verify all tokens that are provided
This commit is contained in:
tigerbot
parent
92d052faf0
commit
fa3816390b
@ -3,7 +3,7 @@
|
||||
var PromiseA = require('bluebird');
|
||||
|
||||
function extractAccessToken(req) {
|
||||
var token;
|
||||
var token = null;
|
||||
var parts;
|
||||
var scheme;
|
||||
var credentials;
|
||||
@ -133,6 +133,13 @@ function verifyToken(token) {
|
||||
url: OAUTH3.url.resolve(directives.api, url)
|
||||
, method: args.method
|
||||
, data: body
|
||||
}).catch(function (err) {
|
||||
return PromiseA.reject({
|
||||
message: 'failed to retrieve public key from token issuer'
|
||||
, code: 'E_NO_PUB_KEY'
|
||||
, url: 'https://oauth3.org/docs/errors#E_NO_PUB_KEY'
|
||||
, subErr: err.toString()
|
||||
});
|
||||
});
|
||||
}, function (err) {
|
||||
return PromiseA.reject({
|
||||
@ -178,6 +185,7 @@ function attachOauth3(req, res, next) {
|
||||
req.oauth3 = {};
|
||||
|
||||
extractAccessToken(req).then(function (token) {
|
||||
req.oauth3.encodedToken = token;
|
||||
req.oauth3.verifyAsync = function (jwt) {
|
||||
return verifyToken(jwt || token);
|
||||
};
|
||||
@ -185,38 +193,25 @@ function attachOauth3(req, res, next) {
|
||||
if (!token) {
|
||||
return null;
|
||||
}
|
||||
|
||||
var decoded;
|
||||
try {
|
||||
decoded = require('jsonwebtoken').decode(token);
|
||||
} catch (e) {}
|
||||
if (!decoded) {
|
||||
return PromiseA.reject({
|
||||
message: 'provided token not a JSON Web Token'
|
||||
, code: 'E_NOT_JWT'
|
||||
, url: 'https://oauth3.org/docs/errors#E_NOT_JWT'
|
||||
});
|
||||
}
|
||||
if (!decoded.iss) {
|
||||
return PromiseA.reject({
|
||||
message: 'token missing iss'
|
||||
, code: 'E_MISSING_ISS'
|
||||
, url: 'https://oauth3.org/docs/errors#E_MISSING_ISS'
|
||||
});
|
||||
}
|
||||
var ppid = decoded.sub || decoded.ppid || decoded.appScopedId;
|
||||
|
||||
req.oauth3.encodedToken = token;
|
||||
return verifyToken(token);
|
||||
}).then(function (decoded) {
|
||||
req.oauth3.token = decoded;
|
||||
if (!decoded) {
|
||||
return null;
|
||||
}
|
||||
|
||||
var ppid = decoded.sub || decoded.ppid || decoded.appScopedId;
|
||||
req.oauth3.ppid = ppid;
|
||||
req.oauth3.accountIdx = ppid+'@'+token.iss;
|
||||
req.oauth3.accountHash = require('crypto').createHash('sha256').update(req.oauth3.accountIdx).digest('base64');
|
||||
req.oauth3.accountHash = req.oauth3.accountHash.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+/g, '');
|
||||
req.oauth3.accountIdx = ppid+'@'+decoded.iss;
|
||||
|
||||
var hash = require('crypto').createHash('sha256').update(req.oauth3.accountIdx).digest('base64');
|
||||
hash = hash.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+/g, '');
|
||||
req.oauth3.accountHash = hash;
|
||||
|
||||
req.oauth3.rescope = function (sub) {
|
||||
// TODO: this function is supposed to convert PPIDs of different parties to some account
|
||||
// ID that allows application to keep track of permisions and what-not.
|
||||
return PromiseA.resolve(sub || ppid);
|
||||
return PromiseA.resolve(sub || hash);
|
||||
};
|
||||
}).then(function () {
|
||||
deepFreeze(req.oauth3);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user