1 | ;
|
2 |
|
3 | // Plugin for an authorization server. Implements REST endpoints to retrieve
|
4 | // access token endpoint details and to get an OAuth bearer access token with
|
5 | // expected scopes.
|
6 |
|
7 | var _ = require('underscore');
|
8 | var router = require('abacus-router');
|
9 | var webapp = require('abacus-webapp');
|
10 | var jwt = require('jsonwebtoken');
|
11 |
|
12 | var extend = _.extend;
|
13 |
|
14 | // Setup the debug log
|
15 | var debug = require('abacus-debug')('abacus-authserver-plugin');
|
16 |
|
17 | // Create an express router
|
18 | var routes = router();
|
19 |
|
20 | // Secure the routes or not
|
21 | var secured = function secured(req) {
|
22 | return process.env.SECURED === 'true' && req.headers['x-forwarded-proto'] === 'https';
|
23 | };
|
24 |
|
25 | // Retrieve token point information
|
26 | routes.get('/v2/info', regeneratorRuntime.mark(function _callee(req) {
|
27 | return regeneratorRuntime.wrap(function _callee$(_context) {
|
28 | while (1) {
|
29 | switch (_context.prev = _context.next) {
|
30 | case 0:
|
31 | return _context.abrupt('return', {
|
32 | body: {
|
33 | token_endpoint: [secured(req) ? 'https://' : 'http://', req.headers.host].join('')
|
34 | }
|
35 | });
|
36 |
|
37 | case 1:
|
38 | case 'end':
|
39 | return _context.stop();
|
40 | }
|
41 | }
|
42 | }, _callee, this);
|
43 | }));
|
44 |
|
45 | // Retrieve OAuth bearer access token
|
46 | routes.get('/oauth/token', regeneratorRuntime.mark(function _callee2(req) {
|
47 | var token, signed;
|
48 | return regeneratorRuntime.wrap(function _callee2$(_context2) {
|
49 | while (1) {
|
50 | switch (_context2.prev = _context2.next) {
|
51 | case 0:
|
52 | debug('Get OAuth bearer access token');
|
53 |
|
54 | // Default OAuth bearer access token
|
55 | token = {
|
56 | jti: 'fa1b29fe-76a9-4c2d-903e-dddd0563a9e3',
|
57 | sub: 'test-token',
|
58 | client_id: 'test-token',
|
59 | cid: 'test-token',
|
60 | azp: 'test-token',
|
61 | grant_type: 'client_credentials',
|
62 | iss: req.url,
|
63 | zid: 'authserver-plugin',
|
64 | aud: ['abacus', 'account', 'provisioning']
|
65 | };
|
66 |
|
67 | // Sign OAuth bearer access token with expected scopes
|
68 |
|
69 | signed = jwt.sign(extend(token, {
|
70 | authorities: req.query.scope.split(' '),
|
71 | scope: req.query.scope.split(' ')
|
72 | }), process.env.JWTKEY || 'encode', {
|
73 | algorithm: process.env.JWTALGO,
|
74 | expiresIn: 43200
|
75 | });
|
76 | return _context2.abrupt('return', {
|
77 | body: {
|
78 | access_token: signed,
|
79 | token_type: 'bearer',
|
80 | scope: req.query.scope,
|
81 | expires_in: 43200
|
82 | }
|
83 | });
|
84 |
|
85 | case 4:
|
86 | case 'end':
|
87 | return _context2.stop();
|
88 | }
|
89 | }
|
90 | }, _callee2, this);
|
91 | }));
|
92 |
|
93 | // Create an authorization server plugin application
|
94 | var authserver = function authserver() {
|
95 | var app = webapp();
|
96 | app.use(routes);
|
97 | return app;
|
98 | };
|
99 |
|
100 | // Command line interface, create the app and listen
|
101 | var runCLI = function runCLI() {
|
102 | return authserver().listen();
|
103 | };
|
104 |
|
105 | // Export our public functions
|
106 | module.exports = authserver;
|
107 | module.exports.runCLI = runCLI;
|
108 | //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIi4uL3NyYy9pbmRleC5qcyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7Ozs7O0FBTUEsSUFBTSxJQUFJLFFBQVEsWUFBUixDQUFKO0FBQ04sSUFBTSxTQUFTLFFBQVEsZUFBUixDQUFUO0FBQ04sSUFBTSxTQUFTLFFBQVEsZUFBUixDQUFUO0FBQ04sSUFBTSxNQUFNLFFBQVEsY0FBUixDQUFOOztBQUVOLElBQU0sU0FBUyxFQUFFLE1BQUY7OztBQUdmLElBQU0sUUFBUSxRQUFRLGNBQVIsRUFBd0IsMEJBQXhCLENBQVI7OztBQUdOLElBQU0sU0FBUyxRQUFUOzs7QUFHTixJQUFNLFVBQVUsU0FBVixPQUFVLENBQUMsR0FBRDtTQUFTLFFBQVEsR0FBUixDQUFZLE9BQVosS0FBd0IsTUFBeEIsSUFDdkIsSUFBSSxPQUFKLENBQVksbUJBQVosTUFBcUMsT0FBckM7Q0FEYzs7O0FBSWhCLE9BQU8sR0FBUCxDQUFXLFVBQVgsMEJBQXVCLGlCQUFXLEdBQVg7Ozs7OzJDQUVkO0FBQ0wsa0JBQU07QUFDSiw4QkFBZ0IsQ0FDZCxRQUFRLEdBQVIsSUFBZSxVQUFmLEdBQTRCLFNBQTVCLEVBQ0EsSUFBSSxPQUFKLENBQVksSUFBWixDQUZjLENBR2QsSUFIYyxDQUdULEVBSFMsQ0FBaEI7YUFERjs7Ozs7Ozs7O0NBSG1CLENBQXZCOzs7QUFhQSxPQUFPLEdBQVAsQ0FBVyxjQUFYLDBCQUEyQixrQkFBVyxHQUFYO01BSW5CLE9BaUJBOzs7OztBQXBCTixnQkFBTSwrQkFBTjs7O0FBR00sa0JBQVE7QUFDWixpQkFBSyxzQ0FBTDtBQUNBLGlCQUFLLFlBQUw7QUFDQSx1QkFBVyxZQUFYO0FBQ0EsaUJBQUssWUFBTDtBQUNBLGlCQUFLLFlBQUw7QUFDQSx3QkFBWSxvQkFBWjtBQUNBLGlCQUFLLElBQUksR0FBSjtBQUNMLGlCQUFLLG1CQUFMO0FBQ0EsaUJBQUssQ0FDSCxRQURHLEVBRUgsU0FGRyxFQUdILGNBSEcsQ0FBTDs7Ozs7QUFRSSxtQkFBUyxJQUFJLElBQUosQ0FBUyxPQUFPLEtBQVAsRUFBYztBQUNwQyx5QkFBYSxJQUFJLEtBQUosQ0FBVSxLQUFWLENBQWdCLEtBQWhCLENBQXNCLEdBQXRCLENBQWI7QUFDQSxtQkFBTyxJQUFJLEtBQUosQ0FBVSxLQUFWLENBQWdCLEtBQWhCLENBQXNCLEdBQXRCLENBQVA7V0FGc0IsQ0FBVCxFQUdYLFFBQVEsR0FBUixDQUFZLE1BQVosSUFBc0IsUUFBdEIsRUFBZ0M7QUFDbEMsdUJBQVcsUUFBUSxHQUFSLENBQVksT0FBWjtBQUNYLHVCQUFXLEtBQVg7V0FMYTs0Q0FRUjtBQUNMLGtCQUFNO0FBQ0osNEJBQWMsTUFBZDtBQUNBLDBCQUFZLFFBQVo7QUFDQSxxQkFBTyxJQUFJLEtBQUosQ0FBVSxLQUFWO0FBQ1AsMEJBQVksS0FBWjthQUpGOzs7Ozs7Ozs7Q0E5QnVCLENBQTNCOzs7QUF3Q0EsSUFBTSxhQUFhLFNBQWIsVUFBYSxHQUFNO0FBQ3ZCLE1BQU0sTUFBTSxRQUFOLENBRGlCO0FBRXZCLE1BQUksR0FBSixDQUFRLE1BQVIsRUFGdUI7QUFHdkIsU0FBTyxHQUFQLENBSHVCO0NBQU47OztBQU9uQixJQUFNLFNBQVMsU0FBVCxNQUFTO1NBQU0sYUFBYSxNQUFiO0NBQU47OztBQUdmLE9BQU8sT0FBUCxHQUFpQixVQUFqQjtBQUNBLE9BQU8sT0FBUCxDQUFlLE1BQWYsR0FBd0IsTUFBeEIiLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VzQ29udGVudCI6WyIndXNlIHN0cmljdCc7XG5cbi8vIFBsdWdpbiBmb3IgYW4gYXV0aG9yaXphdGlvbiBzZXJ2ZXIuIEltcGxlbWVudHMgUkVTVCBlbmRwb2ludHMgdG8gcmV0cmlldmVcbi8vIGFjY2VzcyB0b2tlbiBlbmRwb2ludCBkZXRhaWxzIGFuZCB0byBnZXQgYW4gT0F1dGggYmVhcmVyIGFjY2VzcyB0b2tlbiB3aXRoXG4vLyBleHBlY3RlZCBzY29wZXMuXG5cbmNvbnN0IF8gPSByZXF1aXJlKCd1bmRlcnNjb3JlJyk7XG5jb25zdCByb3V0ZXIgPSByZXF1aXJlKCdhYmFjdXMtcm91dGVyJyk7XG5jb25zdCB3ZWJhcHAgPSByZXF1aXJlKCdhYmFjdXMtd2ViYXBwJyk7XG5jb25zdCBqd3QgPSByZXF1aXJlKCdqc29ud2VidG9rZW4nKTtcblxuY29uc3QgZXh0ZW5kID0gXy5leHRlbmQ7XG5cbi8vIFNldHVwIHRoZSBkZWJ1ZyBsb2dcbmNvbnN0IGRlYnVnID0gcmVxdWlyZSgnYWJhY3VzLWRlYnVnJykoJ2FiYWN1cy1hdXRoc2VydmVyLXBsdWdpbicpO1xuXG4vLyBDcmVhdGUgYW4gZXhwcmVzcyByb3V0ZXJcbmNvbnN0IHJvdXRlcyA9IHJvdXRlcigpO1xuXG4vLyBTZWN1cmUgdGhlIHJvdXRlcyBvciBub3RcbmNvbnN0IHNlY3VyZWQgPSAocmVxKSA9PiBwcm9jZXNzLmVudi5TRUNVUkVEID09PSAndHJ1ZScgJiZcbiAgcmVxLmhlYWRlcnNbJ3gtZm9yd2FyZGVkLXByb3RvJ10gPT09ICdodHRwcyc7XG5cbi8vIFJldHJpZXZlIHRva2VuIHBvaW50IGluZm9ybWF0aW9uXG5yb3V0ZXMuZ2V0KCcvdjIvaW5mbycsIGZ1bmN0aW9uICoocmVxKSB7XG4gIC8vIHJldHVybiB0b2tlbiBlbmRwb2ludCBVUkwgdG8gZ2V0IGEgT0F1dGggYmVhcmVyIGFjY2VzcyB0b2tlblxuICByZXR1cm4ge1xuICAgIGJvZHk6IHtcbiAgICAgIHRva2VuX2VuZHBvaW50OiBbXG4gICAgICAgIHNlY3VyZWQocmVxKSA/ICdodHRwczovLycgOiAnaHR0cDovLycsXG4gICAgICAgIHJlcS5oZWFkZXJzLmhvc3RcbiAgICAgIF0uam9pbignJylcbiAgICB9XG4gIH07XG59KTtcblxuLy8gUmV0cmlldmUgT0F1dGggYmVhcmVyIGFjY2VzcyB0b2tlblxucm91dGVzLmdldCgnL29hdXRoL3Rva2VuJywgZnVuY3Rpb24gKihyZXEpIHtcbiAgZGVidWcoJ0dldCBPQXV0aCBiZWFyZXIgYWNjZXNzIHRva2VuJyk7XG5cbiAgLy8gRGVmYXVsdCBPQXV0aCBiZWFyZXIgYWNjZXNzIHRva2VuXG4gIGNvbnN0IHRva2VuID0ge1xuICAgIGp0aTogJ2ZhMWIyOWZlLTc2YTktNGMyZC05MDNlLWRkZGQwNTYzYTllMycsXG4gICAgc3ViOiAndGVzdC10b2tlbicsXG4gICAgY2xpZW50X2lkOiAndGVzdC10b2tlbicsXG4gICAgY2lkOiAndGVzdC10b2tlbicsXG4gICAgYXpwOiAndGVzdC10b2tlbicsXG4gICAgZ3JhbnRfdHlwZTogJ2NsaWVudF9jcmVkZW50aWFscycsXG4gICAgaXNzOiByZXEudXJsLFxuICAgIHppZDogJ2F1dGhzZXJ2ZXItcGx1Z2luJyxcbiAgICBhdWQ6IFtcbiAgICAgICdhYmFjdXMnLFxuICAgICAgJ2FjY291bnQnLFxuICAgICAgJ3Byb3Zpc2lvbmluZydcbiAgICBdXG4gIH07XG5cbiAgLy8gU2lnbiBPQXV0aCBiZWFyZXIgYWNjZXNzIHRva2VuIHdpdGggZXhwZWN0ZWQgc2NvcGVzXG4gIGNvbnN0IHNpZ25lZCA9IGp3dC5zaWduKGV4dGVuZCh0b2tlbiwge1xuICAgIGF1dGhvcml0aWVzOiByZXEucXVlcnkuc2NvcGUuc3BsaXQoJyAnKSxcbiAgICBzY29wZTogcmVxLnF1ZXJ5LnNjb3BlLnNwbGl0KCcgJylcbiAgfSksIHByb2Nlc3MuZW52LkpXVEtFWSB8fCAnZW5jb2RlJywge1xuICAgIGFsZ29yaXRobTogcHJvY2Vzcy5lbnYuSldUQUxHTyxcbiAgICBleHBpcmVzSW46IDQzMjAwXG4gIH0pO1xuXG4gIHJldHVybiB7XG4gICAgYm9keToge1xuICAgICAgYWNjZXNzX3Rva2VuOiBzaWduZWQsXG4gICAgICB0b2tlbl90eXBlOiAnYmVhcmVyJyxcbiAgICAgIHNjb3BlOiByZXEucXVlcnkuc2NvcGUsXG4gICAgICBleHBpcmVzX2luOiA0MzIwMFxuICAgIH1cbiAgfTtcbn0pO1xuXG4vLyBDcmVhdGUgYW4gYXV0aG9yaXphdGlvbiBzZXJ2ZXIgcGx1Z2luIGFwcGxpY2F0aW9uXG5jb25zdCBhdXRoc2VydmVyID0gKCkgPT4ge1xuICBjb25zdCBhcHAgPSB3ZWJhcHAoKTtcbiAgYXBwLnVzZShyb3V0ZXMpO1xuICByZXR1cm4gYXBwO1xufTtcblxuLy8gQ29tbWFuZCBsaW5lIGludGVyZmFjZSwgY3JlYXRlIHRoZSBhcHAgYW5kIGxpc3RlblxuY29uc3QgcnVuQ0xJID0gKCkgPT4gYXV0aHNlcnZlcigpLmxpc3RlbigpO1xuXG4vLyBFeHBvcnQgb3VyIHB1YmxpYyBmdW5jdGlvbnNcbm1vZHVsZS5leHBvcnRzID0gYXV0aHNlcnZlcjtcbm1vZHVsZS5leHBvcnRzLnJ1bkNMSSA9IHJ1bkNMSTtcbiJdfQ== |
\ | No newline at end of file |