2020-05-17 04:55:08 +00:00
|
|
|
const { Controller } = require('libflitter')
|
|
|
|
const is_absolute_url = require('is-absolute-url')
|
|
|
|
|
|
|
|
class OAuthController extends Controller {
|
|
|
|
static get services() {
|
|
|
|
return [...super.services, 'models']
|
|
|
|
}
|
|
|
|
|
|
|
|
async get_clients(req, res, next) {
|
|
|
|
const Client = this.models.get('oauth:Client')
|
|
|
|
const clients = await Client.find({ active: true })
|
|
|
|
const data = []
|
|
|
|
|
|
|
|
for ( const client of clients ) {
|
|
|
|
if ( req.user.can(`oauth:client:${client.id}:view`) ) {
|
|
|
|
data.push(await client.to_api())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return res.api(data)
|
|
|
|
}
|
|
|
|
|
|
|
|
async get_client(req, res, next) {
|
|
|
|
const Client = this.models.get('oauth:Client')
|
|
|
|
const client = await Client.findById(req.params.id)
|
|
|
|
|
|
|
|
if ( !client || !client.active )
|
|
|
|
return res.status(404)
|
2020-05-31 01:16:10 +00:00
|
|
|
.message(req.T('api.client_not_found'))
|
2020-05-17 04:55:08 +00:00
|
|
|
.api()
|
|
|
|
|
|
|
|
if ( !req.user.can(`oauth:client:${client.id}:view`) )
|
|
|
|
return res.status(401)
|
2020-05-31 01:16:10 +00:00
|
|
|
.message(req.T('api.insufficient_permissions'))
|
2020-05-17 04:55:08 +00:00
|
|
|
.api()
|
|
|
|
|
|
|
|
return res.api(await client.to_api())
|
|
|
|
}
|
|
|
|
|
|
|
|
async create_client(req, res, next) {
|
|
|
|
if ( !req.user.can('oauth:client:create') )
|
|
|
|
return res.status(401)
|
2020-05-31 01:16:10 +00:00
|
|
|
.message(req.T('api.insufficient_permissions'))
|
2020-05-17 04:55:08 +00:00
|
|
|
.api()
|
|
|
|
|
|
|
|
const required_fields = ['name', 'api_scopes', 'redirect_url']
|
|
|
|
for ( const field of required_fields ) {
|
|
|
|
if ( !req.body[field] )
|
|
|
|
return res.status(400)
|
2020-05-31 01:16:10 +00:00
|
|
|
.message(`${req.T('api.missing_field')} ${field}`)
|
2020-05-17 04:55:08 +00:00
|
|
|
.api()
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( !Array.isArray(req.body.api_scopes) ) {
|
|
|
|
return res.status(400)
|
2020-05-31 01:16:10 +00:00
|
|
|
.message(`${req.T('api.improper_field')} api_scopes ${req.T('api.array')}`)
|
2020-05-17 04:55:08 +00:00
|
|
|
.api()
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( !is_absolute_url(req.body.redirect_url) )
|
|
|
|
return res.status(400)
|
2020-05-31 01:16:10 +00:00
|
|
|
.message(`${req.T('api.improper_field')} redirect_url ${req.T('api.absolute_url')}`)
|
2020-05-17 04:55:08 +00:00
|
|
|
.api()
|
|
|
|
|
|
|
|
const Client = this.models.get('oauth:Client')
|
|
|
|
const client = new Client({
|
|
|
|
name: req.body.name,
|
|
|
|
api_scopes: req.body.api_scopes,
|
|
|
|
redirect_url: req.body.redirect_url,
|
|
|
|
})
|
|
|
|
|
|
|
|
await client.save()
|
|
|
|
return res.api(await client.to_api())
|
|
|
|
}
|
|
|
|
|
|
|
|
async update_client(req, res, next) {
|
|
|
|
const Client = this.models.get('oauth:Client')
|
|
|
|
const client = await Client.findById(req.params.id)
|
|
|
|
|
|
|
|
if ( !client || !client.active )
|
|
|
|
return res.status(404)
|
2020-05-31 01:16:10 +00:00
|
|
|
.message(req.T('api.client_not_found'))
|
2020-05-17 04:55:08 +00:00
|
|
|
.api()
|
|
|
|
|
|
|
|
if ( !req.user.can(`oauth:client:${client.id}:update`) )
|
|
|
|
return res.status(401)
|
2020-05-31 01:16:10 +00:00
|
|
|
.message(req.T('api.insufficient_permissions'))
|
2020-05-17 04:55:08 +00:00
|
|
|
.api()
|
|
|
|
|
|
|
|
const required_fields = ['name', 'api_scopes', 'redirect_url']
|
|
|
|
for ( const field of required_fields ) {
|
|
|
|
if ( !req.body[field] )
|
|
|
|
return res.status(400)
|
2020-05-31 01:16:10 +00:00
|
|
|
.message(`${req.T('api.missing_field')} ${field}`)
|
2020-05-17 04:55:08 +00:00
|
|
|
.api()
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( !Array.isArray(req.body.api_scopes) )
|
|
|
|
return res.status(400)
|
2020-05-31 01:16:10 +00:00
|
|
|
.message(`${req.T('api.improper_field')} api_scopes ${req.T('api.array')}`)
|
2020-05-17 04:55:08 +00:00
|
|
|
.api()
|
|
|
|
|
|
|
|
if ( !is_absolute_url(req.body.redirect_url) )
|
|
|
|
return res.status(400)
|
2020-05-31 01:16:10 +00:00
|
|
|
.message(`${req.T('api.improper_field')} redirect_url ${req.T('api.absolute_url')}`)
|
2020-05-17 04:55:08 +00:00
|
|
|
.api()
|
|
|
|
|
|
|
|
client.name = req.body.name
|
|
|
|
client.api_scopes = req.body.api_scopes
|
|
|
|
client.redirect_url = req.body.redirect_url
|
|
|
|
|
|
|
|
await client.save()
|
|
|
|
return res.api()
|
|
|
|
}
|
|
|
|
|
|
|
|
async delete_client(req, res, next) {
|
|
|
|
const Client = this.models.get('oauth:Client')
|
|
|
|
const client = await Client.findById(req.params.id)
|
|
|
|
|
|
|
|
if ( !client || !client.active )
|
|
|
|
return res.status(404)
|
2020-05-31 01:16:10 +00:00
|
|
|
.message(req.T('api.client_not_found'))
|
2020-05-17 04:55:08 +00:00
|
|
|
.api()
|
|
|
|
|
|
|
|
if ( !req.user.can(`oauth:client:${client.id}:delete`) )
|
|
|
|
return res.status(401)
|
2020-05-31 01:16:10 +00:00
|
|
|
.message(req.T('api.insufficient_permissions'))
|
2020-05-17 04:55:08 +00:00
|
|
|
.api()
|
|
|
|
|
|
|
|
client.active = false
|
|
|
|
await client.save()
|
|
|
|
return res.api()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
module.exports = exports = OAuthController
|