2024-05-23 09:42:14 +00:00
|
|
|
// SPDX-FileCopyrightText: 2024 John Livingston <https://www.john-livingston.fr/>
|
|
|
|
|
//
|
|
|
|
|
// SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
|
2023-09-07 15:20:01 +00:00
|
|
|
import type { RegisterServerOptions } from '@peertube/peertube-types'
|
|
|
|
|
import type { Router, Request, Response, NextFunction } from 'express'
|
|
|
|
|
import { asyncMiddleware } from '../../middlewares/async'
|
|
|
|
|
import { getProsodyDomain } from '../../prosody/config/domain'
|
2024-06-16 17:48:02 +00:00
|
|
|
import { LivechatProsodyAuth } from '../../prosody/auth'
|
2024-04-17 16:30:39 +00:00
|
|
|
import { ExternalAuthOIDC } from '../../external-auth/oidc'
|
2023-09-07 15:20:01 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Instanciate the authentication API.
|
|
|
|
|
* This API is used by the frontend to get current user's XMPP credentials.
|
|
|
|
|
* @param options server register options
|
|
|
|
|
*/
|
|
|
|
|
async function initAuthApiRouter (options: RegisterServerOptions, router: Router): Promise<void> {
|
|
|
|
|
router.get('/auth', asyncMiddleware(
|
|
|
|
|
async (req: Request, res: Response, _next: NextFunction) => {
|
|
|
|
|
const user = await options.peertubeHelpers.user.getAuthUser(res)
|
2024-04-17 16:30:39 +00:00
|
|
|
|
|
|
|
|
if (!user) {
|
|
|
|
|
// No Peertube user, but perhaps an external authentication?
|
2024-04-19 07:53:23 +00:00
|
|
|
const token = req.header('X-Peertube-Plugin-Livechat-External-Auth-OIDC-Token')
|
2024-04-17 16:30:39 +00:00
|
|
|
if (token) {
|
|
|
|
|
try {
|
2024-04-22 11:03:31 +00:00
|
|
|
const oidc = ExternalAuthOIDC.singletonForToken(token)
|
|
|
|
|
if (oidc && await oidc.isOk()) {
|
2024-04-17 16:30:39 +00:00
|
|
|
const unserializedToken = await oidc.unserializeToken(token)
|
|
|
|
|
if (unserializedToken) {
|
|
|
|
|
res.status(200).json({
|
|
|
|
|
jid: unserializedToken.jid,
|
|
|
|
|
password: unserializedToken.password,
|
2024-04-18 14:24:09 +00:00
|
|
|
nickname: unserializedToken.nickname,
|
|
|
|
|
type: 'oidc'
|
2024-04-17 16:30:39 +00:00
|
|
|
})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} catch (err) {
|
|
|
|
|
options.peertubeHelpers.logger.error(err)
|
|
|
|
|
// Just continue with the normal flow.
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-16 17:48:02 +00:00
|
|
|
const tempPassword = await LivechatProsodyAuth.singleton().getUserTempPassword(user)
|
|
|
|
|
if (!tempPassword) {
|
2023-09-07 15:20:01 +00:00
|
|
|
res.sendStatus(403)
|
|
|
|
|
return
|
|
|
|
|
}
|
2024-06-16 17:48:02 +00:00
|
|
|
res.status(200).json(tempPassword)
|
|
|
|
|
}
|
|
|
|
|
))
|
|
|
|
|
|
|
|
|
|
router.get('/auth/tokens', asyncMiddleware(
|
|
|
|
|
async (req: Request, res: Response, _next: NextFunction) => {
|
|
|
|
|
const user = await options.peertubeHelpers.user.getAuthUser(res)
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
const tokens = await LivechatProsodyAuth.singleton().getUserTokens(user)
|
|
|
|
|
if (!tokens) {
|
|
|
|
|
res.sendStatus(403)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
res.status(200).json(tokens)
|
|
|
|
|
} catch (err) {
|
|
|
|
|
options.peertubeHelpers.logger.error(err as string)
|
|
|
|
|
res.sendStatus(500)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
))
|
|
|
|
|
|
|
|
|
|
router.post('/auth/tokens', asyncMiddleware(
|
|
|
|
|
async (req: Request, res: Response, _next: NextFunction) => {
|
|
|
|
|
const user = await options.peertubeHelpers.user.getAuthUser(res)
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
const label = req.body.label
|
|
|
|
|
if ((typeof label !== 'string') || !label) {
|
|
|
|
|
res.sendStatus(400)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
const token = await LivechatProsodyAuth.singleton().createUserToken(user, label)
|
|
|
|
|
if (!token) {
|
|
|
|
|
res.sendStatus(403)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
res.status(200).json(token)
|
|
|
|
|
} catch (err) {
|
|
|
|
|
options.peertubeHelpers.logger.error(err as string)
|
|
|
|
|
res.sendStatus(500)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
))
|
|
|
|
|
|
|
|
|
|
router.delete('/auth/tokens/:tokenId', asyncMiddleware(
|
|
|
|
|
async (req: Request, res: Response, _next: NextFunction) => {
|
|
|
|
|
const user = await options.peertubeHelpers.user.getAuthUser(res)
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
const tokenId = parseInt(req.params.tokenId)
|
|
|
|
|
if (isNaN(tokenId)) {
|
|
|
|
|
res.sendStatus(400)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
const r = await LivechatProsodyAuth.singleton().revokeUserToken(user, tokenId)
|
|
|
|
|
if (!r) {
|
|
|
|
|
res.sendStatus(403)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
res.status(200).json(true)
|
|
|
|
|
} catch (err) {
|
|
|
|
|
options.peertubeHelpers.logger.error(err as string)
|
|
|
|
|
res.sendStatus(500)
|
2023-09-07 15:20:01 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Instanciates API used by the Prosody module http_auth.
|
|
|
|
|
* This is used to check user's credentials.
|
|
|
|
|
* @param options server register options
|
|
|
|
|
* @returns a router
|
|
|
|
|
*/
|
|
|
|
|
async function initUserAuthApiRouter (options: RegisterServerOptions, router: Router): Promise<void> {
|
|
|
|
|
const logger = options.peertubeHelpers.logger
|
|
|
|
|
|
|
|
|
|
router.post('/user/register', asyncMiddleware(
|
|
|
|
|
async (req: Request, res: Response, _next: NextFunction) => {
|
|
|
|
|
res.sendStatus(501)
|
|
|
|
|
}
|
|
|
|
|
))
|
|
|
|
|
|
|
|
|
|
router.get('/user/check_password', asyncMiddleware(
|
|
|
|
|
async (req: Request, res: Response, _next: NextFunction) => {
|
|
|
|
|
const prosodyDomain = await getProsodyDomain(options)
|
|
|
|
|
const user = req.query.user
|
|
|
|
|
const server = req.query.server
|
|
|
|
|
const pass = req.query.pass
|
|
|
|
|
if (server !== prosodyDomain) {
|
|
|
|
|
logger.warn(`Cannot call check_password on user on server ${server as string}.`)
|
|
|
|
|
res.status(200).send('false')
|
|
|
|
|
return
|
|
|
|
|
}
|
2024-06-16 17:48:02 +00:00
|
|
|
if (user && pass && await LivechatProsodyAuth.singleton().checkUserPassword(user as string, pass as string)) {
|
2023-09-07 15:20:01 +00:00
|
|
|
res.status(200).send('true')
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
res.status(200).send('false')
|
|
|
|
|
}
|
|
|
|
|
))
|
|
|
|
|
|
|
|
|
|
router.get('/user/user_exists', asyncMiddleware(
|
|
|
|
|
async (req: Request, res: Response, _next: NextFunction) => {
|
|
|
|
|
const prosodyDomain = await getProsodyDomain(options)
|
|
|
|
|
const user = req.query.user
|
|
|
|
|
const server = req.query.server
|
|
|
|
|
if (server !== prosodyDomain) {
|
|
|
|
|
logger.warn(`Cannot call user_exists on user on server ${server as string}.`)
|
|
|
|
|
res.status(200).send('false')
|
|
|
|
|
return
|
|
|
|
|
}
|
2024-06-16 17:48:02 +00:00
|
|
|
if (user && await LivechatProsodyAuth.singleton().userRegistered(user as string)) {
|
2023-09-07 15:20:01 +00:00
|
|
|
res.status(200).send('true')
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
res.status(200).send('false')
|
|
|
|
|
}
|
|
|
|
|
))
|
|
|
|
|
|
|
|
|
|
router.post('/user/set_password', asyncMiddleware(
|
|
|
|
|
async (req: Request, res: Response, _next: NextFunction) => {
|
|
|
|
|
res.sendStatus(501)
|
|
|
|
|
}
|
|
|
|
|
))
|
|
|
|
|
|
|
|
|
|
router.post('/user/remove_user', asyncMiddleware(
|
|
|
|
|
async (req: Request, res: Response, _next: NextFunction) => {
|
|
|
|
|
res.sendStatus(501)
|
|
|
|
|
}
|
|
|
|
|
))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export {
|
|
|
|
|
initAuthApiRouter,
|
|
|
|
|
initUserAuthApiRouter
|
|
|
|
|
}
|
