mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-05-05 06:37:10 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
etherpad-lite/src/node/security/OAuth2Provider.ts

264 lines
9.3 KiB
TypeScript
Raw Normal View History

Added oauth provider.
2024-03-23 07:38:23 +01:00
import {ArgsExpressType} from "../types/ArgsExpressType";
Added auth flow.
2024-03-24 20:53:44 +01:00
import Provider, {Account, Configuration, InteractionResults} from 'oidc-provider';
Fixed provider.
2024-03-24 14:18:58 +01:00
import {generateKeyPair, exportJWK} from 'jose'
Added auth flow.
2024-03-24 20:53:44 +01:00
import MemoryAdapter from "./OIDCAdapter";
import path from "path";
const settings = require('../utils/Settings');
import {IncomingForm} from 'formidable'
Added working oauth2.
2024-03-25 15:34:37 +01:00
import express, {Request, Response} from 'express';
Added auth flow.
2024-03-24 20:53:44 +01:00
import {format} from 'url'
import {ParsedUrlQuery} from "node:querystring";
Added working oauth2.
2024-03-25 15:34:37 +01:00
import cors from 'cors'
import {Http2ServerRequest, Http2ServerResponse} from "node:http2";
Added oauth provider.
2024-03-23 07:38:23 +01:00
const configuration: Configuration = {
Fixed provider.
2024-03-24 14:18:58 +01:00
scopes: ['openid', 'profile', 'email'],
Added auth flow.
2024-03-24 20:53:44 +01:00
findAccount: async (ctx, id) => {
Added working oauth2.
2024-03-25 15:34:37 +01:00
const users = settings.users as {
[username: string]: {
password: string;
is_admin: boolean;
}
}
const usersArray1 = Object.keys(users).map((username) => ({
username,
...users[username]
}));
const account = usersArray1.find((user) => user.username === id);
Fixed provider.
2024-03-24 14:18:58 +01:00
return {
accountId: id,
claims: () => ({
sub: id,
Added working oauth2.
2024-03-25 15:34:37 +01:00
test: "test",
admin: account?.is_admin
Fixed provider.
2024-03-24 14:18:58 +01:00
})
Added auth flow.
2024-03-24 20:53:44 +01:00
} as Account
},
ttl:{
AccessToken: 1 * 60 * 60, // 1 hour in seconds
AuthorizationCode: 10 * 60, // 10 minutes in seconds
ClientCredentials: 1 * 60 * 60, // 1 hour in seconds
IdToken: 1 * 60 * 60, // 1 hour in seconds
RefreshToken: 1 * 24 * 60 * 60, // 1 day in seconds
},
Added working oauth2.
2024-03-25 15:34:37 +01:00
claims: {
openid: ['sub'],
email: ['email'],
profile: ['name'],
admin: ['admin']
},
Added auth flow.
2024-03-24 20:53:44 +01:00
cookies: {
keys: ['oidc'],
},
features:{
devInteractions: {enabled: false},
},
adapter: MemoryAdapter
Added oauth provider.
2024-03-23 07:38:23 +01:00
};
Added auth flow.
2024-03-24 20:53:44 +01:00
Added working oauth2.
2024-03-25 15:34:37 +01:00
/*
This function is used to initialize the OAuth2 provider
*/
Fixed provider.
2024-03-24 14:18:58 +01:00
export const expressCreateServer = async (hookName: string, args: ArgsExpressType, cb: Function) => {
const {privateKey} = await generateKeyPair('RS256');
const privateKeyJWK = await exportJWK(privateKey);
Added working oauth2.
2024-03-25 15:34:37 +01:00
// Use cors middleware
args.app.use(cors({
origin: ['http://localhost:3001', 'https://oauth.pstmn.io'], // replace with your allowed origins
}));
Fixed provider.
2024-03-24 14:18:58 +01:00
const oidc = new Provider('http://localhost:9001', {
...configuration, jwks: {
keys: [
privateKeyJWK
],
},
Added working oauth2.
2024-03-25 15:34:37 +01:00
conformIdTokenClaims: false,
claims: {
address: ['address'],
email: ['email', 'email_verified'],
phone: ['phone_number', 'phone_number_verified'],
profile: ['birthdate', 'family_name', 'gender', 'given_name', 'locale', 'middle_name', 'name',
'nickname', 'picture', 'preferred_username', 'profile', 'updated_at', 'website', 'zoneinfo'],
},
features:{
userinfo: {enabled: true},
claimsParameter: {enabled: true},
devInteractions: {enabled: false},
resourceIndicators: {enabled: true, defaultResource(ctx) {
return ctx.origin;
},
getResourceServerInfo(ctx, resourceIndicator, client) {
return {
scope: client.scope as string,
audience: 'account',
accessTokenFormat: 'jwt',
};
},
useGrantedResource(ctx, model) {
return true;
},},
jwtResponseModes: {enabled: true},
},
clientBasedCORS: (ctx, origin, client) => {
return true
},
extraTokenClaims: async (ctx, token) => {
if(token.kind === 'AccessToken') {
// Add your custom claims here. For example:
const users = settings.users as {
[username: string]: {
password: string;
is_admin: boolean;
}
}
const usersArray1 = Object.keys(users).map((username) => ({
username,
...users[username]
}));
const account = usersArray1.find((user) => user.username === token.accountId);
return {
admin: account?.is_admin
};
}
},
clients: settings.sso.clients
Fixed provider.
2024-03-24 14:18:58 +01:00
});
Added auth flow.
2024-03-24 20:53:44 +01:00
Added working oauth2.
2024-03-25 15:34:37 +01:00
args.app.post('/interaction/:uid', async (req: Http2ServerRequest, res: Http2ServerResponse, next:Function) => {
Added auth flow.
2024-03-24 20:53:44 +01:00
const formid = new IncomingForm();
try {
Added working oauth2.
2024-03-25 15:34:37 +01:00
// @ts-ignore
Added auth flow.
2024-03-24 20:53:44 +01:00
const {login, password} = (await formid.parse(req))[0]
Added working oauth2.
2024-03-25 15:34:37 +01:00
const {prompt, jti, session,cid, params, grantId} = await oidc.interactionDetails(req, res);
Added auth flow.
2024-03-24 20:53:44 +01:00
Added working oauth2.
2024-03-25 15:34:37 +01:00
const client = await oidc.Client.find(params.client_id as string);
Added auth flow.
2024-03-24 20:53:44 +01:00
switch (prompt.name) {
case 'login': {
const users = settings.users as {
[username: string]: {
password: string;
admin: boolean;
}
}
const usersArray1 = Object.keys(users).map((username) => ({
username,
...users[username]
}));
const account = usersArray1.find((user) => user.username === login as unknown as string && user.password === password as unknown as string);
if (!account) {
res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify({error: "Invalid login"}));
}
if (account) {
await oidc.interactionFinished(req, res, {
login: {accountId: account.username}
}, {mergeWithLastSubmission: false});
}
break;
}
case 'consent': {
let grant;
if (grantId) {
// we'll be modifying existing grant in existing session
grant = await oidc.Grant.find(grantId);
} else {
// we're establishing a new grant
grant = new oidc.Grant({
accountId: session!.accountId,
clientId: params.client_id as string,
});
}
if (prompt.details.missingOIDCScope) {
Added working oauth2.
2024-03-25 15:34:37 +01:00
// @ts-ignore
Added auth flow.
2024-03-24 20:53:44 +01:00
grant!.addOIDCScope(prompt.details.missingOIDCScope.join(' '));
}
if (prompt.details.missingOIDCClaims) {
grant!.addOIDCClaims(prompt.details.missingOIDCClaims as string[]);
}
if (prompt.details.missingResourceScopes) {
for (const [indicator, scope] of Object.entries(prompt.details.missingResourceScopes)) {
grant!.addResourceScope(indicator, scope.join(' '));
}
}
const result = {consent: {grantId: await grant!.save()}};
await oidc.interactionFinished(req, res, result, {
mergeWithLastSubmission: true,
});
break;
}
}
await next();
Added working oauth2.
2024-03-25 15:34:37 +01:00
} catch (err:any) {
Fixed auth flow and added scaffolding vite config.
2024-03-24 21:12:58 +01:00
return res.writeHead(500).end(err.message);
Added auth flow.
2024-03-24 20:53:44 +01:00
}
})
Added working oauth2.
2024-03-25 15:34:37 +01:00
args.app.get('/interaction/:uid', async (req: Request, res: Response, next: Function) => {
Added auth flow.
2024-03-24 20:53:44 +01:00
try {
const {
uid, prompt, params, session,
} = await oidc.interactionDetails(req, res);
params["state"] = uid
switch (prompt.name) {
case 'login': {
res.redirect(format({
Added working oauth2.
2024-03-25 15:34:37 +01:00
pathname: '/views/login.html',
Added auth flow.
2024-03-24 20:53:44 +01:00
query: params as ParsedUrlQuery
}))
break
}
case 'consent': {
res.redirect(format({
Added working oauth2.
2024-03-25 15:34:37 +01:00
pathname: '/views/consent.html',
Added auth flow.
2024-03-24 20:53:44 +01:00
query: params as ParsedUrlQuery
}))
break
}
default:
return res.sendFile(path.join(settings.root,'src','static', 'oidc','login.html'));
}
} catch (err) {
return next(err);
}
});
Added working oauth2.
2024-03-25 15:34:37 +01:00
args.app.use('/views/', express.static(path.join(settings.root,'src','static', 'oidc'), {maxAge: 1000 * 60 * 60 * 24}));
Added auth flow.
2024-03-24 20:53:44 +01:00
Fixed auth flow and added scaffolding vite config.
2024-03-24 21:12:58 +01:00
/*
Fixed provider.
2024-03-24 14:18:58 +01:00
oidc.on('authorization.error', (ctx, error) => {
console.log('authorization.error', error);
})
Added auth flow.
2024-03-24 20:53:44 +01:00
oidc.on('server_error', (ctx, error) => {
console.log('server_error', error);
})
oidc.on('grant.error', (ctx, error) => {
console.log('grant.error', error);
})
oidc.on('introspection.error', (ctx, error) => {
console.log('introspection.error', error);
})
oidc.on('revocation.error', (ctx, error) => {
console.log('revocation.error', error);
Fixed auth flow and added scaffolding vite config.
2024-03-24 21:12:58 +01:00
})*/
Fixed provider.
2024-03-24 14:18:58 +01:00
args.app.use("/oidc", oidc.callback());
Added auth flow.
2024-03-24 20:53:44 +01:00
//cb();
Added oauth provider.
2024-03-23 07:38:23 +01:00
}
Reference in a new issue Copy permalink