keycloak-demo/controllers/oauth/index.js

const debug = require('debug')('ctrl:common')
const util = require('util')
const url = require('url')
const sso = require('src/utils/sso/index.js')
const { get: getCacheInstance } = require('src/utils/cache.js')
const { resp, codeMessage, APIError } = require('src/utils/response/index.js')
const config = require('src/config/index.js')
const acl = require('src/utils/acl.js')
const { copyObject } = require('src/utils/index.js')

const controller = {}
module.exports = controller

controller.verifyCode = () => async (ctx) => {
  const { code, session_state: sessionState, state } = ctx.query

  // logout flow redirect tot frontend
  if (state === 'logout') {
    ctx.redirect(config.server.frontend_url)
    return
  }

  // get back url from redis
  const cacheKey = `login-${state}`
  const cache = getCacheInstance()

  const data = cache.get(cacheKey)
  if (!data) ctx.throw('get login cache fail')
  const stateObj = JSON.parse(data)
  const { back_url: backURL } = stateObj
  if (!backURL) ctx.throw('cache data missing')

  const u = new url.URL(backURL)

  try {
    const token = await sso.getToken(code, sessionState)

    if (!acl.checkAllow(token.groups)) {
      const copy = copyObject(resp.Forbidden)
      copy.object = codeMessage.CodeAccountNoPermission
      throw new APIError('account no permission', copy)
    }

    // set accessToken/refreshToken cache
    cache.set(token.access_token, token.refresh_token, false)

    u.searchParams.append(
      'success',
      Buffer.from(JSON.stringify({ token: token.access_token })).toString('base64')
    )

    try {
      cache.del(cacheKey)
    } catch (err) {
      debug(`delete cache fail: ${util.inspect(err, false, null)}`)
    }
  } catch (err) {
    debug(`openid verify fail: ${util.inspect(err, false, null)}`)

    /** @type {object} */
    const errObj = { ...codeMessage.CodeInternalError }

    if (err instanceof APIError) {
      // @ts-ignore
      Object.assign(errObj, err.object.object)
    }

    errObj.errorStack = err.stack
    errObj.errorMessage = err.message
    u.searchParams.append(
      'error',
      Buffer.from(JSON.stringify(errObj)).toString('base64')
    )
  }

  ctx.redirect(u.toString())
}
update 2021-09-01 12:46:41 +00:00			`const debug = require('debug')('ctrl:common')`
			`const util = require('util')`
			`const url = require('url')`
			`const sso = require('src/utils/sso/index.js')`
			`const { get: getCacheInstance } = require('src/utils/cache.js')`
update 2021-09-01 13:15:26 +00:00			`const { resp, codeMessage, APIError } = require('src/utils/response/index.js')`
update 2021-09-01 12:46:41 +00:00			`const config = require('src/config/index.js')`
update 2021-09-01 13:15:26 +00:00			`const acl = require('src/utils/acl.js')`
			`const { copyObject } = require('src/utils/index.js')`
[feat] Init code 2021-08-31 10:24:42 +00:00
update 2021-09-01 12:46:41 +00:00			`const controller = {}`
			`module.exports = controller`
[feat] Init code 2021-08-31 10:24:42 +00:00
update 2021-09-01 11:30:21 +00:00			`controller.verifyCode = () => async (ctx) => {`
update 2021-09-01 12:46:41 +00:00			`const { code, session_state: sessionState, state } = ctx.query`
[feat] Init code 2021-08-31 10:24:42 +00:00
			`// logout flow redirect tot frontend`
update 2021-09-01 12:46:41 +00:00			`if (state === 'logout') {`
			`ctx.redirect(config.server.frontend_url)`
			`return`
[feat] Init code 2021-08-31 10:24:42 +00:00			`}`

			`// get back url from redis`
update 2021-09-01 12:46:41 +00:00			const cacheKey = `login-${state}`
			`const cache = getCacheInstance()`
[feat] Init code 2021-08-31 10:24:42 +00:00
update 2021-09-01 12:46:41 +00:00			`const data = cache.get(cacheKey)`
			`if (!data) ctx.throw('get login cache fail')`
			`const stateObj = JSON.parse(data)`
			`const { back_url: backURL } = stateObj`
			`if (!backURL) ctx.throw('cache data missing')`
[feat] Init code 2021-08-31 10:24:42 +00:00
update 2021-09-01 12:46:41 +00:00			`const u = new url.URL(backURL)`
[feat] Init code 2021-08-31 10:24:42 +00:00
			`try {`
update 2021-09-01 12:46:41 +00:00			`const token = await sso.getToken(code, sessionState)`
[feat] Init code 2021-08-31 10:24:42 +00:00
update 2021-09-01 13:15:26 +00:00			`if (!acl.checkAllow(token.groups)) {`
			`const copy = copyObject(resp.Forbidden)`
			`copy.object = codeMessage.CodeAccountNoPermission`
			`throw new APIError('account no permission', copy)`
			`}`

update 2021-09-01 12:46:41 +00:00			`// set accessToken/refreshToken cache`
			`cache.set(token.access_token, token.refresh_token, false)`
[feat] Init code 2021-08-31 10:24:42 +00:00
update 2021-09-01 11:30:21 +00:00			`u.searchParams.append(`
update 2021-09-01 12:46:41 +00:00			`'success',`
			`Buffer.from(JSON.stringify({ token: token.access_token })).toString('base64')`
			`)`
[feat] Init code 2021-08-31 10:24:42 +00:00
			`try {`
update 2021-09-01 12:46:41 +00:00			`cache.del(cacheKey)`
[feat] Init code 2021-08-31 10:24:42 +00:00			`} catch (err) {`
update 2021-09-01 12:46:41 +00:00			debug(`delete cache fail: ${util.inspect(err, false, null)}`)
[feat] Init code 2021-08-31 10:24:42 +00:00			`}`
			`} catch (err) {`
update 2021-09-01 12:46:41 +00:00			debug(`openid verify fail: ${util.inspect(err, false, null)}`)
[feat] Init code 2021-08-31 10:24:42 +00:00
			`/** @type {object} */`
update 2021-09-01 12:46:41 +00:00			`const errObj = { ...codeMessage.CodeInternalError }`
[feat] Init code 2021-08-31 10:24:42 +00:00
			`if (err instanceof APIError) {`
			`// @ts-ignore`
update 2021-09-01 12:46:41 +00:00			`Object.assign(errObj, err.object.object)`
[feat] Init code 2021-08-31 10:24:42 +00:00			`}`

update 2021-09-01 12:46:41 +00:00			`errObj.errorStack = err.stack`
			`errObj.errorMessage = err.message`
update 2021-09-01 11:30:21 +00:00			`u.searchParams.append(`
update 2021-09-01 12:46:41 +00:00			`'error',`
			`Buffer.from(JSON.stringify(errObj)).toString('base64')`
			`)`
[feat] Init code 2021-08-31 10:24:42 +00:00			`}`

update 2021-09-01 12:46:41 +00:00			`ctx.redirect(u.toString())`
			`}`