forked from panva/node-oidc-provider
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.js
124 lines (103 loc) · 3.48 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
/* eslint-disable no-console */
const Provider = require('../lib');
const path = require('path');
const { set } = require('lodash');
const bodyParser = require('koa-body');
const querystring = require('querystring');
const Router = require('koa-router');
const render = require('koa-ejs');
const port = process.env.PORT || 3000;
const Account = require('./account');
const { config, clients, certificates } = require('./settings');
const issuer = process.env.ISSUER || 'http://localhost:3000';
config.findById = Account.findById;
const provider = new Provider(issuer, config);
provider.defaultHttpOptions = { timeout: 15000 };
provider.initialize({
adapter: process.env.MONGODB_URI ? require('./adapters/mongodb') : undefined, // eslint-disable-line global-require
clients,
keystore: { keys: certificates },
}).then(() => {
render(provider.app, {
cache: false,
layout: '_layout',
root: path.join(__dirname, 'views'),
});
provider.keys = ['some secret key', 'and also the old one'];
if (process.env.NODE_ENV === 'production') {
provider.proxy = true;
set(config, 'cookies.short.secure', true);
set(config, 'cookies.long.secure', true);
provider.use(async (ctx, next) => {
if (ctx.secure) {
await next();
} else if (ctx.method === 'GET' || ctx.method === 'HEAD') {
ctx.redirect(ctx.href.replace(/^http:\/\//i, 'https://'));
} else {
ctx.body = {
error: 'invalid_request',
error_description: 'do yourself a favor and only use https',
};
ctx.status = 400;
}
});
}
const router = new Router();
router.get('/interaction/:grant', async (ctx, next) => {
const details = await provider.interactionDetails(ctx.req);
const client = await provider.Client.find(details.params.client_id);
if (details.interaction.error === 'login_required') {
await ctx.render('login', {
client,
details,
title: 'Sign-in',
debug: querystring.stringify(details.params, ',<br/>', ' = ', {
encodeURIComponent: value => value,
}),
interaction: querystring.stringify(details.interaction, ',<br/>', ' = ', {
encodeURIComponent: value => value,
}),
});
} else {
await ctx.render('interaction', {
client,
details,
title: 'Authorize',
debug: querystring.stringify(details.params, ',<br/>', ' = ', {
encodeURIComponent: value => value,
}),
interaction: querystring.stringify(details.interaction, ',<br/>', ' = ', {
encodeURIComponent: value => value,
}),
});
}
await next();
});
const body = bodyParser();
router.post('/interaction/:grant/confirm', body, async (ctx, next) => {
const result = { consent: {} };
await provider.interactionFinished(ctx.req, ctx.res, result);
await next();
});
router.post('/interaction/:grant/login', body, async (ctx, next) => {
const account = await Account.findByLogin(ctx.request.body.login);
const result = {
login: {
account: account.accountId,
acr: 'urn:mace:incommon:iap:bronze',
amr: ['pwd'],
remember: !!ctx.request.body.remember,
ts: Math.floor(Date.now() / 1000),
},
consent: {},
};
await provider.interactionFinished(ctx.req, ctx.res, result);
await next();
});
provider.use(router.routes());
})
.then(() => provider.listen(port))
.catch((err) => {
console.error(err);
process.exit(1);
});