X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=server%2Flib%2Foauth-model.ts;h=086856f41e3a0fc64469f450e6b8044f8a694ba2;hb=1c5fed88c5a24d7870550167421af2c4174aaa21;hp=d91b00c5577af4b1c66079951afb61d3da271eeb;hpb=f5028693a896a3076dd286ac0030e3d8f78f5ebf;p=oweals%2Fpeertube.git diff --git a/server/lib/oauth-model.ts b/server/lib/oauth-model.ts index d91b00c55..086856f41 100644 --- a/server/lib/oauth-model.ts +++ b/server/lib/oauth-model.ts @@ -1,44 +1,102 @@ -import { OAuthClientInstance, UserInstance } from '../models' -import { database as db } from '../initializers/database' -import { logger } from '../helpers' +import * as Bluebird from 'bluebird' +import { AccessDeniedError } from 'oauth2-server' +import { logger } from '../helpers/logger' +import { UserModel } from '../models/account/user' +import { OAuthClientModel } from '../models/oauth/oauth-client' +import { OAuthTokenModel } from '../models/oauth/oauth-token' +import { LRU_CACHE } from '../initializers/constants' +import { Transaction } from 'sequelize' +import { CONFIG } from '../initializers/config' +import * as LRUCache from 'lru-cache' +import { MOAuthTokenUser } from '@server/typings/models/oauth/oauth-token' type TokenInfo = { accessToken: string, refreshToken: string, accessTokenExpiresAt: Date, refreshTokenExpiresAt: Date } +const accessTokenCache = new LRUCache({ max: LRU_CACHE.USER_TOKENS.MAX_SIZE }) +const userHavingToken = new LRUCache({ max: LRU_CACHE.USER_TOKENS.MAX_SIZE }) + // --------------------------------------------------------------------------- +function deleteUserToken (userId: number, t?: Transaction) { + clearCacheByUserId(userId) + + return OAuthTokenModel.deleteUserToken(userId, t) +} + +function clearCacheByUserId (userId: number) { + const token = userHavingToken.get(userId) + + if (token !== undefined) { + accessTokenCache.del(token) + userHavingToken.del(userId) + } +} + +function clearCacheByToken (token: string) { + const tokenModel = accessTokenCache.get(token) + + if (tokenModel !== undefined) { + userHavingToken.del(tokenModel.userId) + accessTokenCache.del(token) + } +} + function getAccessToken (bearerToken: string) { logger.debug('Getting access token (bearerToken: ' + bearerToken + ').') - return db.OAuthToken.getByTokenAndPopulateUser(bearerToken) + if (!bearerToken) return Bluebird.resolve(undefined) + + if (accessTokenCache.has(bearerToken)) return Bluebird.resolve(accessTokenCache.get(bearerToken)) + + return OAuthTokenModel.getByTokenAndPopulateUser(bearerToken) + .then(tokenModel => { + if (tokenModel) { + accessTokenCache.set(bearerToken, tokenModel) + userHavingToken.set(tokenModel.userId, tokenModel.accessToken) + } + + return tokenModel + }) } function getClient (clientId: string, clientSecret: string) { logger.debug('Getting Client (clientId: ' + clientId + ', clientSecret: ' + clientSecret + ').') - return db.OAuthClient.getByIdAndSecret(clientId, clientSecret) + return OAuthClientModel.getByIdAndSecret(clientId, clientSecret) } function getRefreshToken (refreshToken: string) { logger.debug('Getting RefreshToken (refreshToken: ' + refreshToken + ').') - return db.OAuthToken.getByRefreshTokenAndPopulateClient(refreshToken) + return OAuthTokenModel.getByRefreshTokenAndPopulateClient(refreshToken) } -async function getUser (username: string, password: string) { - logger.debug('Getting User (username: ' + username + ', password: ******).') +async function getUser (usernameOrEmail: string, password: string) { + logger.debug('Getting User (username/email: ' + usernameOrEmail + ', password: ******).') - const user = await db.User.getByUsername(username) + const user = await UserModel.loadByUsernameOrEmail(usernameOrEmail) if (!user) return null const passwordMatch = await user.isPasswordMatch(password) if (passwordMatch === false) return null + if (user.blocked) throw new AccessDeniedError('User is blocked.') + + if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION && user.emailVerified === false) { + throw new AccessDeniedError('User email is not verified.') + } + return user } async function revokeToken (tokenInfo: TokenInfo) { - const token = await db.OAuthToken.getByRefreshTokenAndPopulateUser(tokenInfo.refreshToken) - if (token) token.destroy() + const token = await OAuthTokenModel.getByRefreshTokenAndPopulateUser(tokenInfo.refreshToken) + if (token) { + clearCacheByToken(token.accessToken) + + token.destroy() + .catch(err => logger.error('Cannot destroy token when revoking token.', { err })) + } /* * Thanks to https://github.com/manjeshpv/node-oauth2-server-implementation/blob/master/components/oauth/mongo-models.js @@ -53,7 +111,7 @@ async function revokeToken (tokenInfo: TokenInfo) { return expiredToken } -async function saveToken (token: TokenInfo, client: OAuthClientInstance, user: UserInstance) { +async function saveToken (token: TokenInfo, client: OAuthClientModel, user: UserModel) { logger.debug('Saving token ' + token.accessToken + ' for client ' + client.id + ' and user ' + user.id + '.') const tokenToCreate = { @@ -65,16 +123,17 @@ async function saveToken (token: TokenInfo, client: OAuthClientInstance, user: U userId: user.id } - const tokenCreated = await db.OAuthToken.create(tokenToCreate) - const tokenToReturn = Object.assign(tokenCreated, { client, user }) - - return tokenToReturn + const tokenCreated = await OAuthTokenModel.create(tokenToCreate) + return Object.assign(tokenCreated, { client, user }) } // --------------------------------------------------------------------------- // See https://github.com/oauthjs/node-oauth2-server/wiki/Model-specification for the model specifications export { + deleteUserToken, + clearCacheByUserId, + clearCacheByToken, getAccessToken, getClient, getRefreshToken,