more auth changes + add tokenman page
This commit is contained in:
Enstrayed
@@ -5,7 +5,7 @@ import { randomStringBase62, getHumanReadableUserAgent } from "../liberals/misc.
|
|||||||
|
|
||||||
app.get("/api/auth/whoami", (rreq,rres) => {
|
app.get("/api/auth/whoami", (rreq,rres) => {
|
||||||
if (!rreq.cookies["APIToken"] && !rreq.get("Authorization")) {
|
if (!rreq.cookies["APIToken"] && !rreq.get("Authorization")) {
|
||||||
rres.send({ "loggedIn": false, "username": "", "scopes": "" })
|
rres.status(400).send({ "loggedIn": false, "username": "", "scopes": "" })
|
||||||
} else {
|
} else {
|
||||||
db`select s.scopes, u.username from sessions s join users u on s.owner = u.id where s.token = ${rreq.cookies["APIToken"] ?? rreq.get("Authorization")}`.then(dbRes => {
|
db`select s.scopes, u.username from sessions s join users u on s.owner = u.id where s.token = ${rreq.cookies["APIToken"] ?? rreq.get("Authorization")}`.then(dbRes => {
|
||||||
if (dbRes.length > 0 && dbRes.length < 2) {
|
if (dbRes.length > 0 && dbRes.length < 2) {
|
||||||
@@ -37,6 +37,23 @@ app.get("/api/auth/login", (rreq,rres) => {
|
|||||||
|
|
||||||
})
|
})
|
||||||
|
|
||||||
|
app.get("/api/auth/logout", (rreq,rres) => {
|
||||||
|
if (rreq.cookies["APIToken"] || rreq.get("Authorization")) {
|
||||||
|
db`delete from sessions where token = ${rreq.cookies["APIToken"] ?? rreq.get("Authorization")}`.then(dbRes => {
|
||||||
|
if (dbRes.count > 0) {
|
||||||
|
rres.send("Success")
|
||||||
|
} else {
|
||||||
|
rres.status(400).send("Error: Token does not exist.")
|
||||||
|
}
|
||||||
|
}).catch(dbErr => {
|
||||||
|
logRequest(rres,rreq,500,dbErr)
|
||||||
|
rres.status(500).send("Error: Exception occured while invalidating token, details: "+dbErr)
|
||||||
|
})
|
||||||
|
} else {
|
||||||
|
rres.status(400).send("Error: Missing token or authorization header, you may not be logged in.")
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
app.get("/api/auth/callback", (rreq,rres) => {
|
app.get("/api/auth/callback", (rreq,rres) => {
|
||||||
fetch(globalConfig.oidc.tokenUrl, { // Call token endpoint at IdP using code provdided during callback
|
fetch(globalConfig.oidc.tokenUrl, { // Call token endpoint at IdP using code provdided during callback
|
||||||
method: "POST",
|
method: "POST",
|
||||||
@@ -99,4 +116,12 @@ app.delete("/api/auth/token", (rreq,rres) => {
|
|||||||
rres.send("Non functional endpoint")
|
rres.send("Non functional endpoint")
|
||||||
})
|
})
|
||||||
|
|
||||||
|
app.get("/api/auth/tokenlist", (rreq,rres) => {
|
||||||
|
rres.send("Non functional endpoint")
|
||||||
|
})
|
||||||
|
|
||||||
|
app.get("/api/auth/nuke", (rreq,rres) => {
|
||||||
|
rres.send("Non functional endpoint")
|
||||||
|
})
|
||||||
|
|
||||||
export { app }
|
export { app }
|
||||||
@@ -39,10 +39,6 @@ app.get("/posts/*", (rreq,rres) => {
|
|||||||
|
|
||||||
})
|
})
|
||||||
|
|
||||||
app.get("/urltoolbox", (rreq,rres) => {
|
|
||||||
rres.send("Under construction")
|
|
||||||
})
|
|
||||||
|
|
||||||
function parseFiles() {
|
function parseFiles() {
|
||||||
let files = fs.readdirSync(process.cwd()+"/website/posts")
|
let files = fs.readdirSync(process.cwd()+"/website/posts")
|
||||||
let result = ""
|
let result = ""
|
||||||
|
|||||||
60
website/static/pages/tokenman.html
Normal file
60
website/static/pages/tokenman.html
Normal file
@@ -0,0 +1,60 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
<title>TokenMan</title>
|
||||||
|
<style>
|
||||||
|
body {
|
||||||
|
font-family: "Segoe UI Variable", sans-serif;
|
||||||
|
background-color: #111;
|
||||||
|
color: #fff;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<script>
|
||||||
|
function loginFunction() {
|
||||||
|
let loginWindow = window.open(`http://bottleneck.pizzly-catfish.ts.net:8081/api/auth/login?state=close`,`_blank`)
|
||||||
|
let loginWatcher = setInterval(() => {
|
||||||
|
if (loginWindow.closed) {
|
||||||
|
fetch(`http://bottleneck.pizzly-catfish.ts.net:8081/api/auth/whoami`).then(fetchRes => {
|
||||||
|
fetchRes.json().then(jsonRes => {
|
||||||
|
if (jsonRes.loggedIn) {
|
||||||
|
document.getElementById("loggedInText").innerText = `Logged in as ${jsonRes.username} with scopes ${jsonRes.scopes.join(", ")}`
|
||||||
|
document.getElementById("loginButton").disabled = true
|
||||||
|
document.getElementById("logoutButton").disabled = false
|
||||||
|
|
||||||
|
} else {
|
||||||
|
alert("An error occured during login.")
|
||||||
|
}
|
||||||
|
clearInterval(loginWatcher);
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
|
}
|
||||||
|
}, 500);
|
||||||
|
}
|
||||||
|
|
||||||
|
function logoutFunction() {
|
||||||
|
fetch(`http://bottleneck.pizzly-catfish.ts.net:8081/api/auth/logout`).then(fetchRes => {
|
||||||
|
if (fetchRes.status == 200) {
|
||||||
|
document.getElementById("loggedInText").innerText = `Not Logged In`
|
||||||
|
document.getElementById("loginButton").disabled = false
|
||||||
|
document.getElementById("logoutButton").disabled = true
|
||||||
|
} else {
|
||||||
|
fetchRes.text().then(text => {
|
||||||
|
alert("An error occured during logout: " + text)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>TokenMan</h1>
|
||||||
|
<div>
|
||||||
|
<button onclick="loginFunction()" id="loginButton">Login</button>
|
||||||
|
<button onclick="logoutFunction()" id="logoutButton" disabled="true">Logout</button>
|
||||||
|
<span id="loggedInText">Not Logged In</span>
|
||||||
|
</div>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
Reference in New Issue
Block a user