Home Explore Help
Sign In
wiki
/
weseek__growi
mirror of https://github.com/weseek/growi
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Revert "refactor: update access token parsing logic to accept accessToken as a parameter"

This reverts commit b077c9e8557183c9e000ff76b7bfc7d6773bd3d1.
Shun Miyazawa 7 months ago
parent
521cf9bd45
commit
6dd93e9388
4 changed files with 47 additions and 40 deletions
Split View Show Diff Stats
  1. 9 1
      apps/app/src/server/middlewares/access-token-parser/access-token.ts
  2. 24 13
      apps/app/src/server/middlewares/access-token-parser/api-token.ts
  3. 11 0
      apps/app/src/server/middlewares/access-token-parser/extract-bearer-token.ts
  4. 3 26
      apps/app/src/server/middlewares/access-token-parser/index.ts

+ 9 - 1
apps/app/src/server/middlewares/access-token-parser/access-token.ts
View File 

@@ -5,12 +5,20 @@ import type { Response } from 'express';
 
 import { AccessToken } from '~/server/models/access-token';
 
 import loggerFactory from '~/utils/logger';
 
 
+import { extractBearerToken } from './extract-bearer-token';
 
 import type { AccessTokenParserReq } from './interfaces';
 
 
 const logger = loggerFactory('growi:middleware:access-token-parser:access-token');
 
 
-export const parserForAccessToken = (accessToken: string, scopes: Scope[]) => {
 
+export const parserForAccessToken = (scopes: Scope[]) => {
 
   return async(req: AccessTokenParserReq, res: Response): Promise<void> => {
 
+    // Extract token from Authorization header first
 
+    const bearerToken = extractBearerToken(req.headers.authorization);
 
+
 
+    const accessToken = bearerToken ?? req.query.access_token ?? req.body.access_token;
 
+    if (accessToken == null || typeof accessToken !== 'string') {
 
+      return;
 
+    }
 
     if (scopes == null || scopes.length === 0) {
 
       logger.debug('scopes is empty');
 
       return;

+ 24 - 13
apps/app/src/server/middlewares/access-token-parser/api-token.ts
View File 

@@ -6,26 +6,37 @@ import mongoose from 'mongoose';
 
 
 import loggerFactory from '~/utils/logger';
 
 
+import { extractBearerToken } from './extract-bearer-token';
 
 import type { AccessTokenParserReq } from './interfaces';
 
 
 const logger = loggerFactory('growi:middleware:access-token-parser:api-token');
 
 
 
-export const parserForApiToken = (accessToken: string) => {
 
-  return async(req: AccessTokenParserReq, res: Response): Promise<void> => {
 
-    const User = mongoose.model<HydratedDocument<IUser>, { findUserByApiToken }>('User');
 
-    const userByApiToken: IUserHasId = await User.findUserByApiToken(accessToken);
 
+export const parserForApiToken = async(req: AccessTokenParserReq, res: Response): Promise<void> => {
 
+  // Extract token from Authorization header first
 
+  const bearerToken = extractBearerToken(req.headers.authorization);
 
 
-    if (userByApiToken == null) {
 
-      return;
 
-    }
 
+  // Try all possible token sources in order of priority
 
+  const accessToken = bearerToken ?? req.query.access_token ?? req.body.access_token;
 
 
-    req.user = serializeUserSecurely(userByApiToken);
 
-    if (req.user == null) {
 
-      return;
 
-    }
 
+  if (accessToken == null || typeof accessToken !== 'string') {
 
+    return;
 
+  }
 
+
 
+  logger.debug('accessToken is', accessToken);
 
+
 
+  const User = mongoose.model<HydratedDocument<IUser>, { findUserByApiToken }>('User');
 
+  const userByApiToken: IUserHasId = await User.findUserByApiToken(accessToken);
 
 
-    logger.debug('Access token parsed.');
 
+  if (userByApiToken == null) {
 
     return;
 
-  };
 
+  }
 
+
 
+  req.user = serializeUserSecurely(userByApiToken);
 
+  if (req.user == null) {
 
+    return;
 
+  }
 
+
 
+  logger.debug('Access token parsed.');
 
+  return;
 
 };

+ 11 - 0
apps/app/src/server/middlewares/access-token-parser/extract-bearer-token.ts
View File 

@@ -0,0 +1,11 @@
 
+export const extractBearerToken = (authHeader: string | undefined): string | null => {
 
+  if (authHeader == null) {
 
+    return null;
 
+  }
 
+
 
+  if (!authHeader.startsWith('Bearer ')) {
 
+    return null;
 
+  }
 
+
 
+  return authHeader.substring(7); // Remove 'Bearer ' prefix
 
+};

+ 3 - 26
apps/app/src/server/middlewares/access-token-parser/index.ts
View File 

@@ -9,44 +9,21 @@ import type { AccessTokenParserReq } from './interfaces';
 
 
 const logger = loggerFactory('growi:middleware:access-token-parser');
 
 
-export const extractBearerToken = (authHeader: string | undefined): string | null => {
 
-  if (authHeader == null) {
 
-    return null;
 
-  }
 
-
 
-  if (!authHeader.startsWith('Bearer ')) {
 
-    return null;
 
-  }
 
-
 
-  return authHeader.substring(7); // Remove 'Bearer ' prefix
 
-};
 
-
 
-
 
 export type AccessTokenParser = (scopes?: Scope[], opts?: {acceptLegacy: boolean})
 
   => (req: AccessTokenParserReq, res: Response, next: NextFunction) => Promise<void>
 
 
 export const accessTokenParser: AccessTokenParser = (scopes, opts) => {
 
   return async(req, res, next): Promise<void> => {
 
-    // Extract token from Authorization header first
 
-    const bearerToken = extractBearerToken(req.headers.authorization);
 
-
 
-    // Try all possible token sources in order of priority
 
-    const accessToken = bearerToken ?? req.query.access_token ?? req.body.access_token;
 
-    if (accessToken == null || typeof accessToken !== 'string') {
 
-      return;
 
-    }
 
-
 
-    logger.debug('accessToken is', accessToken);
 
-
 
+    // TODO: comply HTTP header of RFC6750 / Authorization: Bearer
 
     if (scopes == null || scopes.length === 0) {
 
       logger.warn('scopes is empty');
 
       return next();
 
     }
 
 
-    await parserForAccessToken(accessToken, scopes)(req, res);
 
+    await parserForAccessToken(scopes)(req, res);
 
 
     if (opts?.acceptLegacy) {
 
-      await parserForApiToken(accessToken)(req, res);
 
+      await parserForApiToken(req, res);
 
     }
 
 
     return next();