This commit is contained in:
Jay
2021-09-01 19:30:21 +08:00
parent 9174b540fd
commit c0faaf1599
17 changed files with 145 additions and 476 deletions
+44 -27
View File
@@ -1,9 +1,9 @@
const joi = require('joi');
const url = require('url');
const querystring = require('querystring');
const got = require('got');
const config = require('src/config/index.js');
const { jwt } = require('src/utils/pkgs.js');
const joi = require("joi");
const url = require("url");
const querystring = require("querystring");
const got = require("got");
const config = require("src/config/index.js");
const { jwt } = require("src/utils/pkgs.js");
const mod = {};
module.exports = mod;
@@ -11,14 +11,14 @@ module.exports = mod;
/**
* @return {string}
*/
mod.getAuthURL = state => {
mod.getAuthURL = (state) => {
const input = joi
.object({
authorized_endpoint: joi.string().required(),
token_endpoint: joi.string().required(),
client_id: joi.string().required(),
client_secret: joi.string().required(),
state: joi.string().allow('', null).default(''),
state: joi.string().allow("", null).default(""),
})
.unknown()
.validate({ ...config.sso, state });
@@ -29,12 +29,12 @@ mod.getAuthURL = state => {
*/
const { value } = input;
const redirectUri = new url.URL('/oauth/redirect', config.server.url);
const redirectUri = new url.URL("/oauth/redirect", config.server.url);
const qs = {
client_id: value.client_id,
scope: 'openid',
response_type: 'code',
scope: "offline_access",
response_type: "code",
redirect_uri: redirectUri.toString(),
};
if (value.state) qs.state = state;
@@ -53,13 +53,20 @@ mod.getLogoutURL = () => {
.unknown()
.validate({ ...config.sso });
if (input.error) throw new Error(input.error.message);
const redirectUri = new url.URL('/oauth/redirect', config.server.url);
const redirectUri = new url.URL("/oauth/redirect", config.server.url);
const qs = { state: 'logout', redirect_uri: redirectUri.toString() };
const qs = { state: "logout", redirect_uri: redirectUri.toString() };
return `${input.value.logout_endpoint}?${querystring.stringify(qs)}`;
};
mod.getUserInfo = async (token) => {
const input = joi
.object()
.unknown()
.validateAsync({ ...config.sso, token });
};
/**
* @typedef SSOAccount
* @property {string} access_token
@@ -90,7 +97,7 @@ mod.getToken = async (code, state) => {
*/
const { value } = input;
const redirectUri = new url.URL('/oauth/redirect', config.server.url);
const redirectUri = new url.URL("/oauth/redirect", config.server.url);
const qs = {
client_id: value.client_id,
@@ -98,32 +105,42 @@ mod.getToken = async (code, state) => {
redirect_uri: redirectUri.toString(),
code: value.code,
client_session_state: value.state,
grant_type: 'authorization_code',
grant_type: "authorization_code",
};
const resp = await got.default.post(value.token_endpoint, {
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
"Content-Type": "application/x-www-form-urlencoded",
},
body: querystring.stringify(qs),
responseType: 'json',
responseType: "json",
});
const { body } = resp;
if (!body) throw new Error('resopnse body empty');
if (!body) throw new Error("resopnse body empty");
const { id_token: idToken, access_token: accessToken, refresh_token: refreshToken } = body;
if (!idToken) throw new Error('get id token fail');
const {
id_token: idToken,
access_token: accessToken,
refresh_token: refreshToken,
} = body;
// if (!idToken) throw new Error("get id token fail");
const decoded = jwt.decode(idToken);
if (!decoded || typeof decoded !== 'object') throw new Error('jwt decode fail');
console.log('decoded ::: ', decoded)
console.log('body ::: ', body)
// const decoded = jwt.decode(idToken);
// if (!decoded || typeof decoded !== "object")
// throw new Error("jwt decode fail");
// console.log("decoded ::: ", decoded);
const decoded = jwt.decode(accessToken);
// decode access token
console.log("token ::: ", jwt.decode(accessToken));
console.log("body ::: ", body);
// @ts-ignore
const { preferred_username: preferredUsername } = decoded;
if (!preferredUsername) throw new Error('id token field missing');
if (!preferredUsername) throw new Error("id token field missing");
const displayName = `${decoded.family_name ?? ''}${decoded.given_name ?? ''}`;
const displayName = `${decoded.family_name ?? ""}${decoded.given_name ?? ""}`;
/** @type {SSOAccount} */
const ssoAccount = {
@@ -132,7 +149,7 @@ mod.getToken = async (code, state) => {
user_id: decoded.sub,
username: preferredUsername.toLowerCase(),
display_name: displayName ?? preferredUsername,
email: decoded.email ?? '',
email: decoded.email ?? "",
};
return ssoAccount;