2024-04-16 16:49:23 +00:00
|
|
|
import type { RegisterServerOptions } from '@peertube/peertube-types'
|
2024-04-17 10:09:25 +00:00
|
|
|
import type { Router, Request, Response, NextFunction } from 'express'
|
|
|
|
import type { OIDCAuthResult } from '../../../shared/lib/types'
|
2024-04-16 16:49:23 +00:00
|
|
|
import { asyncMiddleware } from '../middlewares/async'
|
|
|
|
import { ExternalAuthOIDC } from '../external-auth/oidc'
|
2024-04-17 13:12:37 +00:00
|
|
|
import { ExternalAuthenticationError } from '../external-auth/error'
|
2024-04-17 14:35:26 +00:00
|
|
|
import { ensureUser } from '../prosody/api/manage-users'
|
2024-04-16 16:49:23 +00:00
|
|
|
|
2024-04-17 10:09:25 +00:00
|
|
|
/**
|
|
|
|
* When using a popup for OIDC, writes the HTML/Javascript to close the popup
|
|
|
|
* and send the result to the parent window.
|
|
|
|
* @param result the result to send to the parent window
|
|
|
|
*/
|
|
|
|
function popupResultHTML (result: OIDCAuthResult): string {
|
|
|
|
return `<!DOCTYPE html><html>
|
|
|
|
<body>
|
|
|
|
<noscript>Your browser must enable javascript for this page to work.</noscript>
|
|
|
|
<script>
|
|
|
|
try {
|
|
|
|
const data = ${JSON.stringify(result)};
|
|
|
|
if (!window.opener || !window.opener.oidcGetResult) {
|
|
|
|
throw new Error("Can't find parent window callback handler.")
|
|
|
|
}
|
|
|
|
window.opener.oidcGetResult(data);
|
|
|
|
window.close();
|
|
|
|
} catch (err) {
|
|
|
|
document.body.innerText = 'Error: ' + err;
|
|
|
|
}
|
|
|
|
</script>
|
|
|
|
</body>
|
|
|
|
</html> `
|
2024-04-16 16:49:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
async function initOIDCRouter (options: RegisterServerOptions): Promise<Router> {
|
|
|
|
const { peertubeHelpers, getRouter } = options
|
|
|
|
const router = getRouter()
|
|
|
|
const logger = peertubeHelpers.logger
|
|
|
|
|
|
|
|
router.get('/connect', asyncMiddleware(
|
|
|
|
async (req: Request, res: Response, next: NextFunction) => {
|
|
|
|
logger.info('[oidc router] OIDC connect call')
|
|
|
|
try {
|
|
|
|
const oidc = ExternalAuthOIDC.singleton()
|
|
|
|
const oidcClient = await oidc.load()
|
|
|
|
if (!oidcClient) {
|
|
|
|
throw new Error('[oidc router] External Auth OIDC not loaded yet')
|
|
|
|
}
|
|
|
|
|
2024-04-17 10:09:25 +00:00
|
|
|
const redirectUrl = await oidc.initAuthenticationProcess(req, res)
|
|
|
|
res.redirect(redirectUrl)
|
2024-04-16 16:49:23 +00:00
|
|
|
} catch (err) {
|
|
|
|
logger.error('[oidc router] Failed to process the OIDC callback: ' + (err as string))
|
|
|
|
next()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
))
|
|
|
|
|
2024-04-18 07:52:27 +00:00
|
|
|
const cbHandler = asyncMiddleware(
|
2024-04-17 10:09:25 +00:00
|
|
|
async (req: Request, res: Response, _next: NextFunction) => {
|
2024-04-16 16:49:23 +00:00
|
|
|
logger.info('[oidc router] OIDC callback call')
|
|
|
|
try {
|
|
|
|
const oidc = ExternalAuthOIDC.singleton()
|
|
|
|
const oidcClient = await oidc.load()
|
|
|
|
if (!oidcClient) {
|
|
|
|
throw new Error('[oidc router] External Auth OIDC not loaded yet')
|
|
|
|
}
|
|
|
|
|
2024-04-17 13:12:37 +00:00
|
|
|
const externalAccountInfos = await oidc.validateAuthenticationProcess(req)
|
2024-04-18 08:23:52 +00:00
|
|
|
logger.debug('external account infos: ' + JSON.stringify(
|
2024-04-17 14:35:26 +00:00
|
|
|
Object.assign(
|
|
|
|
{},
|
|
|
|
externalAccountInfos,
|
|
|
|
{
|
2024-04-17 16:30:39 +00:00
|
|
|
password: '**removed**', // removing the password from logs!
|
2024-04-18 16:25:14 +00:00
|
|
|
token: '**removed**', // same as password
|
|
|
|
avatar: externalAccountInfos.avatar
|
|
|
|
? `**removed** ${externalAccountInfos.avatar.mimetype} avatar`
|
|
|
|
: undefined
|
2024-04-17 14:35:26 +00:00
|
|
|
}
|
|
|
|
)
|
|
|
|
))
|
|
|
|
|
|
|
|
// Now we create or update the user:
|
|
|
|
if (!await ensureUser(options, externalAccountInfos)) {
|
|
|
|
throw new ExternalAuthenticationError(
|
|
|
|
'Failing to create your account, please try again later or report this issue'
|
|
|
|
)
|
|
|
|
}
|
2024-04-16 16:49:23 +00:00
|
|
|
|
2024-04-17 10:09:25 +00:00
|
|
|
res.send(popupResultHTML({
|
|
|
|
ok: true,
|
2024-04-17 16:30:39 +00:00
|
|
|
token: externalAccountInfos.token
|
2024-04-17 10:09:25 +00:00
|
|
|
}))
|
2024-04-16 16:49:23 +00:00
|
|
|
} catch (err) {
|
|
|
|
logger.error('[oidc router] Failed to process the OIDC callback: ' + (err as string))
|
2024-04-17 13:12:37 +00:00
|
|
|
const message = err instanceof ExternalAuthenticationError ? err.message : undefined
|
|
|
|
res.status(500)
|
2024-04-17 10:09:25 +00:00
|
|
|
res.send(popupResultHTML({
|
2024-04-17 13:12:37 +00:00
|
|
|
ok: false,
|
|
|
|
message
|
2024-04-17 10:09:25 +00:00
|
|
|
}))
|
2024-04-16 16:49:23 +00:00
|
|
|
}
|
|
|
|
}
|
2024-04-18 07:52:27 +00:00
|
|
|
)
|
|
|
|
router.get('/cb', cbHandler)
|
|
|
|
router.post('/cb', cbHandler)
|
2024-04-16 16:49:23 +00:00
|
|
|
|
|
|
|
return router
|
|
|
|
}
|
|
|
|
|
|
|
|
export {
|
|
|
|
initOIDCRouter
|
|
|
|
}
|