@quarks/quarks-iam
Version:
A modern authorization server built to authenticate your users and protect your APIs
44 lines (33 loc) • 980 B
JavaScript
/**
* Module dependencies
*/
var client = require('../boot/redis').getClient()
var MissingStateError = require('../errors/MissingStateError')
var ExpiredAuthorizationRequestError = require('../errors/ExpiredAuthorizationRequestError')
/**
* Unstash authorization params
*/
function unstashParams (req, res, next) {
// OAuth 2.0 callbacks should have a state param
// OAuth 1.0 must use the session to store the state value
var id = req.query.state || req.session.state
var key = 'authorization:' + id
if (!id) { // && request is OAuth 2.0
return next(new MissingStateError())
}
client.get(key, function (err, params) {
if (err) { return next(err) }
// This handles expired and mismatching state params
if (!params) { return next(new ExpiredAuthorizationRequestError()) }
try {
req.connectParams = JSON.parse(params)
} catch (err) {
next(err)
}
next()
})
}
/**
* Exports
*/
module.exports = unstashParams