Imported-Repos/yandex2mqtt
1
0
Fork 0
mirror of https://github.com/lasthead0/yandex2mqtt.git synced 2025-08-07 08:40:29 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
yandex2mqtt/auth/index.js
Evgenii Abramov d6ae5dc1ea Release
2021-01-18 01:52:32 +03:00

92 lines
3.6 KiB
JavaScript
Raw Permalink Blame History

'use strict';
const passport = require('passport');
const LocalStrategy = require('passport-local').Strategy;
const BasicStrategy = require('passport-http').BasicStrategy;
const ClientPasswordStrategy = require('passport-oauth2-client-password').Strategy;
const BearerStrategy = require('passport-http-bearer').Strategy;
const db = require('../db');
/**
* LocalStrategy
*
* This strategy is used to authenticate users based on a username and password.
* Anytime a request is made to authorize an application, we must ensure that
* a user is logged in before asking them to approve the request.
*/
passport.use(new LocalStrategy(
(username, password, done) => {
db.users.findByUsername(username, (error, user) => {
if (error) return done(error);
if (!user) return done(null, false);
if (user.password !== password) return done(null, false);
return done(null, user);
});
}
));
passport.serializeUser((user, done) => done(null, user.id));
passport.deserializeUser((id, done) => {
db.users.findById(id, (error, user) => done(error, user));
});
/**
* BasicStrategy & ClientPasswordStrategy
*
* These strategies are used to authenticate registered OAuth clients. They are
* employed to protect the `token` endpoint, which consumers use to obtain
* access tokens. The OAuth 2.0 specification suggests that clients use the
* HTTP Basic scheme to authenticate. Use of the client password strategy
* allows clients to send the same credentials in the request body (as opposed
* to the `Authorization` header). While this approach is not recommended by
* the specification, in practice it is quite common.
*/
function verifyClient(clientId, clientSecret, done) {
db.clients.findByClientId(clientId, (error, client) => {
if (error) return done(error);
if (!client) return done(null, false);
if (client.clientSecret !== clientSecret) return done(null, false);
return done(null, client);
});
}
passport.use(new BasicStrategy(verifyClient));
passport.use(new ClientPasswordStrategy(verifyClient));
/**
* BearerStrategy
*
* This strategy is used to authenticate either users or clients based on an access token
* (aka a bearer token). If a user, they must have previously authorized a client
* application, which is issued an access token to make requests on behalf of
* the authorizing user.
*/
passport.use(new BearerStrategy(
(accessToken, done) => {
db.accessTokens.find(accessToken, (error, token) => {
if (error) return done(error);
if (!token) return done(null, false);
if (token.userId) {
db.users.findById(token.userId, (error, user) => {
if (error) return done(error);
if (!user) return done(null, false);
// To keep this example simple, restricted scopes are not implemented,
// and this is just for illustrative purposes.
done(null, user, { scope: '*' });
});
} else {
// The request came from a client only since userId is null,
// therefore the client is passed back instead of a user.
db.clients.findByClientId(token.clientId, (error, client) => {
if (error) return done(error);
if (!client) return done(null, false);
// To keep this example simple, restricted scopes are not implemented,
// and this is just for illustrative purposes.
done(null, client, { scope: '*' });
});
}
});
}
));
Reference in New Issue View Git Blame Copy Permalink