overhauled mock auth solution
This commit is contained in:
13
api/package-lock.json
generated
13
api/package-lock.json
generated
@@ -20,6 +20,7 @@
|
||||
"morgan": "^1.10.1",
|
||||
"mysql2": "^3.14.3",
|
||||
"passport": "^0.7.0",
|
||||
"passport-custom": "^1.1.1",
|
||||
"passport-openidconnect": "^0.1.2"
|
||||
},
|
||||
"devDependencies": {
|
||||
@@ -3037,6 +3038,18 @@
|
||||
"url": "https://github.com/sponsors/jaredhanson"
|
||||
}
|
||||
},
|
||||
"node_modules/passport-custom": {
|
||||
"version": "1.1.1",
|
||||
"resolved": "https://registry.npmjs.org/passport-custom/-/passport-custom-1.1.1.tgz",
|
||||
"integrity": "sha512-/2m7jUGxmCYvoqenLB9UrmkCgPt64h8ZtV+UtuQklZ/Tn1NpKBeOorCYkB/8lMRoiZ5hUrCoMmDtxCS/d38mlg==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"passport-strategy": "1.x.x"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 0.10.0"
|
||||
}
|
||||
},
|
||||
"node_modules/passport-openidconnect": {
|
||||
"version": "0.1.2",
|
||||
"resolved": "https://registry.npmjs.org/passport-openidconnect/-/passport-openidconnect-0.1.2.tgz",
|
||||
|
||||
@@ -11,13 +11,11 @@
|
||||
"dev": "tsc && tsc-alias && node ./built/api/src/index.js",
|
||||
"prod": "tsc && tsc-alias && node ./built/api/src/index.js",
|
||||
"build": "tsc && tsc-alias",
|
||||
|
||||
"migrate": "node ./scripts/migrate.js",
|
||||
"migrate:create": "npm run migrate -- create -ext sql -dir /migrations",
|
||||
"migrate:seed": "node ./scripts/seed.js",
|
||||
"migrate:up": "npm run migrate -- up",
|
||||
"migrate:down": "npm run migrate -- down 1"
|
||||
|
||||
},
|
||||
"dependencies": {
|
||||
"@sentry/node": "^10.27.0",
|
||||
@@ -31,6 +29,7 @@
|
||||
"morgan": "^1.10.1",
|
||||
"mysql2": "^3.14.3",
|
||||
"passport": "^0.7.0",
|
||||
"passport-custom": "^1.1.1",
|
||||
"passport-openidconnect": "^0.1.2"
|
||||
},
|
||||
"devDependencies": {
|
||||
|
||||
@@ -15,6 +15,7 @@ import { logger } from '../services/logging/logger';
|
||||
const querystring = require('querystring');
|
||||
import { performance } from 'perf_hooks';
|
||||
import { CacheService } from '../services/cache/cache';
|
||||
import { Strategy as CustomStrategy } from 'passport-custom';
|
||||
|
||||
|
||||
function parseJwt(token) {
|
||||
@@ -33,7 +34,13 @@ const devLogin = (req: any, res: any, next: any) => {
|
||||
});
|
||||
};
|
||||
|
||||
passport.use(new OpenIDConnectStrategy({
|
||||
if (process.env.AUTH_MODE === "mock") {
|
||||
passport.use('mock', new CustomStrategy(async (req, done) => {
|
||||
const mockUser = { memberId: 1 };
|
||||
return done(null, mockUser);
|
||||
}))
|
||||
} else {
|
||||
passport.use('oidc', new OpenIDConnectStrategy({
|
||||
issuer: process.env.AUTH_ISSUER,
|
||||
authorizationURL: process.env.AUTH_DOMAIN + '/authorize/',
|
||||
tokenURL: process.env.AUTH_DOMAIN + '/token/',
|
||||
@@ -42,7 +49,7 @@ passport.use(new OpenIDConnectStrategy({
|
||||
clientSecret: process.env.AUTH_CLIENT_SECRET,
|
||||
callbackURL: process.env.AUTH_REDIRECT_URI,
|
||||
scope: ['openid', 'profile', 'discord']
|
||||
}, async function verify(issuer, sub, profile, jwtClaims, accessToken, refreshToken, params, cb) {
|
||||
}, async function verify(issuer, sub, profile, jwtClaims, accessToken, refreshToken, params, cb) {
|
||||
|
||||
// console.log('--- OIDC verify() called ---');
|
||||
// console.log('issuer:', issuer);
|
||||
@@ -135,23 +142,29 @@ passport.use(new OpenIDConnectStrategy({
|
||||
} finally {
|
||||
if (con) con.release();
|
||||
}
|
||||
}));
|
||||
}));
|
||||
}
|
||||
|
||||
router.get('/login', (req, res, next) => {
|
||||
// Store redirect target in session if provided
|
||||
req.session.redirectTo = req.query.redirect;
|
||||
req.session.redirectTo = req.query.redirect as string;
|
||||
|
||||
if (process.env.AUTH_MODE === 'mock') {
|
||||
return devLogin(req, res, next);
|
||||
}
|
||||
|
||||
next();
|
||||
}, passport.authenticate('openidconnect'));
|
||||
const strategy = process.env.AUTH_MODE === 'mock' ? 'mock' : 'oidc';
|
||||
|
||||
passport.authenticate(strategy, {
|
||||
successRedirect: (req.session.redirectTo || process.env.CLIENT_URL),
|
||||
failureRedirect: '/login'
|
||||
})(req, res, next);
|
||||
});
|
||||
|
||||
router.get('/callback', (req, res, next) => {
|
||||
|
||||
//escape if mocked
|
||||
if (process.env.AUTH_MODE === 'mock') {
|
||||
return res.redirect(process.env.CLIENT_URL || '/');
|
||||
}
|
||||
|
||||
const redirectURI = req.session.redirectTo;
|
||||
passport.authenticate('openidconnect', (err, user) => {
|
||||
passport.authenticate('oidc', (err, user) => {
|
||||
if (err) return next(err);
|
||||
if (!user) return res.redirect(process.env.CLIENT_URL);
|
||||
|
||||
@@ -181,12 +194,21 @@ router.get('/logout', [requireLogin], function (req, res, next) {
|
||||
sameSite: 'lax'
|
||||
});
|
||||
|
||||
if (process.env.AUTH_MODE === 'mock') {
|
||||
return res.redirect(process.env.CLIENT_URL || '/');
|
||||
}
|
||||
|
||||
var params = {
|
||||
client_id: process.env.AUTH_CLIENT_ID,
|
||||
returnTo: process.env.CLIENT_URL
|
||||
};
|
||||
|
||||
res.redirect(process.env.AUTH_END_SESSION_URI + '?' + querystring.stringify(params));
|
||||
const endSessionUri = process.env.AUTH_END_SESSION_URI;
|
||||
if (endSessionUri) {
|
||||
return res.redirect(endSessionUri + '?' + querystring.stringify(params));
|
||||
} else {
|
||||
return res.redirect(process.env.CLIENT_URL || '/');
|
||||
}
|
||||
})
|
||||
});
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user