@kir-dev/passport-authsch/build/authsch.strategy.js

Passport.js Strategy for AuthSCH

"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.Strategy = void 0;
const axios_1 = __importDefault(require("axios"));
const passport_strategy_1 = require("passport-strategy");
const util_js_1 = require("./util.js");
const authSchProvider = process.env.AUTHSCH_PROVIDER || `https://auth.sch.bme.hu`;
class Strategy extends passport_strategy_1.Strategy {
    constructor(params) {
        var _a;
        super();
        this.tokenEndpoint = `${authSchProvider}/oauth2/token`;
        this.profileEndpoint = `${authSchProvider}/oidc/userinfo`;
        this.authEndpoint = `${authSchProvider}/site/login`;
        this.name = 'authsch';
        this.clientId = params.clientId;
        this.clientSecret = params.clientSecret;
        this.scopes = ['openid', ...((_a = params.scopes) !== null && _a !== void 0 ? _a : [])].join('+');
        this.loginEndpointSuffix = params.loginEndpoint || 'login';
        this.callbackEndpointSuffix = params.callbackEndpoint || 'callback';
        this.redirectUri = params.redirectUri;
    }
    // eslint-disable-next-line
    async validate(_userProfile) {
        throw new Error('Not implemented');
    }
    async authenticate(req) {
        if (!this.clientId) {
            return this.error(new Error('No client id provided!'));
        }
        if (!this.clientSecret) {
            return this.error(new Error('No client secret provided!'));
        }
        if (req.path.endsWith(this.loginEndpointSuffix)) {
            return this.login();
        }
        if (req.path.endsWith(this.callbackEndpointSuffix)) {
            return await this.callback(req);
        }
        return this.pass();
    }
    login() {
        return this.redirect(`${this.authEndpoint}?response_type=code&client_id=${this.clientId}&scope=${this.scopes}${this.redirectUri ? `&redirect_uri=${this.redirectUri}` : ''}`);
    }
    async callback(req) {
        var _a;
        const authorizationCode = req.query.code;
        const error = req.query.error;
        if (error) {
            console.error((_a = req.query.error_description) !== null && _a !== void 0 ? _a : error);
            return this.fail(401);
        }
        if (!authorizationCode) {
            console.error('No authorization code received from AuthSch!');
            return this.fail(401);
        }
        const base64 = Buffer.from(`${this.clientId}:${this.clientSecret}`).toString('base64');
        const tokenResponse = await axios_1.default.post(this.tokenEndpoint, `grant_type=authorization_code&code=${authorizationCode}${this.redirectUri ? `&redirect_uri=${this.redirectUri}` : ''}`, {
            headers: {
                'Content-Type': 'application/x-www-form-urlencoded',
                Authorization: `Basic ${base64}`,
            },
        });
        if (!tokenResponse.data) {
            console.error('Fetching access token from AuthSch failed: ', tokenResponse.status);
            return this.fail(401);
        }
        const profileData = (await axios_1.default.get(this.profileEndpoint, {
            headers: { Authorization: `Bearer ${tokenResponse.data.access_token}` },
        })).data;
        if (!profileData) {
            console.error('Fetching user profile from AuthSch failed: ', tokenResponse.status);
            return this.fail(401);
        }
        const validatedUser = await this.validate((0, util_js_1.parseAuthSchProfile)(profileData));
        if (!validatedUser) {
            return this.fail(401);
        }
        this.success(validatedUser);
    }
}
exports.Strategy = Strategy;
//# sourceMappingURL=authsch.strategy.js.map