CoreID/app/models/oauth/Client.model.js

92 lines
2.5 KiB
JavaScript
Raw Permalink Normal View History

const { Model } = require('flitter-orm')
2020-08-13 06:56:33 +00:00
const uuid = require('uuid').v4
/*
* OAuth2 Client Model
* ---------------------------------------------------
* Represents a single OAuth2 client. This class contains logic
* to create/update/delete the associated Flitter-Auth Oauth2Client
* instance.
*/
class ClientModel extends Model {
static get services() {
return [...super.services, 'models']
}
static get schema() {
return {
name: String,
uuid: {type: String, default: uuid},
secret: {type: String, default: uuid},
active: {type: Boolean, default: true},
api_scopes: [String],
redirect_url: String,
}
}
async application() {
const Application = this.models.get('Application')
return Application.findOne({ active: true, oauth_client_ids: this.id })
}
async update_auth_client() {
const Oauth2Client = this.models.get('auth::Oauth2Client')
let client = await Oauth2Client.findOne({ clientID: this.uuid })
// There's an associated client, but we're not active, so delete the assoc
if ( client && !this.active ) {
await client.delete()
return
}
if ( !client ) {
client = new Oauth2Client({
grants: ['authorization_code'],
})
}
client.clientID = this.uuid
client.clientSecret = this.secret
client.name = this.name
client.redirectUris = [this.redirect_url]
await client.save()
}
async save() {
await super.save()
// Save the associated flitter-auth-compatible client.
await this.update_auth_client()
}
async to_api() {
return {
id: this.id,
name: this.name,
uuid: this.uuid,
secret: this.secret,
api_scopes: this.api_scopes,
redirect_url: this.redirect_url,
}
}
// See flitter-auth/User
_array_allow_permission(array_of_permissions, permission) {
const permission_parts = permission.split(':')
for ( let i = permission_parts.length; i > 0; i-- ) {
const permission_string = permission_parts.slice(0, i).join(':')
if ( array_of_permissions.includes(permission_string) ) return true
}
return false
}
// See flitter-auth/User
can(scope){
return this._array_allow_permission(this.api_scopes, scope)
}
}
module.exports = exports = ClientModel