forked from FoundKeyGang/FoundKey
add OAuth 2.0 Bearer Token authentication
This commit is contained in:
parent
fa41674262
commit
91bdab1a9d
3 changed files with 22 additions and 4 deletions
|
@ -34,7 +34,8 @@ export default (endpoint: IEndpoint, ctx: Koa.Context) => new Promise<void>((res
|
||||||
};
|
};
|
||||||
|
|
||||||
// Authentication
|
// Authentication
|
||||||
authenticate(body['i']).then(([user, app]) => {
|
// for GET requests, do not even pass on the body parameter as it is considered unsafe
|
||||||
|
authenticate(ctx.headers.authorization, ctx.method === 'GET' ? null : body['i']).then(([user, app]) => {
|
||||||
// API invoking
|
// API invoking
|
||||||
call(endpoint.name, user, app, body, ctx).then((res: any) => {
|
call(endpoint.name, user, app, body, ctx).then((res: any) => {
|
||||||
if (ctx.method === 'GET' && endpoint.meta.cacheSec && !body['i'] && !user) {
|
if (ctx.method === 'GET' && endpoint.meta.cacheSec && !body['i'] && !user) {
|
||||||
|
|
|
@ -15,8 +15,25 @@ export class AuthenticationError extends Error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
export default async (token: string | null): Promise<[CacheableLocalUser | null | undefined, AccessToken | null | undefined]> => {
|
export default async (authorization: string | null | undefined, bodyToken: string | null): Promise<[CacheableLocalUser | null | undefined, AccessToken | null | undefined]> => {
|
||||||
if (token == null) {
|
let token: string | null = null;
|
||||||
|
|
||||||
|
// check if there is an authorization header set
|
||||||
|
if (authorization != null) {
|
||||||
|
if (bodyToken != null) {
|
||||||
|
throw new AuthenticationError('using multiple authorization schemes');
|
||||||
|
}
|
||||||
|
|
||||||
|
// check if OAuth 2.0 Bearer tokens are being used
|
||||||
|
// Authorization schemes are case insensitive
|
||||||
|
if (authorization.substring(0, 7).toLowerCase() === 'bearer ') {
|
||||||
|
token = authorization.substring(7);
|
||||||
|
} else {
|
||||||
|
throw new AuthenticationError('unsupported authentication scheme');
|
||||||
|
}
|
||||||
|
} else if (bodyToken != null) {
|
||||||
|
token = bodyToken;
|
||||||
|
} else {
|
||||||
return [null, null];
|
return [null, null];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -20,7 +20,7 @@ export const initializeStreamingServer = (server: http.Server) => {
|
||||||
// TODO: トークンが間違ってるなどしてauthenticateに失敗したら
|
// TODO: トークンが間違ってるなどしてauthenticateに失敗したら
|
||||||
// コネクション切断するなりエラーメッセージ返すなりする
|
// コネクション切断するなりエラーメッセージ返すなりする
|
||||||
// (現状はエラーがキャッチされておらずサーバーのログに流れて邪魔なので)
|
// (現状はエラーがキャッチされておらずサーバーのログに流れて邪魔なので)
|
||||||
const [user, app] = await authenticate(q.i as string);
|
const [user, app] = await authenticate(request.httpRequest.headers.authorization, q.i);
|
||||||
|
|
||||||
if (user?.isSuspended) {
|
if (user?.isSuspended) {
|
||||||
request.reject(400);
|
request.reject(400);
|
||||||
|
|
Loading…
Reference in a new issue