134 lines
3.7 KiB
JavaScript
134 lines
3.7 KiB
JavaScript
var _ = require('lodash'),
|
|
|
|
HEADER = 'header',
|
|
QUERY_PARAMS = 'queryParams',
|
|
BEARER = 'bearer',
|
|
MAC = 'mac',
|
|
AUTHORIZATION = 'Authorization',
|
|
ACCESS_TOKEN = 'access_token',
|
|
AUTHORIZATION_PREFIX = 'Bearer',
|
|
OAUTH2_PARAMETERS = [
|
|
'accessToken',
|
|
'addTokenTo',
|
|
'tokenType',
|
|
'headerPrefix'
|
|
];
|
|
|
|
/**
|
|
* @implements {AuthHandlerInterface}
|
|
*/
|
|
module.exports = {
|
|
/**
|
|
* @property {AuthHandlerInterface~AuthManifest}
|
|
*/
|
|
manifest: {
|
|
info: {
|
|
name: 'oauth2',
|
|
version: '1.0.0'
|
|
},
|
|
updates: [
|
|
{
|
|
property: AUTHORIZATION,
|
|
type: 'header'
|
|
},
|
|
{
|
|
property: ACCESS_TOKEN,
|
|
type: 'url.param'
|
|
}
|
|
]
|
|
},
|
|
|
|
/**
|
|
* Initializes an item (extracts parameters from intermediate requests if any, etc)
|
|
* before the actual authorization step.
|
|
*
|
|
* @param {AuthInterface} auth
|
|
* @param {Response} response
|
|
* @param {AuthHandlerInterface~authInitHookCallback} done
|
|
*/
|
|
init: function (auth, response, done) {
|
|
done(null);
|
|
},
|
|
|
|
/**
|
|
* Verifies whether the request has valid basic auth credentials (which is always).
|
|
* Sanitizes the auth parameters if needed.
|
|
*
|
|
* @param {AuthInterface} auth
|
|
* @param {AuthHandlerInterface~authPreHookCallback} done
|
|
*/
|
|
pre: function (auth, done) {
|
|
done(null, Boolean(auth.get('accessToken')));
|
|
},
|
|
|
|
/**
|
|
* Verifies whether the basic auth succeeded.
|
|
*
|
|
* @param {AuthInterface} auth
|
|
* @param {Response} response
|
|
* @param {AuthHandlerInterface~authPostHookCallback} done
|
|
*/
|
|
post: function (auth, response, done) {
|
|
done(null, true);
|
|
},
|
|
|
|
/**
|
|
* Signs a request.
|
|
*
|
|
* @param {AuthInterface} auth
|
|
* @param {Request} request
|
|
* @param {AuthHandlerInterface~authSignHookCallback} done
|
|
*/
|
|
sign: function (auth, request, done) {
|
|
var params = auth.get(OAUTH2_PARAMETERS),
|
|
tokenType;
|
|
|
|
// Validation
|
|
if (!params.accessToken) {
|
|
return done(); // Nothing to do if required parameters are not present.
|
|
}
|
|
|
|
// Defaults
|
|
params.addTokenTo = params.addTokenTo || HEADER; // Add token to header by default
|
|
params.tokenType = params.tokenType || BEARER; // Use `Bearer` token type by default
|
|
params.headerPrefix = _.isNil(params.headerPrefix) ?
|
|
AUTHORIZATION_PREFIX : _.trim(String(params.headerPrefix));
|
|
|
|
// add a space after prefix only if there is any prefix
|
|
params.headerPrefix && (params.headerPrefix += ' ');
|
|
|
|
// Some servers send 'Bearer' while others send 'bearer'
|
|
tokenType = _.toLower(params.tokenType);
|
|
|
|
// @TODO Add support for HMAC
|
|
if (tokenType === MAC) {
|
|
return done();
|
|
}
|
|
|
|
// treat every token types (other than MAC) as bearer token
|
|
|
|
// clean conflicting headers and query params
|
|
// @todo: we should be able to get conflicting params from auth manifest
|
|
// and clear them before the sign step for any auth
|
|
request.removeHeader(AUTHORIZATION, {ignoreCase: true});
|
|
request.removeQueryParams([ACCESS_TOKEN]);
|
|
|
|
if (params.addTokenTo === QUERY_PARAMS) {
|
|
request.addQueryParams({
|
|
key: ACCESS_TOKEN,
|
|
value: params.accessToken,
|
|
system: true
|
|
});
|
|
}
|
|
else if (params.addTokenTo === HEADER) {
|
|
request.addHeader({
|
|
key: AUTHORIZATION,
|
|
value: params.headerPrefix + params.accessToken,
|
|
system: true
|
|
});
|
|
}
|
|
|
|
return done();
|
|
}
|
|
};
|