-
Notifications
You must be signed in to change notification settings - Fork 27
/
Copy pathoauth.coffee
94 lines (65 loc) · 2.56 KB
/
oauth.coffee
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
oauthserver = Npm.require('oauth2-server')
express = Npm.require('express')
# WebApp.rawConnectHandlers.use app
# JsonRoutes.Middleware.use app
class OAuth2Server
constructor: (@config={}) ->
@app = express()
@routes = express()
@model = new Model(@config)
@oauth = oauthserver
model: @model
grants: ['authorization_code', 'refresh_token']
debug: @config.debug
@publishAuhorizedClients()
@initRoutes()
return @
publishAuhorizedClients: ->
Meteor.publish 'authorizedOAuth', ->
if not @userId?
return @ready()
return Meteor.users.find
_id: @userId
,
fields:
'oauth.authorizedClients': 1
return user?
initRoutes: ->
self = @
debugMiddleware = (req, res, next) ->
if self.config.debug is true
console.log '[OAuth2Server]', req.method, req.url
next()
# Transforms requests which are POST and aren't "x-www-form-urlencoded" content type
# and they pass the required information as query strings
transformRequestsNotUsingFormUrlencodedType = (req, res, next) ->
if not req.is('application/x-www-form-urlencoded') and req.method is 'POST'
if self.config.debug is true
console.log '[OAuth2Server]', 'Transforming a request to form-urlencoded with the query going to the body.'
req.headers['content-type'] = 'application/x-www-form-urlencoded'
req.body = Object.assign {}, req.body, req.query
next()
@app.all '/oauth/token', debugMiddleware, transformRequestsNotUsingFormUrlencodedType, @oauth.grant()
@app.get '/oauth/authorize', debugMiddleware, Meteor.bindEnvironment (req, res, next) ->
client = self.model.Clients.findOne({ active: true, clientId: req.query.client_id })
if not client?
return res.redirect '/oauth/error/404'
if not [].concat(client.redirectUri).includes(req.query.redirect_uri)
return res.redirect '/oauth/error/invalid_redirect_uri'
next()
@app.post '/oauth/authorize', debugMiddleware, Meteor.bindEnvironment (req, res, next) ->
if not req.body.token?
return res.sendStatus(401).send('No token')
user = Meteor.users.findOne
'services.resume.loginTokens.hashedToken': Accounts._hashLoginToken req.body.token
if not user?
return res.sendStatus(401).send('Invalid token')
req.user =
id: user._id
next()
@app.post '/oauth/authorize', debugMiddleware, @oauth.authCodeGrant (req, next) ->
if req.body.allow is 'yes'
Meteor.users.update req.user.id, {$addToSet: {'oauth.authorizedClients': @clientId}}
next(null, req.body.allow is 'yes', req.user)
@app.use @routes
@app.all '/oauth/*', @oauth.errorHandler()