peertube-plugin-livechat/server/lib/routers/oidc.ts

import type { RegisterServerOptions } from '@peertube/peertube-types'
import type { Router, Request, Response, NextFunction, CookieOptions } from 'express'
import { asyncMiddleware } from '../middlewares/async'
import { ExternalAuthOIDC } from '../external-auth/oidc'

const cookieNamePrefix = 'peertube-plugin-livechat-oidc-'
const cookieOptions: CookieOptions = {
  secure: true,
  httpOnly: true,
  sameSite: 'none',
  maxAge: 1000 * 60 * 10 // 10 minutes
}

async function initOIDCRouter (options: RegisterServerOptions): Promise<Router> {
  const { peertubeHelpers, getRouter } = options
  const router = getRouter()
  const logger = peertubeHelpers.logger

  router.get('/connect', asyncMiddleware(
    async (req: Request, res: Response, next: NextFunction) => {
      logger.info('[oidc router] OIDC connect call')
      try {
        const oidc = ExternalAuthOIDC.singleton()
        const oidcClient = await oidc.load()
        if (!oidcClient) {
          throw new Error('[oidc router] External Auth OIDC not loaded yet')
        }

        const authenticationProcess = await oidc.initAuthenticationProcess()
        res.cookie(cookieNamePrefix + 'code-verifier', authenticationProcess.encryptedCodeVerifier, cookieOptions)
        res.cookie(cookieNamePrefix + 'state', authenticationProcess.encryptedState, cookieOptions)
        return res.redirect(authenticationProcess.redirectUrl)
      } catch (err) {
        logger.error('[oidc router] Failed to process the OIDC callback: ' + (err as string))
        next()
      }
    }
  ))

  router.get('/cb', asyncMiddleware(
    async (req: Request, res: Response, next: NextFunction) => {
      logger.info('[oidc router] OIDC callback call')
      try {
        const oidc = ExternalAuthOIDC.singleton()
        const oidcClient = await oidc.load()
        if (!oidcClient) {
          throw new Error('[oidc router] External Auth OIDC not loaded yet')
        }

        const userInfos = await oidc.validateAuthenticationProcess(req, cookieNamePrefix)
        logger.info(JSON.stringify(userInfos)) // FIXME

        res.send('ok')
      } catch (err) {
        logger.error('[oidc router] Failed to process the OIDC callback: ' + (err as string))
        next()
      }
    }
  ))

  return router
}

export {
  initOIDCRouter
}
Possibility to configure an OpenID Connect provider on the instance level WIP (#128). 2024-04-16 16:49:23 +00:00			`import type { RegisterServerOptions } from '@peertube/peertube-types'`
			`import type { Router, Request, Response, NextFunction, CookieOptions } from 'express'`
			`import { asyncMiddleware } from '../middlewares/async'`
			`import { ExternalAuthOIDC } from '../external-auth/oidc'`

			`const cookieNamePrefix = 'peertube-plugin-livechat-oidc-'`
			`const cookieOptions: CookieOptions = {`
			`secure: true,`
			`httpOnly: true,`
			`sameSite: 'none',`
			`maxAge: 1000 * 60 * 10 // 10 minutes`
			`}`

			`async function initOIDCRouter (options: RegisterServerOptions): Promise<Router> {`
			`const { peertubeHelpers, getRouter } = options`
			`const router = getRouter()`
			`const logger = peertubeHelpers.logger`

			`router.get('/connect', asyncMiddleware(`
			`async (req: Request, res: Response, next: NextFunction) => {`
			`logger.info('[oidc router] OIDC connect call')`
			`try {`
			`const oidc = ExternalAuthOIDC.singleton()`
			`const oidcClient = await oidc.load()`
			`if (!oidcClient) {`
			`throw new Error('[oidc router] External Auth OIDC not loaded yet')`
			`}`

			`const authenticationProcess = await oidc.initAuthenticationProcess()`
			`res.cookie(cookieNamePrefix + 'code-verifier', authenticationProcess.encryptedCodeVerifier, cookieOptions)`
			`res.cookie(cookieNamePrefix + 'state', authenticationProcess.encryptedState, cookieOptions)`
			`return res.redirect(authenticationProcess.redirectUrl)`
			`} catch (err) {`
			`logger.error('[oidc router] Failed to process the OIDC callback: ' + (err as string))`
			`next()`
			`}`
			`}`
			`))`

			`router.get('/cb', asyncMiddleware(`
			`async (req: Request, res: Response, next: NextFunction) => {`
			`logger.info('[oidc router] OIDC callback call')`
			`try {`
			`const oidc = ExternalAuthOIDC.singleton()`
			`const oidcClient = await oidc.load()`
			`if (!oidcClient) {`
			`throw new Error('[oidc router] External Auth OIDC not loaded yet')`
			`}`

			`const userInfos = await oidc.validateAuthenticationProcess(req, cookieNamePrefix)`
			`logger.info(JSON.stringify(userInfos)) // FIXME`

			`res.send('ok')`
			`} catch (err) {`
			`logger.error('[oidc router] Failed to process the OIDC callback: ' + (err as string))`
			`next()`
			`}`
			`}`
			`))`

			`return router`
			`}`

			`export {`
			`initOIDCRouter`
			`}`