UNPKG

@paroicms/server

Version:

The ParoiCMS server

gitlab.com/paroi/opensource/paroicms

99 lines (95 loc) 3.71 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
import { makeUrl } from "@paroicms/internal-server-lib"; import { ApiError, escapeHtml } from "@paroicms/public-server-lib"; import { generatePlatformToken, googleAuthGuard } from "../admin-backend/auth/auth.helper.js"; import { appConf, platformAuthUrl, registeredSites } from "../context.js"; import { getRouteParameter } from "../express/http-helpers.js"; export async function authController(req, res) { if (!appConf.googleAuth || appConf.googleAuth.disabled || !platformAuthUrl) { throw new Error("Google auth is disabled"); } if (req.hostname !== appConf.googleAuth.fqdn) { throw new ApiError(`Invalid hostname: ${req.hostname}`, 404); } res.send(generateAuthPageHtml(platformAuthUrl)); } export async function googleLoginController(req, res) { await googleAuthGuard(req, res); } export async function googleLoginCallbackController(req, res) { const user = await googleAuthGuard(req, res); if (!appConf.googleAuth || appConf.googleAuth.disabled || !platformAuthUrl) { throw new Error("Google auth is disabled"); } const platformToken = generatePlatformToken(user); res.send(generateGoogleRedirectPageHtml({ platformToken, platformAuthUrl })); } export async function siteUrlController(req, _res) { const redirectTo = getRouteParameter(req.params, "redirectTo"); if (!redirectTo) throw new ApiError("Missing redirectTo", 404); if (!appConf.googleAuth || appConf.googleAuth.disabled || !platformAuthUrl) { throw new Error("Google auth is disabled"); } const regSite = registeredSites.get(redirectTo); if (!regSite) throw new ApiError("Site not found", 404); return makeUrl({ protocol: appConf.publicProtocol, port: appConf.adminUiPort, fqdn: regSite.fqdn, }); } function generateGoogleRedirectPageHtml({ platformToken, platformAuthUrl, }) { return `<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Successful authentication</title> </head> <body> <p>Authentication successful, redirect now to the website.</p> <script> async function redirectToBo () { const redirectTo = sessionStorage.getItem("redirectTo"); const redirectUrl = await getRedirectUrl(redirectTo); window.location.replace(redirectUrl + "/adm/login/?pltok=${escapeHtml(platformToken)}"); } async function getRedirectUrl (redirectTo) { const res = await fetch("${escapeHtml(platformAuthUrl)}/site-url/" + redirectTo); if (!res.ok) { throw new Error(\`redirect url, \${res.status} \${res.statusText}\`) } return await res.text(); } redirectToBo().catch(error => { const node = document.createElement("p"); node.textContent = \`You have been successfully authenticated, but we cannot redirect you to the website: \${error.message}\`; node.style = "color: red;"; document.body.appendChild(node); console.error(error); }); </script> </body> </html>`; } function generateAuthPageHtml(platformAuthUrl) { return `<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Authentication</title> </head> <body> <p>Initiating authentification on Google…</p> <script> const urlParams = new URLSearchParams(window.location.search); const redirectTo = urlParams.get("redirectTo"); sessionStorage.setItem("redirectTo", redirectTo); window.location.replace("${escapeHtml(platformAuthUrl)}/google"); </script> </body> </html>`; } //# sourceMappingURL=oauth2-client.controller.js.map