Introduce processor

author: Akihiko Odaki <nekomanma@pixiv.co.jp> 2018-03-29 01:20:40 +0900
committer: Akihiko Odaki <nekomanma@pixiv.co.jp> 2018-03-29 01:54:41 +0900
commit: 90f8fe7e538bb7e52d2558152a0390e693f39b11 (patch)
tree: 0f830887053c8f352b1cd0c13ca715fd14c1f030 /src/server/api/endpoints/auth
parent: Implement remote account resolution (diff)
download: sharkey-90f8fe7e538bb7e52d2558152a0390e693f39b11.tar.gz
sharkey-90f8fe7e538bb7e52d2558152a0390e693f39b11.tar.bz2
sharkey-90f8fe7e538bb7e52d2558152a0390e693f39b11.zip
4 files changed, 348 insertions, 0 deletions
diff --git a/src/server/api/endpoints/auth/accept.ts b/src/server/api/endpoints/auth/accept.ts
new file mode 100644
index 0000000000..4ee20a6d25
--- /dev/null
+++ b/src/server/api/endpoints/auth/accept.ts
@@ -0,0 +1,93 @@
+/**
+ * Module dependencies
+ */
+import rndstr from 'rndstr';
+const crypto = require('crypto');
+import $ from 'cafy';
+import App from '../../models/app';
+import AuthSess from '../../models/auth-session';
+import AccessToken from '../../models/access-token';
+
+/**
+ * @swagger
+ * /auth/accept:
+ *   post:
+ *     summary: Accept a session
+ *     parameters:
+ *       - $ref: "#/parameters/NativeToken"
+ *       -
+ *         name: token
+ *         description: Session Token
+ *         in: formData
+ *         required: true
+ *         type: string
+ *     responses:
+ *       204:
+ *         description: OK
+ *
+ *       default:
+ *         description: Failed
+ *         schema:
+ *           $ref: "#/definitions/Error"
+ */
+
+/**
+ * Accept
+ *
+ * @param {any} params
+ * @param {any} user
+ * @return {Promise<any>}
+ */
+module.exports = (params, user) => new Promise(async (res, rej) => {
+	// Get 'token' parameter
+	const [token, tokenErr] = $(params.token).string().$;
+	if (tokenErr) return rej('invalid token param');
+
+	// Fetch token
+	const session = await AuthSess
+		.findOne({ token: token });
+
+	if (session === null) {
+		return rej('session not found');
+	}
+
+	// Generate access token
+	const accessToken = rndstr('a-zA-Z0-9', 32);
+
+	// Fetch exist access token
+	const exist = await AccessToken.findOne({
+		app_id: session.app_id,
+		user_id: user._id,
+	});
+
+	if (exist === null) {
+		// Lookup app
+		const app = await App.findOne({
+			_id: session.app_id
+		});
+
+		// Generate Hash
+		const sha256 = crypto.createHash('sha256');
+		sha256.update(accessToken + app.secret);
+		const hash = sha256.digest('hex');
+
+		// Insert access token doc
+		await AccessToken.insert({
+			created_at: new Date(),
+			app_id: session.app_id,
+			user_id: user._id,
+			token: accessToken,
+			hash: hash
+		});
+	}
+
+	// Update session
+	await AuthSess.update(session._id, {
+		$set: {
+			user_id: user._id
+		}
+	});
+
+	// Response
+	res();
+});
diff --git a/src/server/api/endpoints/auth/session/generate.ts b/src/server/api/endpoints/auth/session/generate.ts
new file mode 100644
index 0000000000..dc6a045b6e
--- /dev/null
+++ b/src/server/api/endpoints/auth/session/generate.ts
@@ -0,0 +1,76 @@
+/**
+ * Module dependencies
+ */
+import * as uuid from 'uuid';
+import $ from 'cafy';
+import App from '../../../models/app';
+import AuthSess from '../../../models/auth-session';
+import config from '../../../../../conf';
+
+/**
+ * @swagger
+ * /auth/session/generate:
+ *   post:
+ *     summary: Generate a session
+ *     parameters:
+ *       -
+ *         name: app_secret
+ *         description: App Secret
+ *         in: formData
+ *         required: true
+ *         type: string
+ *
+ *     responses:
+ *       200:
+ *         description: OK
+ *         schema:
+ *           type: object
+ *           properties:
+ *             token:
+ *               type: string
+ *               description: Session Token
+ *             url:
+ *               type: string
+ *               description: Authentication form's URL
+ *       default:
+ *         description: Failed
+ *         schema:
+ *           $ref: "#/definitions/Error"
+ */
+
+/**
+ * Generate a session
+ *
+ * @param {any} params
+ * @return {Promise<any>}
+ */
+module.exports = (params) => new Promise(async (res, rej) => {
+	// Get 'app_secret' parameter
+	const [appSecret, appSecretErr] = $(params.app_secret).string().$;
+	if (appSecretErr) return rej('invalid app_secret param');
+
+	// Lookup app
+	const app = await App.findOne({
+		secret: appSecret
+	});
+
+	if (app == null) {
+		return rej('app not found');
+	}
+
+	// Generate token
+	const token = uuid.v4();
+
+	// Create session token document
+	const doc = await AuthSess.insert({
+		created_at: new Date(),
+		app_id: app._id,
+		token: token
+	});
+
+	// Response
+	res({
+		token: doc.token,
+		url: `${config.auth_url}/${doc.token}`
+	});
+});
diff --git a/src/server/api/endpoints/auth/session/show.ts b/src/server/api/endpoints/auth/session/show.ts
new file mode 100644
index 0000000000..73ac3185f6
--- /dev/null
+++ b/src/server/api/endpoints/auth/session/show.ts
@@ -0,0 +1,70 @@
+/**
+ * Module dependencies
+ */
+import $ from 'cafy';
+import AuthSess, { pack } from '../../../models/auth-session';
+
+/**
+ * @swagger
+ * /auth/session/show:
+ *   post:
+ *     summary: Show a session information
+ *     parameters:
+ *       -
+ *         name: token
+ *         description: Session Token
+ *         in: formData
+ *         required: true
+ *         type: string
+ *
+ *     responses:
+ *       200:
+ *         description: OK
+ *         schema:
+ *           type: object
+ *           properties:
+ *             created_at:
+ *               type: string
+ *               format: date-time
+ *               description: Date and time of the session creation
+ *             app_id:
+ *               type: string
+ *               description: Application ID
+ *             token:
+ *               type: string
+ *               description: Session Token
+ *             user_id:
+ *               type: string
+ *               description: ID of user who create the session
+ *             app:
+ *               $ref: "#/definitions/Application"
+ *       default:
+ *         description: Failed
+ *         schema:
+ *           $ref: "#/definitions/Error"
+ */
+
+/**
+ * Show a session
+ *
+ * @param {any} params
+ * @param {any} user
+ * @return {Promise<any>}
+ */
+module.exports = (params, user) => new Promise(async (res, rej) => {
+	// Get 'token' parameter
+	const [token, tokenErr] = $(params.token).string().$;
+	if (tokenErr) return rej('invalid token param');
+
+	// Lookup session
+	const session = await AuthSess.findOne({
+		token: token
+	});
+
+	if (session == null) {
+		return rej('session not found');
+	}
+
+	// Response
+	res(await pack(session, user));
+});
diff --git a/src/server/api/endpoints/auth/session/userkey.ts b/src/server/api/endpoints/auth/session/userkey.ts
new file mode 100644
index 0000000000..fc989bf8c2
--- /dev/null
+++ b/src/server/api/endpoints/auth/session/userkey.ts
@@ -0,0 +1,109 @@
+/**
+ * Module dependencies
+ */
+import $ from 'cafy';
+import App from '../../../models/app';
+import AuthSess from '../../../models/auth-session';
+import AccessToken from '../../../models/access-token';
+import { pack } from '../../../models/user';
+
+/**
+ * @swagger
+ * /auth/session/userkey:
+ *   post:
+ *     summary: Get an access token(userkey)
+ *     parameters:
+ *       -
+ *         name: app_secret
+ *         description: App Secret
+ *         in: formData
+ *         required: true
+ *         type: string
+ *       -
+ *         name: token
+ *         description: Session Token
+ *         in: formData
+ *         required: true
+ *         type: string
+ *
+ *     responses:
+ *       200:
+ *         description: OK
+ *         schema:
+ *           type: object
+ *           properties:
+ *             userkey:
+ *               type: string
+ *               description: Access Token
+ *             user:
+ *               $ref: "#/definitions/User"
+ *       default:
+ *         description: Failed
+ *         schema:
+ *           $ref: "#/definitions/Error"
+ */
+
+/**
+ * Generate a session
+ *
+ * @param {any} params
+ * @return {Promise<any>}
+ */
+module.exports = (params) => new Promise(async (res, rej) => {
+	// Get 'app_secret' parameter
+	const [appSecret, appSecretErr] = $(params.app_secret).string().$;
+	if (appSecretErr) return rej('invalid app_secret param');
+
+	// Lookup app
+	const app = await App.findOne({
+		secret: appSecret
+	});
+
+	if (app == null) {
+		return rej('app not found');
+	}
+
+	// Get 'token' parameter
+	const [token, tokenErr] = $(params.token).string().$;
+	if (tokenErr) return rej('invalid token param');
+
+	// Fetch token
+	const session = await AuthSess
+		.findOne({
+			token: token,
+			app_id: app._id
+		});
+
+	if (session === null) {
+		return rej('session not found');
+	}
+
+	if (session.user_id == null) {
+		return rej('this session is not allowed yet');
+	}
+
+	// Lookup access token
+	const accessToken = await AccessToken.findOne({
+		app_id: app._id,
+		user_id: session.user_id
+	});
+
+	// Delete session
+
+	/* https://github.com/Automattic/monk/issues/178
+	AuthSess.deleteOne({
+		_id: session._id
+	});
+	*/
+	AuthSess.remove({
+		_id: session._id
+	});
+
+	// Response
+	res({
+		access_token: accessToken.token,
+		user: await pack(session.user_id, null, {
+			detail: true
+		})
+	});
+});
author	Akihiko Odaki <nekomanma@pixiv.co.jp>	2018-03-29 01:20:40 +0900
committer	Akihiko Odaki <nekomanma@pixiv.co.jp>	2018-03-29 01:54:41 +0900
commit	90f8fe7e538bb7e52d2558152a0390e693f39b11 (patch)
tree	0f830887053c8f352b1cd0c13ca715fd14c1f030 /src/server/api/endpoints/auth
parent	Implement remote account resolution (diff)
download	sharkey-90f8fe7e538bb7e52d2558152a0390e693f39b11.tar.gz sharkey-90f8fe7e538bb7e52d2558152a0390e693f39b11.tar.bz2 sharkey-90f8fe7e538bb7e52d2558152a0390e693f39b11.zip