Added auth route

2019-08-02 17:02:14 +03:00
parent 8169d029c2
commit 0a0442569f
4 changed files with 103 additions and 6 deletions
--- a/server/package-lock.json
+++ b/server/package-lock.json
@ -1556,6 +1556,22 @@
      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.0.tgz",
      "integrity": "sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg=="
    },
+    "cookie-parser": {
+      "version": "1.4.4",
+      "resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.4.tgz",
+      "integrity": "sha512-lo13tqF3JEtFO7FyA49CqbhaFkskRJ0u/UAiINgrIXeRCY41c88/zxtrECl8AKH3B0hj9q10+h3Kt8I7KlW4tw==",
+      "requires": {
+        "cookie": "0.3.1",
+        "cookie-signature": "1.0.6"
+      },
+      "dependencies": {
+        "cookie": {
+          "version": "0.3.1",
+          "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.3.1.tgz",
+          "integrity": "sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s="
+        }
+      }
+    },
    "cookie-signature": {
      "version": "1.0.6",
      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
@ -2217,6 +2233,46 @@
        }
      }
    },
+    "express-session": {
+      "version": "1.16.2",
+      "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.16.2.tgz",
+      "integrity": "sha512-oy0sRsdw6n93E9wpCNWKRnSsxYnSDX9Dnr9mhZgqUEEorzcq5nshGYSZ4ZReHFhKQ80WI5iVUUSPW7u3GaKauw==",
+      "requires": {
+        "cookie": "0.3.1",
+        "cookie-signature": "1.0.6",
+        "debug": "2.6.9",
+        "depd": "~2.0.0",
+        "on-headers": "~1.0.2",
+        "parseurl": "~1.3.3",
+        "safe-buffer": "5.1.2",
+        "uid-safe": "~2.1.5"
+      },
+      "dependencies": {
+        "cookie": {
+          "version": "0.3.1",
+          "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.3.1.tgz",
+          "integrity": "sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s="
+        },
+        "debug": {
+          "version": "2.6.9",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+          "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+          "requires": {
+            "ms": "2.0.0"
+          }
+        },
+        "depd": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
+          "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw=="
+        },
+        "ms": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+          "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
+        }
+      }
+    },
    "extend": {
      "version": "3.0.2",
      "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
@ -4284,6 +4340,11 @@
        "ee-first": "1.1.1"
      }
    },
+    "on-headers": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.0.2.tgz",
+      "integrity": "sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA=="
+    },
    "once": {
      "version": "1.4.0",
      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
@ -4569,6 +4630,11 @@
      "resolved": "https://registry.npmjs.org/qs/-/qs-6.7.0.tgz",
      "integrity": "sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ=="
    },
+    "random-bytes": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/random-bytes/-/random-bytes-1.0.0.tgz",
+      "integrity": "sha1-T2ih3Arli9P7lYSMMDJNt11kNgs="
+    },
    "range-parser": {
      "version": "1.2.1",
      "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
@ -5552,6 +5618,14 @@
        "mime-types": "~2.1.24"
      }
    },
+    "uid-safe": {
+      "version": "2.1.5",
+      "resolved": "https://registry.npmjs.org/uid-safe/-/uid-safe-2.1.5.tgz",
+      "integrity": "sha512-KPHm4VL5dDXKz01UuEd88Df+KzynaohSL9fBh096KWAxSKZQDI2uBrVqtvRM4rwrIrRRKsdLNML/lnaaVSRioA==",
+      "requires": {
+        "random-bytes": "~1.0.0"
+      }
+    },
    "undefsafe": {
      "version": "2.0.2",
      "resolved": "https://registry.npmjs.org/undefsafe/-/undefsafe-2.0.2.tgz",
--- a/server/package.json
+++ b/server/package.json
@ -24,9 +24,11 @@
    "@babel/runtime": "^7.5.5",
    "@hapi/cryptiles": "^4.2.0",
    "body-parser": "^1.19.0",
+    "cookie-parser": "^1.4.4",
    "cors": "^2.8.5",
    "dotenv": "^8.0.0",
    "express": "^4.17.1",
+    "express-session": "^1.16.2",
    "forge-apis": "^0.4.5"
  }
 }
--- a/server/src/index.js
+++ b/server/src/index.js
@ -1,8 +1,11 @@
 import express from "express";
 import bodyParser from "body-parser";
+import cookieParser from "cookie-parser";
 import cors from "cors";
+import session from "express-session";

-import { port, originURL } from "./utils/config";
+import auth from "./routes/auth";
+import { port, originURL, clientSecret } from "./utils/config";

 const app = express();

@ -13,8 +16,24 @@ app.use(
  })
 );

+app.use(cookieParser());
+
+app.use(
+  session({
+    secret: clientSecret,
+    cookie: {
+      httpOnly: true,
+      maxAge: 1000 * 60 * 60
+    },
+    resave: false,
+    saveUninitialized: true
+  })
+);
+
 app.use(bodyParser.json());

+app.use("/api", auth);
+
 app.get("/", (req, res) => {
  res.send("Hello World!");
 });
--- a/server/src/routes/auth.js
+++ b/server/src/routes/auth.js
@ -19,7 +19,7 @@ router.get("/user/logout", (req, res) => {
  res.end("/");
 });

-router.get("/forge/clientID", (req, res) => {
+router.get("/forge/clientId", (req, res) => {
  res.json({
    ForgeClientId: clientId
  });
@ -51,7 +51,7 @@ router.get("/user/auth", (req, res) => {
  res.end(url);
 });

-router.get("/api/forge/callback/oauth", (req, res) => {
+router.get("/forge/callback/oauth", (req, res) => {
  const csrf = req.query.state;

  if (!csrf || csrf !== req.session.csrf) {
@ -78,7 +78,7 @@ router.get("/api/forge/callback/oauth", (req, res) => {
    .getToken(code)
    .then(internalCredentials => {
      session.internalCredentials = internalCredentials;
-      session.internalOAuth = req;
+      session.internalOAuth = request;

      // then refresh and get a limited scope token that we can send to the client
      const req2 = new forgeSDK.AuthClientThreeLegged(
@ -90,8 +90,8 @@ router.get("/api/forge/callback/oauth", (req, res) => {
      req2
        .refreshToken(internalCredentials)
        .then(publicCredentials => {
-          session.setPublicCredentials(publicCredentials);
-          session.setPublicOAuth(req2);
+          session.publicCredentials = publicCredentials;
+          session.publicOAuth = req2;

          res.redirect("/");
        })
@ -103,3 +103,5 @@ router.get("/api/forge/callback/oauth", (req, res) => {
      res.end(JSON.stringify(error));
    });
 });
+
+export default router;