndClientId(userId, clientId, function (error) {
        if (error && error.reason === DatabaseError.NOT_FOUND) {
            // this can mean either that there are no tokens or the clientId is actually unknown
            get(clientId, function (error/*, result*/) {
                if (error) return callback(error);
                callback(null);
            });
            return;
        }
        if (error) return callback(error);
        callback(null);
    });
}

function delByAppIdAndType(appId, type, callback) {
    assert.strictEqual(typeof appId, 'string');
    assert.strictEqual(typeof type, 'string');
    assert.strictEqual(typeof callback, 'function');

    getByAppIdAndType(appId, type, function (error, result) {
        if (error) return callback(error);

        tokendb.delByClientId(result.id, function (error) {
            if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));

            clientdb.delByAppIdAndType(appId, type, function (error) {
                if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));
                if (error) return callback(error);

                callback(null);
            });
        });
    });
}

function addClientTokenByUserId(clientId, userId, expiresAt, callback) {
    assert.strictEqual(typeof clientId, 'string');
    assert.strictEqual(typeof userId, 'string');
    assert.strictEqual(typeof expiresAt, 'number');
    assert.strictEqual(typeof callback, 'function');

    get(clientId, function (error, result) {
        if (error) return callback(error);

        var token = tokendb.generateToken();

        tokendb.add(token, userId, result.id, expiresAt, result.scope, function (error) {
            if (error) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));

            callback(null, {
                accessToken: token,
                identifier: userId,
                clientId: result.id,
                scope: result.id,
                expires: expiresAt
            });
        });
    });
}

function delToken(clientId, tokenId, callback) {
    assert.strictEqual(typeof clientId, 'string');
    assert.strictEqual(typeof tokenId, 'string');
    assert.strictEqual(typeof callback, 'function');

    get(clientId, function (error) {
        if (error) return callback(error);

        tokendb.del(tokenId, function (error) {
            if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.INVALID_TOKEN, 'Invalid token'));
            if (error) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));

            callback(null);
        });
    });
}

function addDefaultClients(callback) {
    assert.strictEqual(typeof callback, 'function');

    debug('Adding default clients');

    // The domain might have changed, therefor we have to update the record
    // !!! This needs to be in sync with the webadmin, specifically login_callback.js
    const ADMIN_SCOPES="cloudron,developer,profile,users,apps,settings";

    // id, appId, type, clientSecret, redirectURI, scope
    async.series([
        clientdb.upsert.bind(null, 'cid-webadmin', 'Settings', 'built-in', 'secret-webadmin', config.adminOrigin(), ADMIN_SCOPES),
        clientdb.upsert.bind(null, 'cid-sdk', 'SDK', 'built-in', 'secret-sdk', config.adminOrigin(), '*,roleSdk'),
        clientdb.upsert.bind(null, 'cid-cli', 'Cloudron Tool', 'built-in', 'secret-cli', config.adminOrigin(), '*, roleSdk')
    ], callback);
}
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`'use strict';`

			`exports = module.exports = {`
			`ClientsError: ClientsError,`

			`add: add,`
			`get: get,`
			`del: del,`
Simply return oauth clients instead of join with tokendb 2016-06-07 12:15:17 +02:00			`getAll: getAll,`
Provide getByAppIdAndType() by clients.js 2016-06-03 14:47:06 +02:00			`getByAppIdAndType: getByAppIdAndType,`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`getClientTokensByUserId: getClientTokensByUserId,`
use defines for role names 2016-04-25 10:26:26 -07:00			`delClientTokensByUserId: delClientTokensByUserId,`
Don't use clientdb directly from auth.js and apptask.js 2016-06-03 14:52:59 +02:00			`delByAppIdAndType: delByAppIdAndType,`
Add rest api to create a new token for a client 2016-06-07 14:29:37 +02:00			`addClientTokenByUserId: addClientTokenByUserId,`
Add route to delete a single token 2016-06-07 15:34:27 +02:00			`delToken: delToken,`
use defines for role names 2016-04-25 10:26:26 -07:00
Add default clients in clients.js 2017-01-09 15:25:45 -08:00			`addDefaultClients: addDefaultClients,`

fix scope name 2016-06-02 17:49:54 -07:00			`// keep this in sync with start.sh ADMIN_SCOPES that generates the cid-webadmin`
use defines for role names 2016-04-25 10:26:26 -07:00			`SCOPE_APPS: 'apps',`
			`SCOPE_DEVELOPER: 'developer',`
			`SCOPE_PROFILE: 'profile',`
rename root scope to cloudron scope (for lack of better scope name) 2016-06-02 15:58:58 -07:00			`SCOPE_CLOUDRON: 'cloudron',`
use defines for role names 2016-04-25 10:26:26 -07:00			`SCOPE_SETTINGS: 'settings',`
Add SCOPE_ROLE_SDK 2016-06-03 11:08:35 +02:00			`SCOPE_USERS: 'users',`

			`// roles are handled just like the above scopes, they are parallel to scopes`
			`// scopes enclose API groups, roles specify the usage role`
Move client TYPE_* to clients.js 2016-06-03 15:05:00 +02:00			`SCOPE_ROLE_SDK: 'roleSdk',`

			`// client type enums`
			`TYPE_EXTERNAL: 'external',`
Allow to distinguish between built-in auth clients and external ones 2016-06-09 15:35:00 +02:00			`TYPE_BUILT_IN: 'built-in',`
Move client TYPE_* to clients.js 2016-06-03 15:05:00 +02:00			`TYPE_OAUTH: 'addon-oauth',`
Remove redundant client TYPE_*s 2016-06-08 14:09:06 +02:00			`TYPE_PROXY: 'addon-proxy'`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`};`

Add default clients in clients.js 2017-01-09 15:25:45 -08:00			`var appdb = require('./appdb.js'),`
			`assert = require('assert'),`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`async = require('async'),`
			`clientdb = require('./clientdb.js'),`
Add default clients in clients.js 2017-01-09 15:25:45 -08:00			`config = require('./config.js'),`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`DatabaseError = require('./databaseerror.js'),`
Add default clients in clients.js 2017-01-09 15:25:45 -08:00			`debug = require('debug')('box:clients'),`
			`hat = require('hat'),`
			`tokendb = require('./tokendb.js'),`
			`util = require('util'),`
Update many modules npm WARN deprecated ejs-cli@1.2.0: This has breaking change. (in ejs package) use <= 2.0.0. npm WARN deprecated node-uuid@1.4.8: Use uuid module instead npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated graceful-fs@1.2.3: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree. 2017-08-13 17:44:31 -07:00			`uuid = require('uuid');`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
			`function ClientsError(reason, errorOrMessage) {`
			`assert.strictEqual(typeof reason, 'string');`
			`assert(errorOrMessage instanceof Error \|\| typeof errorOrMessage === 'string' \|\| typeof errorOrMessage === 'undefined');`

			`Error.call(this);`
			`Error.captureStackTrace(this, this.constructor);`

			`this.name = this.constructor.name;`
			`this.reason = reason;`
			`if (typeof errorOrMessage === 'undefined') {`
			`this.message = reason;`
			`} else if (typeof errorOrMessage === 'string') {`
			`this.message = errorOrMessage;`
			`} else {`
			`this.message = 'Internal error';`
			`this.nestedError = errorOrMessage;`
			`}`
			`}`
			`util.inherits(ClientsError, Error);`
			`ClientsError.INVALID_SCOPE = 'Invalid scope';`
Only allow simple auth clients through simple auth 2015-10-16 11:54:43 +02:00			`ClientsError.INVALID_CLIENT = 'Invalid client';`
Add route to delete a single token 2016-06-07 15:34:27 +02:00			`ClientsError.INVALID_TOKEN = 'Invalid token';`
Only allow alphanumerics and dash in auth client names 2016-06-23 10:16:02 +02:00			`ClientsError.BAD_FIELD = 'Bad field';`
Do not use DatabaseError in routes clients.js 2016-06-13 13:29:39 +02:00			`ClientsError.NOT_FOUND = 'Not found';`
Add rest api to create a new token for a client 2016-06-07 14:29:37 +02:00			`ClientsError.INTERNAL_ERROR = 'Internal Error';`
Prevent deletion of the built-in clients 2016-06-08 11:24:02 +02:00			`ClientsError.NOT_ALLOWED = 'Not allowed to remove this client';`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
Only allow alphanumerics and dash in auth client names 2016-06-23 10:16:02 +02:00			`function validateName(name) {`
			`assert.strictEqual(typeof name, 'string');`

			`if (name.length < 1) return new ClientsError(ClientsError.BAD_FIELD, 'Name must be atleast 1 character');`
			`if (name.length > 128) return new ClientsError(ClientsError.BAD_FIELD, 'Name too long');`

			`if (/[^a-zA-Z0-9\-]/.test(name)) return new ClientsError(ClientsError.BAD_FIELD, 'Username can only contain alphanumerals and dash');`

			`return null;`
			`}`

app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`function validateScope(scope) {`
			`assert.strictEqual(typeof scope, 'string');`

use defines for role names 2016-04-25 10:26:26 -07:00			`var VALID_SCOPES = [`
			`exports.SCOPE_APPS,`
			`exports.SCOPE_DEVELOPER,`
			`exports.SCOPE_PROFILE,`
rename root scope to cloudron scope (for lack of better scope name) 2016-06-02 15:58:58 -07:00			`exports.SCOPE_CLOUDRON,`
use defines for role names 2016-04-25 10:26:26 -07:00			`exports.SCOPE_SETTINGS,`
Add SCOPE_ROLE_SDK 2016-06-03 11:08:35 +02:00			`exports.SCOPE_USERS,`
			`'*', // includes all scopes, but not roles`
			`exports.SCOPE_ROLE_SDK`
use defines for role names 2016-04-25 10:26:26 -07:00			`];`
validate individual scopes 2016-04-25 10:21:55 -07:00
Provide better feedback on invalid scopes 2016-06-03 13:53:33 +02:00			`if (scope === '') return new ClientsError(ClientsError.INVALID_SCOPE, 'Empty scope not allowed');`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
validate individual scopes 2016-04-25 10:21:55 -07:00			`var allValid = scope.split(',').every(function (s) { return VALID_SCOPES.indexOf(s) !== -1; });`
Provide better feedback on invalid scopes 2016-06-03 13:53:33 +02:00			`if (!allValid) return new ClientsError(ClientsError.INVALID_SCOPE, 'Invalid scope. Available scopes are ' + VALID_SCOPES.join(', '));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
			`return null;`
			`}`

add type field to clients table 2015-10-15 16:31:45 -07:00			`function add(appId, type, redirectURI, scope, callback) {`
minor rename 2015-10-15 15:51:51 -07:00			`assert.strictEqual(typeof appId, 'string');`
add type field to clients table 2015-10-15 16:31:45 -07:00			`assert.strictEqual(typeof type, 'string');`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`assert.strictEqual(typeof redirectURI, 'string');`
			`assert.strictEqual(typeof scope, 'string');`
			`assert.strictEqual(typeof callback, 'function');`

Remove whitespace in scope input 2016-06-07 16:15:45 +02:00			`// allow whitespace`
			`scope = scope.split(',').map(function (s) { return s.trim(); }).join(',');`

app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`var error = validateScope(scope);`
			`if (error) return callback(error);`

Only allow alphanumerics and dash in auth client names 2016-06-23 10:16:02 +02:00			`// appId is also client name`
			`error = validateName(appId);`
			`if (error) return callback(error);`

app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`var id = 'cid-' + uuid.v4();`
use 128 byte passwords 2016-06-17 09:46:07 -05:00			`var clientSecret = hat(8 * 128);`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
add type field to clients table 2015-10-15 16:31:45 -07:00			`clientdb.add(id, appId, type, clientSecret, redirectURI, scope, function (error) {`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`if (error) return callback(error);`

			`var client = {`
			`id: id,`
minor rename 2015-10-15 15:51:51 -07:00			`appId: appId,`
add type field to clients table 2015-10-15 16:31:45 -07:00			`type: type,`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`clientSecret: clientSecret,`
			`redirectURI: redirectURI,`
			`scope: scope`
			`};`

			`callback(null, client);`
			`});`
			`}`

			`function get(id, callback) {`
			`assert.strictEqual(typeof id, 'string');`
			`assert.strictEqual(typeof callback, 'function');`

			`clientdb.get(id, function (error, result) {`
Do not use DatabaseError in routes clients.js 2016-06-13 13:29:39 +02:00			`if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`if (error) return callback(error);`
			`callback(null, result);`
			`});`
			`}`

			`function del(id, callback) {`
			`assert.strictEqual(typeof id, 'string');`
			`assert.strictEqual(typeof callback, 'function');`

			`clientdb.del(id, function (error, result) {`
Do not use DatabaseError in routes clients.js 2016-06-13 13:29:39 +02:00			`if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`if (error) return callback(error);`
			`callback(null, result);`
			`});`
			`}`

Simply return oauth clients instead of join with tokendb 2016-06-07 12:15:17 +02:00			`function getAll(callback) {`
Add clients.getAllWithDetails() 2016-06-07 11:17:29 +02:00			`assert.strictEqual(typeof callback, 'function');`

Simply return oauth clients instead of join with tokendb 2016-06-07 12:15:17 +02:00			`clientdb.getAll(function (error, results) {`
Add clients.getAllWithDetails() 2016-06-07 11:17:29 +02:00			`if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, []);`
			`if (error) return callback(error);`

			`var tmp = [];`
			`async.each(results, function (record, callback) {`
Allow to distinguish between built-in auth clients and external ones 2016-06-09 15:35:00 +02:00			`if (record.type === exports.TYPE_EXTERNAL \|\| record.type === exports.TYPE_BUILT_IN) {`
Remove redundant client TYPE_*s 2016-06-08 14:09:06 +02:00			`// the appId in this case holds the name`
Fix typo 2016-06-08 11:36:01 +02:00			`record.name = record.appId;`
Handle external api client requests separately 2016-06-07 12:00:18 +02:00
			`tmp.push(record);`

Add clients.getAllWithDetails() 2016-06-07 11:17:29 +02:00			`return callback(null);`
			`}`

			`appdb.get(record.appId, function (error, result) {`
			`if (error) {`
Fix error message 2016-06-07 15:56:22 +02:00			`console.error('Failed to get app details for oauth client', record.appId, error);`
Add clients.getAllWithDetails() 2016-06-07 11:17:29 +02:00			`return callback(null); // ignore error so we continue listing clients`
			`}`

			`if (record.type === exports.TYPE_PROXY) record.name = result.manifest.title + ' Website Proxy';`
			`if (record.type === exports.TYPE_OAUTH) record.name = result.manifest.title + ' OAuth';`

			`record.location = result.location;`

			`tmp.push(record);`

			`callback(null);`
			`});`
			`}, function (error) {`
			`if (error) return callback(error);`
			`callback(null, tmp);`
			`});`
			`});`
			`}`

Provide getByAppIdAndType() by clients.js 2016-06-03 14:47:06 +02:00			`function getByAppIdAndType(appId, type, callback) {`
			`assert.strictEqual(typeof appId, 'string');`
			`assert.strictEqual(typeof type, 'string');`
			`assert.strictEqual(typeof callback, 'function');`

			`clientdb.getByAppIdAndType(appId, type, function (error, result) {`
Do not use DatabaseError in routes clients.js 2016-06-13 13:29:39 +02:00			`if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));`
Provide getByAppIdAndType() by clients.js 2016-06-03 14:47:06 +02:00			`if (error) return callback(error);`
			`callback(null, result);`
			`});`
			`}`

app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`function getClientTokensByUserId(clientId, userId, callback) {`
			`assert.strictEqual(typeof clientId, 'string');`
			`assert.strictEqual(typeof userId, 'string');`
			`assert.strictEqual(typeof callback, 'function');`

Do not use PREFIX_USER for token managment 2016-06-03 12:58:39 +02:00			`tokendb.getByIdentifierAndClientId(userId, clientId, function (error, result) {`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`if (error && error.reason === DatabaseError.NOT_FOUND) {`
			`// this can mean either that there are no tokens or the clientId is actually unknown`
Use clients.get() instead of clientdb.get() 2016-06-13 13:51:14 +02:00			`get(clientId, function (error/, result/) {`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`if (error) return callback(error);`
			`callback(null, []);`
			`});`
			`return;`
			`}`
			`if (error) return callback(error);`
			`callback(null, result \|\| []);`
			`});`
			`}`

			`function delClientTokensByUserId(clientId, userId, callback) {`
			`assert.strictEqual(typeof clientId, 'string');`
			`assert.strictEqual(typeof userId, 'string');`
			`assert.strictEqual(typeof callback, 'function');`

Do not use PREFIX_USER for token managment 2016-06-03 12:58:39 +02:00			`tokendb.delByIdentifierAndClientId(userId, clientId, function (error) {`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`if (error && error.reason === DatabaseError.NOT_FOUND) {`
			`// this can mean either that there are no tokens or the clientId is actually unknown`
Do not use DatabaseError in routes clients.js 2016-06-13 13:29:39 +02:00			`get(clientId, function (error/, result/) {`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`if (error) return callback(error);`
			`callback(null);`
			`});`
			`return;`
			`}`
			`if (error) return callback(error);`
			`callback(null);`
			`});`
			`}`
Don't use clientdb directly from auth.js and apptask.js 2016-06-03 14:52:59 +02:00
			`function delByAppIdAndType(appId, type, callback) {`
			`assert.strictEqual(typeof appId, 'string');`
			`assert.strictEqual(typeof type, 'string');`
			`assert.strictEqual(typeof callback, 'function');`

delete tokens when deleting a client fixes #36 2016-09-07 10:42:55 -07:00			`getByAppIdAndType(appId, type, function (error, result) {`
Don't use clientdb directly from auth.js and apptask.js 2016-06-03 14:52:59 +02:00			`if (error) return callback(error);`
delete tokens when deleting a client fixes #36 2016-09-07 10:42:55 -07:00
			`tokendb.delByClientId(result.id, function (error) {`
			`if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));`

			`clientdb.delByAppIdAndType(appId, type, function (error) {`
			`if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));`
			`if (error) return callback(error);`

			`callback(null);`
			`});`
			`});`
Don't use clientdb directly from auth.js and apptask.js 2016-06-03 14:52:59 +02:00			`});`
			`}`
Add rest api to create a new token for a client 2016-06-07 14:29:37 +02:00
Allow optional expiresAt to be set on token creation 2016-06-07 15:47:13 +02:00			`function addClientTokenByUserId(clientId, userId, expiresAt, callback) {`
Add rest api to create a new token for a client 2016-06-07 14:29:37 +02:00			`assert.strictEqual(typeof clientId, 'string');`
			`assert.strictEqual(typeof userId, 'string');`
Allow optional expiresAt to be set on token creation 2016-06-07 15:47:13 +02:00			`assert.strictEqual(typeof expiresAt, 'number');`
Add rest api to create a new token for a client 2016-06-07 14:29:37 +02:00			`assert.strictEqual(typeof callback, 'function');`

			`get(clientId, function (error, result) {`
			`if (error) return callback(error);`

			`var token = tokendb.generateToken();`

			`tokendb.add(token, userId, result.id, expiresAt, result.scope, function (error) {`
			`if (error) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));`

The route creates the subobject 2016-06-07 14:47:47 +02:00			`callback(null, {`
Add rest api to create a new token for a client 2016-06-07 14:29:37 +02:00			`accessToken: token,`
			`identifier: userId,`
			`clientId: result.id,`
			`scope: result.id,`
			`expires: expiresAt`
The route creates the subobject 2016-06-07 14:47:47 +02:00			`});`
Add rest api to create a new token for a client 2016-06-07 14:29:37 +02:00			`});`
			`});`
			`}`
Add route to delete a single token 2016-06-07 15:34:27 +02:00
			`function delToken(clientId, tokenId, callback) {`
			`assert.strictEqual(typeof clientId, 'string');`
Fix typo 2016-06-07 15:38:30 +02:00			`assert.strictEqual(typeof tokenId, 'string');`
Add route to delete a single token 2016-06-07 15:34:27 +02:00			`assert.strictEqual(typeof callback, 'function');`

Add default clients in clients.js 2017-01-09 15:25:45 -08:00			`get(clientId, function (error) {`
Add route to delete a single token 2016-06-07 15:34:27 +02:00			`if (error) return callback(error);`

			`tokendb.del(tokenId, function (error) {`
Do not use DatabaseError in routes clients.js 2016-06-13 13:29:39 +02:00			`if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.INVALID_TOKEN, 'Invalid token'));`
Add route to delete a single token 2016-06-07 15:34:27 +02:00			`if (error) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));`

			`callback(null);`
			`});`
			`});`
			`}`
Add default clients in clients.js 2017-01-09 15:25:45 -08:00
			`function addDefaultClients(callback) {`
			`assert.strictEqual(typeof callback, 'function');`

			`debug('Adding default clients');`

			`// The domain might have changed, therefor we have to update the record`
			`// !!! This needs to be in sync with the webadmin, specifically login_callback.js`
			`const ADMIN_SCOPES="cloudron,developer,profile,users,apps,settings";`

			`// id, appId, type, clientSecret, redirectURI, scope`
			`async.series([`
			`clientdb.upsert.bind(null, 'cid-webadmin', 'Settings', 'built-in', 'secret-webadmin', config.adminOrigin(), ADMIN_SCOPES),`
			`clientdb.upsert.bind(null, 'cid-sdk', 'SDK', 'built-in', 'secret-sdk', config.adminOrigin(), '*,roleSdk'),`
			`clientdb.upsert.bind(null, 'cid-cli', 'Cloudron Tool', 'built-in', 'secret-cli', config.adminOrigin(), '*, roleSdk')`
			`], callback);`
			`}`