-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathauthEndpoints.js
More file actions
136 lines (122 loc) · 3.15 KB
/
Copy pathauthEndpoints.js
File metadata and controls
136 lines (122 loc) · 3.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
const { get, last, clone } = require('lodash');
const AuthService = require('./authService');
const validator = require('validator');
const { GROUP_GENERATE, GROUP_READONLY } = require('../../constants');
const hasAllowedGroup = async (userInfo) => {
const groups = get(userInfo, 'groups', {});
if (!groups || !Array.isArray(groups)) {
console.log('User does not have valid groups assigned');
return false;
}
if (groups.includes(GROUP_GENERATE) || groups.includes(GROUP_READONLY)) {
return true;
}
return false;
};
const authorize = async (req, res, session) => {
const authRequest = req.body;
const modifiedSession = clone(session);
const { isTesting } = authRequest;
if (modifiedSession && isTesting) {
// When testing, code is already an access token (because tests fetched code with password grant request that gives you the correct access token)
modifiedSession.accessToken = authRequest.code;
const userInfo = await AuthService.requestUserInfo(authRequest.code);
modifiedSession.email = userInfo.email;
modifiedSession.groups = userInfo.groups;
return {
status: 200,
body: {
isOk: true,
email: userInfo.email,
},
modifiedSession,
};
}
if (!authRequest.code) {
console.log('No authorization code');
return {
body: {
isOk: false,
},
status: 401,
};
}
const tokenResponse = await AuthService.requestAccessToken(authRequest.code);
if (session && tokenResponse.access_token) {
modifiedSession.accessToken = tokenResponse.access_token;
const userInfo = await AuthService.requestUserInfo(modifiedSession.accessToken);
const isAllowed = await hasAllowedGroup(userInfo);
if (!isAllowed) {
return {
status: 401,
body: {
isOk: false,
message: 'No allowed group.',
},
};
}
modifiedSession.email = userInfo.email;
modifiedSession.groups = userInfo.groups;
const response = {
isOk: true,
email: userInfo.email,
};
return {
status: 200,
body: response,
modifiedSession,
};
}
console.log('No access token: ', tokenResponse);
const response = {
isOk: false,
};
return {
status: 401,
body: response,
};
};
const checkExistingSession = async (req, res, session) => {
if (session && session.accessToken) {
const isAllowed = await hasAllowedGroup(session);
if (!isAllowed) {
await AuthService.logoutFromIdentityProvider(session.accessToken);
return {
status: 200,
};
}
const response = {
isOk: true,
email: session.email,
groups: session.groups,
};
return {
status: 200,
body: response,
};
}
// console.log('No existing session');
const response = {
isOk: false,
};
return {
status: 200,
body: response,
};
};
const logout = async (req, res, session) => {
if (session && session.accessToken) {
await AuthService.logoutFromIdentityProvider(session.accessToken);
return {
status: 200,
};
}
return {
status: 401,
};
};
module.exports = {
authorize,
checkExistingSession,
logout,
};