jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Handle the various appId types we have by now

Browse Source
This commit is contained in:
Johannes Zellner
2015-10-15 17:57:07 +02:00
parent 09dfc6a34b
commit 5a0bf8071e
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/routes/oauth2.js
View File

@@ -377,7 +377,17 @@ var authorization = [
});
}),
function (req, res, next) {
appdb.get(req.oauth2.client.appId, function (error, appObject) {
// Handle our different types of oauth clients
var appId = req.oauth2.client.appId;
// TODO find a smarter way to test these
if (appId === constants.ADMIN_CLIENT_ID) return next();
if (appId === constants.TEST_CLIENT_ID) return next();
if (appId.indexOf('external-') === 0) return next();
if (appId.indexOf('addon-oauth-') === 0) appId = appId.slice('addon-oauth-'.length);
if (appId.indexOf('proxy-') === 0) appId = appId.slice('proxy-'.length);
appdb.get(appId, function (error, appObject) {
if (error) return sendErrorPageOrRedirect(req, res, 'Invalid request. Unknown app for this client_id.');
if (!apps.hasAccessTo(appObject, req.oauth2.user)) return sendErrorPageOrRedirect(req, res, 'No access to this app.');