2020-05-17 04:55:08 +00:00
|
|
|
const { Middleware } = require('libflitter')
|
|
|
|
|
|
|
|
class APIRouteMiddleware extends Middleware {
|
|
|
|
static get services() {
|
|
|
|
return [...super.services, 'models']
|
|
|
|
}
|
|
|
|
|
|
|
|
async test(req, res, next, { allow_token = true, allow_user = true }) {
|
2020-10-19 02:07:42 +00:00
|
|
|
if ( !req.additional_api_log_data ) req.additional_api_log_data = {}
|
|
|
|
|
2020-05-17 04:55:08 +00:00
|
|
|
// First, check if there is a user in the session.
|
2020-10-18 23:35:55 +00:00
|
|
|
if ( allow_user && req.user ) {
|
2020-10-19 02:07:42 +00:00
|
|
|
req.additional_api_log_data.authorized_by = 'user'
|
2020-05-17 04:55:08 +00:00
|
|
|
return next()
|
|
|
|
} else if ( allow_token ) {
|
2020-10-18 22:19:26 +00:00
|
|
|
if ( !req.oauth ) req.oauth = {}
|
2020-10-19 02:07:42 +00:00
|
|
|
req.additional_api_log_data.attempted_token_auth = true
|
2020-10-19 01:22:10 +00:00
|
|
|
|
2020-05-17 04:55:08 +00:00
|
|
|
return req.app.oauth2.authorise()(req, res, async e => {
|
|
|
|
if ( e ) return next(e)
|
2020-10-19 02:07:42 +00:00
|
|
|
|
|
|
|
req.additional_api_log_data.authorized_by = 'token'
|
|
|
|
|
2020-05-17 04:55:08 +00:00
|
|
|
// Look up the OAuth2 client an inject it into the route
|
|
|
|
if ( req.user && req.user.id ) {
|
|
|
|
const User = this.models.get('auth:User')
|
|
|
|
const user = await User.findById(req.user.id)
|
|
|
|
if ( !user )
|
|
|
|
return res.status(401)
|
|
|
|
.message('The user this token is associated with no longer exists.')
|
|
|
|
.api()
|
|
|
|
|
|
|
|
req.user = user
|
|
|
|
req.is_auth = true
|
|
|
|
|
|
|
|
// Look up the token and the associated client
|
|
|
|
const Oauth2BearerToken = this.models.get('auth::Oauth2BearerToken')
|
|
|
|
const Client = this.models.get('oauth:Client')
|
|
|
|
|
|
|
|
// e.g. "Bearer XYZ".split(' ')[1] -> "XYZ"
|
|
|
|
const bearer = req.headers.authorization.split(' ')[1]
|
|
|
|
const token = await Oauth2BearerToken.findOne({ accessToken: bearer })
|
|
|
|
if ( !token )
|
|
|
|
return res.status(401)
|
|
|
|
.message('Unable to lookup OAuth2 token.')
|
|
|
|
.api()
|
|
|
|
|
|
|
|
const client = await Client.findOne({uuid: token.clientID})
|
|
|
|
if ( !client )
|
|
|
|
return res.status(401)
|
|
|
|
.message('This OAuth2 client is no longer authorized.')
|
|
|
|
.api()
|
|
|
|
|
2020-10-19 02:07:42 +00:00
|
|
|
req.additional_api_log_data.token_client_id = client.uuid
|
|
|
|
req.additional_api_log_data.token = bearer
|
|
|
|
|
2020-05-17 04:55:08 +00:00
|
|
|
req.oauth.token = token
|
|
|
|
req.oauth.client = client
|
|
|
|
} else
|
|
|
|
return res.status(401)
|
|
|
|
.message('Unable to lookup user associated with that token.')
|
|
|
|
.api()
|
|
|
|
|
|
|
|
next()
|
|
|
|
})
|
2020-10-19 01:22:10 +00:00
|
|
|
} else {
|
|
|
|
return res.status(401).api()
|
2020-05-17 04:55:08 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
module.exports = exports = APIRouteMiddleware
|