@kir-dev/passport-authsch/build/authsch.strategy.js

Passport.js Strategy for AuthSCH

"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    var desc = Object.getOwnPropertyDescriptor(m, k);
    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
      desc = { enumerable: true, get: function() { return m[k]; } };
    }
    Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
    Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
    o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
    var ownKeys = function(o) {
        ownKeys = Object.getOwnPropertyNames || function (o) {
            var ar = [];
            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
            return ar;
        };
        return ownKeys(o);
    };
    return function (mod) {
        if (mod && mod.__esModule) return mod;
        var result = {};
        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
        __setModuleDefault(result, mod);
        return result;
    };
})();
Object.defineProperty(exports, "__esModule", { value: true });
exports.Strategy = void 0;
const axios_1 = __importStar(require("axios"));
const passport_strategy_1 = require("passport-strategy");
const util_js_1 = require("./util.js");
const authSchProvider = process.env.AUTHSCH_PROVIDER || `https://auth.sch.bme.hu`;
class Strategy extends passport_strategy_1.Strategy {
    constructor(params) {
        var _a;
        super();
        this.tokenEndpoint = `${authSchProvider}/oauth2/token`;
        this.profileEndpoint = `${authSchProvider}/oidc/userinfo`;
        this.authEndpoint = `${authSchProvider}/site/login`;
        this.name = 'authsch';
        this.clientId = params.clientId;
        this.clientSecret = params.clientSecret;
        this.scopes = ['openid', ...((_a = params.scopes) !== null && _a !== void 0 ? _a : [])].join('+');
        this.loginEndpointSuffix = params.loginEndpoint || 'login';
        this.callbackEndpointSuffix = params.callbackEndpoint || 'callback';
        this.redirectUri = params.redirectUri;
    }
    // eslint-disable-next-line
    async validate(_userProfile) {
        throw new Error('Not implemented');
    }
    async authenticate(req) {
        if (!this.clientId) {
            return this.error(new Error('No client id provided!'));
        }
        if (!this.clientSecret) {
            return this.error(new Error('No client secret provided!'));
        }
        if (req.path.endsWith(this.loginEndpointSuffix)) {
            return this.login();
        }
        if (req.path.endsWith(this.callbackEndpointSuffix)) {
            return await this.callback(req);
        }
        return this.pass();
    }
    login() {
        return this.redirect(`${this.authEndpoint}?response_type=code&client_id=${this.clientId}&scope=${this.scopes}${this.redirectUri ? `&redirect_uri=${this.redirectUri}` : ''}`);
    }
    async callback(req) {
        var _a;
        let debugTokenReceived = false;
        try {
            const authorizationCode = req.query.code;
            const error = req.query.error;
            if (error) {
                console.error((_a = req.query.error_description) !== null && _a !== void 0 ? _a : error);
                return this.fail(401);
            }
            if (!authorizationCode) {
                console.error('No authorization code received from AuthSch!');
                return this.fail(401);
            }
            const base64 = Buffer.from(`${this.clientId}:${this.clientSecret}`).toString('base64');
            const tokenResponse = await axios_1.default.post(this.tokenEndpoint, `grant_type=authorization_code&code=${authorizationCode}${this.redirectUri ? `&redirect_uri=${this.redirectUri}` : ''}`, {
                headers: {
                    'Content-Type': 'application/x-www-form-urlencoded',
                    Authorization: `Basic ${base64}`,
                },
            });
            if (!tokenResponse.data) {
                console.error('Fetching access token from AuthSch failed: ', tokenResponse.status);
                return this.fail(401);
            }
            debugTokenReceived = true;
            const profileData = (await axios_1.default.get(this.profileEndpoint, {
                headers: { Authorization: `Bearer ${tokenResponse.data.access_token}` },
            })).data;
            if (!profileData) {
                console.error('Fetching user profile from AuthSch failed: ', tokenResponse.status);
                return this.fail(401);
            }
            const validatedUser = await this.validate((0, util_js_1.parseAuthSchProfile)(profileData));
            if (!validatedUser) {
                return this.fail(401);
            }
            this.success(validatedUser);
        }
        catch (e) {
            if (e instanceof axios_1.AxiosError) {
                console.error('Token received: ', debugTokenReceived);
                console.error(e.status, e.message, e.cause);
                console.error(e);
                console.error(req.url, req.params, req.query);
            }
            else {
                console.error(e);
            }
            this.fail(401);
        }
    }
}
exports.Strategy = Strategy;
//# sourceMappingURL=authsch.strategy.js.map