enstrayed/enstrayedapi
1
0
Fork 0
Code Issues Pull Requests Projects Wiki Activity

groundwork for writing new tokens to db

Browse Source
This commit is contained in:
Enstrayed
2025-04-20 20:15:02 -07:00
parent d07d75c994
commit c868c9bc09
2 changed files with 51 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
liberals/misc.js
View File

@@ -20,4 +20,36 @@ function randomStringBase62(length) {
return returnstring return returnstring
} }
export { randomStringBase16, randomStringBase62 } function getHumanReadableUserAgent(useragent) {
let formattedua = useragent.replace(/[\/()]/g," ").split(" ")
let os = ""
let browser = ""
if (formattedua.includes("Windows")) {
os += "Windows"
} else if (formattedua.includes("Macintosh")) {
os += "macOS"
} else if (formattedua.includes("iPhone")) {
os += "iOS"
} else if (formattedua.includes("Android")) {
os += "Android"
} else if (formattedua.includes("Linux")) {
os += "Linux"
} else {
os += "Other"
}
if (formattedua.includes("Firefox")) {
browser += "Firefox"
} else if (formattedua.includes("Chrome")) {
browser += "Chrome"
} else if (formattedua.includes("Safari")) {
browser += "Safari"
} else {
browser += "Other"
}
return `${os} ${browser}`
}
export { randomStringBase16, randomStringBase62, getHumanReadableUserAgent }

27
routes/auth.js
View File

@@ -1,6 +1,7 @@
import { app, db, globalConfig } from "../index.js" // Get globals from index import { app, db, globalConfig } from "../index.js" // Get globals from index
import { checkTokenNew } from "../liberals/auth.js" import { checkTokenNew } from "../liberals/auth.js"
import { logRequest } from "../liberals/logging.js" import { logRequest } from "../liberals/logging.js"
import { randomStringBase62, getHumanReadableUserAgent } from "../liberals/misc.js"
app.get("/api/auth/whoami", (rreq,rres) => { app.get("/api/auth/whoami", (rreq,rres) => {
rres.send("Non functional endpoint") rres.send("Non functional endpoint")
@@ -18,30 +19,38 @@ app.get("/api/auth/callback", (rreq,rres) => {
}).then(fetchRes1 => { }).then(fetchRes1 => {
fetchRes1.json().then(fetchRes1 => { // Convert response to JSON then continue fetchRes1.json().then(fetchRes1 => { // Convert response to JSON then continue
if (fetchRes1.error) { // Fetch to token endpoint succeded but resulted in error, usually because the provided code is invalid if (fetchRes1.error) { // Fetch to token endpoint succeded but resulted in error, usually because the provided code is invalid
logRequest(rres,rreq,500,`Callback-Token-${fetchRes1.error}`) localError500(`Callback-Token-${fetchRes1.error}`)
rres.status(500).send(`An error occured during login, a token was not created.<br><br><code>500 Callback-Token-${fetchRes1.error}</code>`)
} else { // Assumed success } else { // Assumed success
fetch(globalConfig.oidc.userinfoUrl, { // Call userinfo endpoint at IdP using token provided during previous step fetch(globalConfig.oidc.userinfoUrl, { // Call userinfo endpoint at IdP using token provided during previous step
headers: { "Authorization": `Bearer ${fetchRes1.access_token}`} headers: { "Authorization": `Bearer ${fetchRes1.access_token}`}
}).then(fetchRes2 => { }).then(fetchRes2 => {
if (fetchRes2.ok === false) { // Fetch to userinfo endpoint succeded but resulted in error (usually 401) if (fetchRes2.ok === false) { // Fetch to userinfo endpoint succeded but resulted in error (usually 401)
logRequest(rres,rreq,500,`Callback-Userinfo-${fetchRes2.status}`) localError500(`Callback-Userinfo-${fetchRes2.status}`)
rres.status(500).send(`An error occured during login, a token was not created.<br><br><code>500 Callback-Userinfo-${fetchRes2.status}</code>`)
} else { } else {
fetchRes2.json().then(fetchRes2 => { fetchRes2.json().then(fetchRes2 => {
rres.send(fetchRes2) let newToken = randomStringBase62(64)
let newExpiration = Date.now() + 86400
let newComment = `Login token for ${getHumanReadableUserAgent(rreq.get("User-Agent"))} on ${rreq.get("cf-connecting-ip") ?? rreq.ip}`
db`select * from users where oidc_username = ${fetchRes2.username};`.then(dbRes1 => {
db`insert into sessions (token,owner,scopes,expires,comment) values (${newToken},${dbRes1[0]?.id},${fetchRes2.enstrayedapi_scopes},${newExpiration},${newComment})`.then(dbRes2 => {
rres.send(dbRes2)
})
})
}) })
} }
}).catch(fetchErr2 => { // Fetch to userinfo endpoint failed for some other reason }).catch(fetchErr2 => { // Fetch to userinfo endpoint failed for some other reason
logRequest(rres,rreq,500,`Callback-Fetch2-${fetchErr2}`) localError500(`Callback-Fetch2-${fetchErr2}`)
rres.status(500).send(`An error occured during login, a token was not created.<br><br><code>500 Callback-Fetch2-${fetchErr2}</code>`)
}) })
} }
}) })
}).catch(fetchErr1 => { // Fetch to token endpoint failed for some other reason }).catch(fetchErr1 => { // Fetch to token endpoint failed for some other reason
logRequest(rres,rreq,500,`Callback-Fetch1-${fetchErr1}`) localError500(`Callback-Fetch-${fetchErr1}`)
rres.status(500).send(`An error occured during login, a token was not created.<br><br><code>500 Callback-Fetch1-${fetchErr1}</code>`)
}) })
function localError500(code) {
logRequest(rres,rreq,500,code)
rres.status(500).send(`An error occured during login, a token was not created.<br><br><code>500 ${code}</code>`)
}
}) })
app.post("/api/auth/token", (rreq,rres) => { app.post("/api/auth/token", (rreq,rres) => {