From 50e2dcbcd5530ff9b5a65b6c834b429d4a2b78f8 Mon Sep 17 00:00:00 2001 From: Hideki Nakamura Date: Thu, 5 Jul 2018 18:58:02 -0700 Subject: [PATCH] Add a processing to check specified API Access Tokens --- red/api/auth/api-access-tokens.js | 36 +++++++++++++++++++++++++++++++ red/api/auth/index.js | 2 ++ red/api/auth/strategies.js | 25 +++++++++++++-------- 3 files changed, 54 insertions(+), 9 deletions(-) create mode 100644 red/api/auth/api-access-tokens.js diff --git a/red/api/auth/api-access-tokens.js b/red/api/auth/api-access-tokens.js new file mode 100644 index 000000000..bf61516b3 --- /dev/null +++ b/red/api/auth/api-access-tokens.js @@ -0,0 +1,36 @@ +/** + * Copyright JS Foundation and other contributors, http://js.foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + **/ +var generatedTokens; + +module.exports = { + init: function(apiAccessTokensSettings) { + generatedTokens = {}; + if ( Array.isArray(apiAccessTokensSettings) ) { + generatedTokens = apiAccessTokensSettings.reduce(function(prev, current) { + prev[current.token] = { + username: current.username, + scope: current.permissions + }; + return prev; + }, {}); + } + return Promise.resolve(); + }, + get: function(token) { + var info = generatedTokens[token] || null; + return Promise.resolve(info); + } +} diff --git a/red/api/auth/index.js b/red/api/auth/index.js index 211a712a7..3e3a28bfa 100644 --- a/red/api/auth/index.js +++ b/red/api/auth/index.js @@ -19,6 +19,7 @@ var oauth2orize = require("oauth2orize"); var strategies = require("./strategies"); var Tokens = require("./tokens"); +var apiAccessTokens = require("./api-access-tokens"); var Users = require("./users"); var permissions = require("./permissions"); @@ -42,6 +43,7 @@ function init(runtime) { if (settings.adminAuth) { Users.init(settings.adminAuth); Tokens.init(settings.adminAuth,runtime.storage); + apiAccessTokens.init(settings.apiAccessTokens); strategies.init(runtime); } } diff --git a/red/api/auth/strategies.js b/red/api/auth/strategies.js index 0f5b554e4..5d3124497 100644 --- a/red/api/auth/strategies.js +++ b/red/api/auth/strategies.js @@ -22,6 +22,7 @@ var crypto = require("crypto"); var util = require("util"); var Tokens = require("./tokens"); +var apiAccessTokens = require("./api-access-tokens"); var Users = require("./users"); var Clients = require("./clients"); var permissions = require("./permissions"); @@ -30,21 +31,27 @@ var log; var bearerStrategy = function (accessToken, done) { // is this a valid token? - Tokens.get(accessToken).then(function(token) { - if (token) { - Users.get(token.user).then(function(user) { - if (user) { - done(null,user,{scope:token.scope}); + apiAccessTokens.get(accessToken).then(function(tokenInfo) { + if (tokenInfo && tokenInfo.username && tokenInfo.scope) { + done(null, tokenInfo.username,{scope:tokenInfo.scope}); + } else { + Tokens.get(accessToken).then(function(token) { + if (token) { + Users.get(token.user).then(function(user) { + if (user) { + done(null,user,{scope:token.scope}); + } else { + log.audit({event: "auth.invalid-token"}); + done(null,false); + } + }); } else { log.audit({event: "auth.invalid-token"}); done(null,false); } }); - } else { - log.audit({event: "auth.invalid-token"}); - done(null,false); } - }); + }) } bearerStrategy.BearerStrategy = new BearerStrategy(bearerStrategy);