-
Notifications
You must be signed in to change notification settings - Fork 6
/
auth.js
62 lines (57 loc) · 2.45 KB
/
auth.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
var passport = require('passport')
, BasicStrategy = require('passport-http').BasicStrategy
, ClientPasswordStrategy = require('passport-oauth2-client-password').Strategy
, BearerStrategy = require('passport-http-bearer').Strategy
, db = require('./db').db()
, crypto = require('crypto')
/**
* These strategies are used to authenticate registered OAuth clients.
* The authentication data may be delivered using the basic authentication scheme (recommended)
* or the client strategy, which means that the authentication data is in the body of the request.
*/
passport.use("clientBasic", new BasicStrategy(
function (clientId, clientSecret, done) {
db.collection('clients').findOne({clientId: clientId}, function (err, client) {
if (err) return done(err)
if (!client) return done(null, false)
if (!client.trustedClient) return done(null, false)
if (client.clientSecret == clientSecret) return done(null, client)
else return done(null, false)
});
}
));
passport.use("clientPassword", new ClientPasswordStrategy(
function (clientId, clientSecret, done) {
db.collection('clients').findOne({clientId: clientId}, function (err, client) {
if (err) return done(err)
if (!client) return done(null, false)
if (!client.trustedClient) return done(null, false)
if (client.clientSecret == clientSecret) return done(null, client)
else return done(null, false)
});
}
));
/**
* This strategy is used to authenticate users based on an access token (aka a
* bearer token).
*/
passport.use("accessToken", new BearerStrategy(
function (accessToken, done) {
var accessTokenHash = crypto.createHash('sha1').update(accessToken).digest('hex')
db.collection('accessTokens').findOne({token: accessTokenHash}, function (err, token) {
if (err) return done(err)
if (!token) return done(null, false)
if (new Date() > token.expirationDate) {
done(null, false)
} else {
db.collection('users').findOne({username: token.userId}, function (err, user) {
if (err) return done(err)
if (!user) return done(null, false)
// no use of scopes for no
var info = { scope: '*' }
done(null, user, info);
})
}
})
}
))