119 lines
4.5 KiB
JavaScript
119 lines
4.5 KiB
JavaScript
'use strict';
|
|
|
|
exports = module.exports = {
|
|
clients: {
|
|
get,
|
|
list,
|
|
add,
|
|
update,
|
|
del
|
|
},
|
|
|
|
destroyUserSession
|
|
};
|
|
|
|
const assert = require('assert'),
|
|
BoxError = require('../boxerror.js'),
|
|
hat = require('../hat.js'),
|
|
oidc = require('../oidc.js'),
|
|
HttpError = require('connect-lastmile').HttpError,
|
|
HttpSuccess = require('connect-lastmile').HttpSuccess,
|
|
safe = require('safetydance'),
|
|
tokens = require('../tokens.js');
|
|
|
|
async function add(req, res, next) {
|
|
assert.strictEqual(typeof req.body, 'object');
|
|
|
|
if (typeof req.body.name !== 'string' || !req.body.name) return next(new HttpError(400, 'name must be non-empty string'));
|
|
if (typeof req.body.loginRedirectUri !== 'string') return next(new HttpError(400, 'loginRedirectUri must be non-empty string'));
|
|
if (req.body.tokenSignatureAlgorithm !== 'EdDSA' && req.body.tokenSignatureAlgorithm !== 'RS256') return next(new HttpError(400, 'tokenSignatureAlgorithm must be either EdDSA or RS256'));
|
|
|
|
// clients with appId are internal only
|
|
if (req.body.appId) return next(new HttpError(400, 'appId cannot be specified'));
|
|
|
|
const clientId = 'cid-' + hat(128);
|
|
const data = {
|
|
secret: hat(256),
|
|
name: req.body.name,
|
|
appId: '', // always empty for custom clients
|
|
tokenSignatureAlgorithm: req.body.tokenSignatureAlgorithm,
|
|
loginRedirectUri: req.body.loginRedirectUri
|
|
};
|
|
|
|
const [error] = await safe(oidc.clients.add(clientId, data));
|
|
if (error) return next(BoxError.toHttpError(error));
|
|
|
|
data.id = clientId;
|
|
|
|
next(new HttpSuccess(201, data));
|
|
}
|
|
|
|
async function get(req, res, next) {
|
|
assert.strictEqual(typeof req.params.clientId, 'string');
|
|
|
|
const [error, client] = await safe(oidc.clients.get(req.params.clientId));
|
|
if (error) return next(BoxError.toHttpError(error));
|
|
if (!client) return next(new HttpError(404, 'OpenID connect client not found'));
|
|
if (client.appId) return next(new HttpError(422, 'OpenID connect client from an internal app'));
|
|
|
|
next(new HttpSuccess(200, client));
|
|
}
|
|
|
|
async function update(req, res, next) {
|
|
assert.strictEqual(typeof req.params.clientId, 'string');
|
|
assert.strictEqual(typeof req.body, 'object');
|
|
|
|
if (typeof req.body.name !== 'string' || !req.body.name) return next(new HttpError(400, 'name must be non-empty string'));
|
|
if (typeof req.body.loginRedirectUri !== 'string' || !req.body.loginRedirectUri) return next(new HttpError(400, 'loginRedirectUri must be non-empty string'));
|
|
if (req.body.tokenSignatureAlgorithm !== 'EdDSA' && req.body.tokenSignatureAlgorithm !== 'RS256') return next(new HttpError(400, 'tokenSignatureAlgorithm must be either EdDSA or RS256'));
|
|
|
|
const [error, client] = await safe(oidc.clients.get(req.params.clientId));
|
|
if (error) return next(BoxError.toHttpError(error));
|
|
if (!client) return next(new HttpError(404, 'OpenID connect client not found'));
|
|
if (client.appId) return next(new HttpError(422, 'OpenID connect client from an internal app'));
|
|
|
|
const data = {
|
|
name: req.body.name,
|
|
appId: '', // always empty for custom clients
|
|
tokenSignatureAlgorithm: req.body.tokenSignatureAlgorithm,
|
|
loginRedirectUri: req.body.loginRedirectUri
|
|
};
|
|
|
|
const [updateError] = await safe(oidc.clients.update(req.params.clientId, data));
|
|
if (updateError) return next(BoxError.toHttpError(updateError));
|
|
|
|
next(new HttpSuccess(201, {}));
|
|
}
|
|
|
|
async function list(req, res, next) {
|
|
const [error, result] = await safe(oidc.clients.list());
|
|
if (error) return next(BoxError.toHttpError(error));
|
|
|
|
next(new HttpSuccess(200, { clients: result.filter(client => !client.appId) }));
|
|
}
|
|
|
|
async function del(req, res, next) {
|
|
assert.strictEqual(typeof req.params.clientId, 'string');
|
|
|
|
const [error, client] = await safe(oidc.clients.get(req.params.clientId));
|
|
if (error) return next(BoxError.toHttpError(error));
|
|
if (!client) return next(new HttpError(404, 'OpenID connect client not found'));
|
|
if (client.appId) return next(new HttpError(422, 'OpenID connect client from an internal app'));
|
|
|
|
const [delError] = await safe(oidc.clients.del(req.params.clientId));
|
|
if (delError) return next(BoxError.toHttpError(delError));
|
|
|
|
next(new HttpSuccess(204));
|
|
}
|
|
|
|
async function destroyUserSession(req, res, next) {
|
|
assert.strictEqual(typeof req.user, 'object');
|
|
|
|
const [error] = await safe(oidc.revokeByUserId(req.user.id));
|
|
if (error) return next(BoxError.toHttpError(error));
|
|
|
|
await safe(tokens.del(req.token.id));
|
|
|
|
next(new HttpSuccess(204));
|
|
}
|