96 lines
2.6 KiB
JavaScript
96 lines
2.6 KiB
JavaScript
const { Model } = require('flitter-orm')
|
|
const uuid = require('uuid/v4')
|
|
|
|
/*
|
|
* OAuth2 Client Model
|
|
* ---------------------------------------------------
|
|
* Represents a single OAuth2 client. This class contains logic
|
|
* to create/update/delete the associated Flitter-Auth Oauth2Client
|
|
* instance.
|
|
*/
|
|
class ClientModel extends Model {
|
|
static get services() {
|
|
return [...super.services, 'models']
|
|
}
|
|
|
|
static get schema() {
|
|
return {
|
|
name: String,
|
|
uuid: {type: String, default: uuid},
|
|
secret: {type: String, default: uuid},
|
|
active: {type: Boolean, default: true},
|
|
api_scopes: [String],
|
|
redirect_url: String,
|
|
}
|
|
}
|
|
|
|
can(scope) {
|
|
return this.api_scopes.includes()
|
|
}
|
|
|
|
async application() {
|
|
const Application = this.models.get('Application')
|
|
return Application.findOne({ active: true, oauth_client_ids: this.id })
|
|
}
|
|
|
|
async update_auth_client() {
|
|
const Oauth2Client = this.models.get('auth::Oauth2Client')
|
|
let client = await Oauth2Client.findOne({ clientID: this.uuid })
|
|
|
|
// There's an associated client, but we're not active, so delete the assoc
|
|
if ( client && !this.active ) {
|
|
await client.delete()
|
|
return
|
|
}
|
|
|
|
if ( !client ) {
|
|
client = new Oauth2Client({
|
|
grants: ['authorization_code'],
|
|
})
|
|
}
|
|
|
|
client.clientID = this.uuid
|
|
client.clientSecret = this.secret
|
|
client.name = this.name
|
|
client.redirectUris = [this.redirect_url]
|
|
await client.save()
|
|
}
|
|
|
|
async save() {
|
|
await super.save()
|
|
|
|
// Save the associated flitter-auth-compatible client.
|
|
await this.update_auth_client()
|
|
}
|
|
|
|
async to_api() {
|
|
return {
|
|
id: this.id,
|
|
name: this.name,
|
|
uuid: this.uuid,
|
|
secret: this.secret,
|
|
api_scopes: this.api_scopes,
|
|
redirect_url: this.redirect_url,
|
|
}
|
|
}
|
|
|
|
// See flitter-auth/User
|
|
_array_allow_permission(array_of_permissions, permission) {
|
|
const permission_parts = permission.split(':')
|
|
|
|
for ( let i = permission_parts.length; i > 0; i-- ) {
|
|
const permission_string = permission_parts.slice(0, i).join(':')
|
|
if ( array_of_permissions.includes(permission_string) ) return true
|
|
}
|
|
|
|
return false
|
|
}
|
|
|
|
// See flitter-auth/User
|
|
can(scope){
|
|
return this._array_allow_permission(this.api_scopes, scope)
|
|
}
|
|
}
|
|
|
|
module.exports = exports = ClientModel
|