UNPKG

@indiekit/endpoint-auth

Version:

IndieAuth authentication and authorization endpoint for Indiekit. Grants and verifies access tokens and authenticates users.

getindiekit.com

getindiekit/indiekit

82 lines (65 loc) 2.79 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
import express from "express"; import { authorizationController } from "./lib/controllers/authorization.js"; import { consentController } from "./lib/controllers/consent.js"; import { documentationController } from "./lib/controllers/documentation.js"; import { introspectionController } from "./lib/controllers/introspection.js"; import { metadataController } from "./lib/controllers/metadata.js"; import { passwordController } from "./lib/controllers/password.js"; import { tokenController } from "./lib/controllers/token.js"; import { codeValidator } from "./lib/middleware/code.js"; import { hasSecret } from "./lib/middleware/secret.js"; import { consentValidator, passwordValidator, } from "./lib/middleware/validation.js"; const defaults = { mountPath: "/auth", }; const router = express.Router({ caseSensitive: true, mergeParams: true }); export default class AuthorizationEndpoint { constructor(options = {}) { this.name = "IndieAuth endpoint"; this.options = { ...defaults, ...options }; this.mountPath = this.options.mountPath; } get routesPublic() { router.use(hasSecret); // Authorization router.get("/", authorizationController.get, documentationController); router.post("/", codeValidator, authorizationController.post); router.get("/consent", consentController.get); router.post("/consent", consentValidator, consentController.post); router.get("/new-password", passwordController.get); router.post("/new-password", passwordValidator, passwordController.post); // Authentication router.get("/token", introspectionController.post); router.post("/token", codeValidator, tokenController.post); // Verification router.post("/introspect", introspectionController.post); // Metadata router.get("/metadata", metadataController); return router; } get routesWellKnown() { router.get("/change-password", (request, response) => response.redirect(`${this.mountPath}/new-password`), ); router.get("/oauth-authorization-server", metadataController); return router; } init(Indiekit) { Indiekit.addEndpoint(this); // Only mount if authorization endpoint not already configured if (!Indiekit.config.application.authorizationEndpoint) { Indiekit.config.application.authorizationEndpoint = this.mountPath; } // Only mount if introspection endpoint not already configured if (!Indiekit.config.application.introspectionEndpoint) { Indiekit.config.application.introspectionEndpoint = `${this.mountPath}/introspect`; } // Only mount if token endpoint not already configured if (!Indiekit.config.application.tokenEndpoint) { Indiekit.config.application.tokenEndpoint = `${this.mountPath}/token`; } } }