jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

refactor scopes into accesscontrol.js

Browse Source 
this will be our authorization layer for oauth and non-oauth tokens.
This commit is contained in:
Girish Ramakrishnan
2018-04-26 15:54:53 -07:00
parent 6e3b060615
commit 3b7bcc1f61
12 changed files with 298 additions and 262 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/routes/accesscontrol.js
+59
View File
@@ -0,0 +1,59 @@
'use strict';
exports = module.exports = {
scope: scope,
websocketAuth: websocketAuth
};
var accesscontrol = require('../accesscontrol.js'),
assert = require('assert'),
auth = require('../auth.js'),
debug = require('debug')('box:routes/accesscontrol'),
HttpError = require('connect-lastmile').HttpError,
passport = require('passport');
// The scope middleware provides an auth middleware for routes.
//
// It is used for API routes, which are authenticated using accesstokens.
// Those accesstokens carry OAuth scopes and the middleware takes the required
// scope as an argument and will verify the accesstoken against it.
//
// See server.js:
// var profileScope = routes.oauth2.scope('profile');
//
function scope(requestedScope) {
assert.strictEqual(typeof requestedScope, 'string');
var requestedScopes = requestedScope.split(',');
debug('scope: add routes with requested scopes', requestedScopes);
return [
passport.authenticate(['bearer'], { session: false }),
function (req, res, next) {
var error = accesscontrol.validateRequestedScopes(req.authInfo || null, requestedScopes);
if (error) return next(new HttpError(401, error.message));
next();
}
];
}
function websocketAuth(requestedScopes, req, res, next) {
assert(Array.isArray(requestedScopes));
if (typeof req.query.access_token !== 'string') return next(new HttpError(401, 'Unauthorized'));
auth.accessTokenAuth(req.query.access_token, function (error, user, info) {
if (error) return next(new HttpError(500, error.message));
if (!user) return next(new HttpError(401, 'Unauthorized'));
req.user = user;
req.authInfo = info;
var e = accesscontrol.validateRequestedScopes(req.authInfo, requestedScopes);
if (e) return next(new HttpError(401, e.message));
next();
});
}