UNPKG

@uppy/companion

Version:

OAuth helper and remote fetcher for Uppy's (https://uppy.io) extensible file upload widget with support for drag&drop, resumable uploads, previews, restrictions, file processing/encoding, remote providers like Dropbox and Google Drive, S3 and more :dog:

github.com/transloadit/uppy

transloadit/uppy

88 lines (77 loc) 2.36 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
/** * oAuth callback. Encrypts the access token and sends the new token with the response, */ import serialize from 'serialize-javascript' import * as tokenService from '../helpers/jwt.js' import * as oAuthState from '../helpers/oauth-state.js' import logger from '../logger.js' const closePageHtml = (origin) => ` <!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <script> // if window.opener is nullish, we want the following line to throw to avoid // the window closing without informing the user. window.opener.postMessage(${serialize({ error: true })}, ${serialize(origin)}) window.close() </script> </head> <body>Authentication failed.</body> </html>` /** * * @param {object} req * @param {object} res * @param {Function} next */ export default function callback(req, res, next) { const { providerName } = req.params const grant = req.session.grant || {} const grantDynamic = oAuthState.getGrantDynamicFromRequest(req) const origin = grantDynamic.state && oAuthState.getFromState( grantDynamic.state, 'origin', req.companion.options.secret, ) if (!grant.response?.access_token) { logger.debug( `Did not receive access token for provider ${providerName}`, null, req.id, ) logger.debug(grant.response, 'callback.oauth.resp', req.id) return res.status(400).send(closePageHtml(origin)) } const { access_token: accessToken, refresh_token: refreshToken } = grant.response req.companion.providerUserSession = { accessToken, refreshToken, // might be undefined for some providers ...req.companion.providerClass.grantDynamicToUserSession({ grantDynamic }), } logger.debug( `Generating auth token for provider ${providerName}. refreshToken: ${refreshToken ? 'yes' : 'no'}`, null, req.id, ) const uppyAuthToken = tokenService.generateEncryptedAuthToken( { [providerName]: req.companion.providerUserSession }, req.companion.options.secret, req.companion.providerClass.authStateExpiry, ) tokenService.addToCookiesIfNeeded( req, res, uppyAuthToken, req.companion.providerClass.authStateExpiry, ) return res.redirect( req.companion.buildURL( `/${providerName}/send-token?uppyAuthToken=${uppyAuthToken}`, true, ), ) }