2020-12-08 14:30:29 +01:00
|
|
|
import { Transaction } from 'sequelize'
|
2018-09-20 11:31:48 +02:00
|
|
|
import {
|
2018-11-19 17:08:18 +01:00
|
|
|
AfterDestroy,
|
2018-09-20 11:31:48 +02:00
|
|
|
AfterUpdate,
|
|
|
|
AllowNull,
|
|
|
|
BelongsTo,
|
|
|
|
Column,
|
|
|
|
CreatedAt,
|
2024-02-22 10:12:04 +01:00
|
|
|
ForeignKey, Scopes,
|
2018-09-20 11:31:48 +02:00
|
|
|
Table,
|
|
|
|
UpdatedAt
|
|
|
|
} from 'sequelize-typescript'
|
2023-07-31 14:34:36 +02:00
|
|
|
import { TokensCache } from '@server/lib/auth/tokens-cache.js'
|
|
|
|
import { MUserAccountId } from '@server/types/models/index.js'
|
|
|
|
import { MOAuthTokenUser } from '@server/types/models/oauth/oauth-token.js'
|
|
|
|
import { logger } from '../../helpers/logger.js'
|
|
|
|
import { AccountModel } from '../account/account.js'
|
|
|
|
import { ActorModel } from '../actor/actor.js'
|
|
|
|
import { UserModel } from '../user/user.js'
|
|
|
|
import { OAuthClientModel } from './oauth-client.js'
|
2024-02-22 10:12:04 +01:00
|
|
|
import { SequelizeModel } from '../shared/index.js'
|
2017-12-12 17:53:50 +01:00
|
|
|
|
|
|
|
export type OAuthTokenInfo = {
|
|
|
|
refreshToken: string
|
2020-01-31 16:56:52 +01:00
|
|
|
refreshTokenExpiresAt: Date
|
2017-12-12 17:53:50 +01:00
|
|
|
client: {
|
|
|
|
id: number
|
2023-07-31 14:34:36 +02:00
|
|
|
grants: string[]
|
2020-01-31 16:56:52 +01:00
|
|
|
}
|
2021-03-12 15:20:46 +01:00
|
|
|
user: MUserAccountId
|
2020-04-24 11:33:01 +02:00
|
|
|
token: MOAuthTokenUser
|
2017-12-12 17:53:50 +01:00
|
|
|
}
|
2016-07-20 16:23:58 +02:00
|
|
|
|
2017-12-14 10:07:57 +01:00
|
|
|
enum ScopeNames {
|
2018-09-20 10:13:13 +02:00
|
|
|
WITH_USER = 'WITH_USER'
|
2017-12-14 10:07:57 +01:00
|
|
|
}
|
|
|
|
|
2019-04-23 09:50:57 +02:00
|
|
|
@Scopes(() => ({
|
2018-09-20 10:13:13 +02:00
|
|
|
[ScopeNames.WITH_USER]: {
|
2017-12-14 10:07:57 +01:00
|
|
|
include: [
|
|
|
|
{
|
2019-04-23 09:50:57 +02:00
|
|
|
model: UserModel.unscoped(),
|
2018-09-20 10:13:13 +02:00
|
|
|
required: true,
|
2017-12-14 10:07:57 +01:00
|
|
|
include: [
|
|
|
|
{
|
2018-09-20 10:13:13 +02:00
|
|
|
attributes: [ 'id' ],
|
2019-04-23 09:50:57 +02:00
|
|
|
model: AccountModel.unscoped(),
|
2018-09-20 10:13:13 +02:00
|
|
|
required: true,
|
|
|
|
include: [
|
|
|
|
{
|
2018-11-14 15:01:28 +01:00
|
|
|
attributes: [ 'id', 'url' ],
|
2019-04-23 09:50:57 +02:00
|
|
|
model: ActorModel.unscoped(),
|
2018-09-20 10:13:13 +02:00
|
|
|
required: true
|
|
|
|
}
|
|
|
|
]
|
2017-12-14 10:07:57 +01:00
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
2019-04-23 09:50:57 +02:00
|
|
|
]
|
2017-12-14 10:07:57 +01:00
|
|
|
}
|
2019-04-23 09:50:57 +02:00
|
|
|
}))
|
2017-12-12 17:53:50 +01:00
|
|
|
@Table({
|
|
|
|
tableName: 'oAuthToken',
|
|
|
|
indexes: [
|
2016-12-11 21:50:51 +01:00
|
|
|
{
|
2017-12-12 17:53:50 +01:00
|
|
|
fields: [ 'refreshToken' ],
|
|
|
|
unique: true
|
2016-12-11 21:50:51 +01:00
|
|
|
},
|
|
|
|
{
|
2017-12-12 17:53:50 +01:00
|
|
|
fields: [ 'accessToken' ],
|
|
|
|
unique: true
|
|
|
|
},
|
|
|
|
{
|
|
|
|
fields: [ 'userId' ]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
fields: [ 'oAuthClientId' ]
|
2016-12-11 21:50:51 +01:00
|
|
|
}
|
2017-12-12 17:53:50 +01:00
|
|
|
]
|
|
|
|
})
|
2024-02-22 10:12:04 +01:00
|
|
|
export class OAuthTokenModel extends SequelizeModel<OAuthTokenModel> {
|
2016-12-11 21:50:51 +01:00
|
|
|
|
2017-12-12 17:53:50 +01:00
|
|
|
@AllowNull(false)
|
|
|
|
@Column
|
|
|
|
accessToken: string
|
2017-05-22 20:58:25 +02:00
|
|
|
|
2017-12-12 17:53:50 +01:00
|
|
|
@AllowNull(false)
|
|
|
|
@Column
|
|
|
|
accessTokenExpiresAt: Date
|
2017-05-22 20:58:25 +02:00
|
|
|
|
2017-12-12 17:53:50 +01:00
|
|
|
@AllowNull(false)
|
|
|
|
@Column
|
|
|
|
refreshToken: string
|
2016-07-01 16:03:53 +02:00
|
|
|
|
2017-12-12 17:53:50 +01:00
|
|
|
@AllowNull(false)
|
|
|
|
@Column
|
|
|
|
refreshTokenExpiresAt: Date
|
2016-07-01 16:03:53 +02:00
|
|
|
|
2020-04-23 11:36:50 +02:00
|
|
|
@Column
|
|
|
|
authName: string
|
|
|
|
|
2017-12-12 17:53:50 +01:00
|
|
|
@CreatedAt
|
|
|
|
createdAt: Date
|
|
|
|
|
|
|
|
@UpdatedAt
|
|
|
|
updatedAt: Date
|
|
|
|
|
|
|
|
@ForeignKey(() => UserModel)
|
|
|
|
@Column
|
|
|
|
userId: number
|
|
|
|
|
|
|
|
@BelongsTo(() => UserModel, {
|
2016-12-11 21:50:51 +01:00
|
|
|
foreignKey: {
|
|
|
|
allowNull: false
|
|
|
|
},
|
|
|
|
onDelete: 'cascade'
|
|
|
|
})
|
2023-07-31 14:34:36 +02:00
|
|
|
User: Awaited<UserModel>
|
2016-12-29 09:33:28 +01:00
|
|
|
|
2017-12-12 17:53:50 +01:00
|
|
|
@ForeignKey(() => OAuthClientModel)
|
|
|
|
@Column
|
|
|
|
oAuthClientId: number
|
|
|
|
|
|
|
|
@BelongsTo(() => OAuthClientModel, {
|
2016-12-29 09:33:28 +01:00
|
|
|
foreignKey: {
|
|
|
|
allowNull: false
|
|
|
|
},
|
|
|
|
onDelete: 'cascade'
|
|
|
|
})
|
2023-07-31 14:34:36 +02:00
|
|
|
OAuthClients: Awaited<OAuthClientModel>[]
|
2016-12-11 21:50:51 +01:00
|
|
|
|
2018-09-20 11:31:48 +02:00
|
|
|
@AfterUpdate
|
2018-11-19 17:08:18 +01:00
|
|
|
@AfterDestroy
|
2018-09-20 11:31:48 +02:00
|
|
|
static removeTokenCache (token: OAuthTokenModel) {
|
2021-03-12 15:20:46 +01:00
|
|
|
return TokensCache.Instance.clearCacheByToken(token.accessToken)
|
2018-09-20 11:31:48 +02:00
|
|
|
}
|
|
|
|
|
2020-04-24 11:33:01 +02:00
|
|
|
static loadByRefreshToken (refreshToken: string) {
|
|
|
|
const query = {
|
|
|
|
where: { refreshToken }
|
|
|
|
}
|
|
|
|
|
|
|
|
return OAuthTokenModel.findOne(query)
|
|
|
|
}
|
|
|
|
|
2017-12-12 17:53:50 +01:00
|
|
|
static getByRefreshTokenAndPopulateClient (refreshToken: string) {
|
|
|
|
const query = {
|
|
|
|
where: {
|
2020-04-24 11:33:01 +02:00
|
|
|
refreshToken
|
2017-12-12 17:53:50 +01:00
|
|
|
},
|
|
|
|
include: [ OAuthClientModel ]
|
|
|
|
}
|
|
|
|
|
2020-04-24 11:33:01 +02:00
|
|
|
return OAuthTokenModel.scope(ScopeNames.WITH_USER)
|
|
|
|
.findOne(query)
|
|
|
|
.then(token => {
|
|
|
|
if (!token) return null
|
|
|
|
|
|
|
|
return {
|
|
|
|
refreshToken: token.refreshToken,
|
|
|
|
refreshTokenExpiresAt: token.refreshTokenExpiresAt,
|
|
|
|
client: {
|
2023-07-31 14:34:36 +02:00
|
|
|
id: token.oAuthClientId,
|
|
|
|
grants: []
|
2020-04-24 11:33:01 +02:00
|
|
|
},
|
2020-05-07 16:36:04 +02:00
|
|
|
user: token.User,
|
2020-04-24 11:33:01 +02:00
|
|
|
token
|
|
|
|
} as OAuthTokenInfo
|
|
|
|
})
|
|
|
|
.catch(err => {
|
|
|
|
logger.error('getRefreshToken error.', { err })
|
|
|
|
throw err
|
|
|
|
})
|
2016-12-11 21:50:51 +01:00
|
|
|
}
|
|
|
|
|
2020-12-08 14:30:29 +01:00
|
|
|
static getByTokenAndPopulateUser (bearerToken: string): Promise<MOAuthTokenUser> {
|
2017-12-12 17:53:50 +01:00
|
|
|
const query = {
|
|
|
|
where: {
|
|
|
|
accessToken: bearerToken
|
2017-12-14 10:07:57 +01:00
|
|
|
}
|
2017-12-12 17:53:50 +01:00
|
|
|
}
|
2016-07-20 16:23:58 +02:00
|
|
|
|
2019-04-23 09:50:57 +02:00
|
|
|
return OAuthTokenModel.scope(ScopeNames.WITH_USER)
|
|
|
|
.findOne(query)
|
|
|
|
.then(token => {
|
2019-08-15 11:53:26 +02:00
|
|
|
if (!token) return null
|
2016-07-01 16:03:53 +02:00
|
|
|
|
2019-08-15 11:53:26 +02:00
|
|
|
return Object.assign(token, { user: token.User })
|
2019-04-23 09:50:57 +02:00
|
|
|
})
|
2016-12-11 21:50:51 +01:00
|
|
|
}
|
|
|
|
|
2020-12-08 14:30:29 +01:00
|
|
|
static getByRefreshTokenAndPopulateUser (refreshToken: string): Promise<MOAuthTokenUser> {
|
2017-12-12 17:53:50 +01:00
|
|
|
const query = {
|
|
|
|
where: {
|
2020-04-24 11:33:01 +02:00
|
|
|
refreshToken
|
2017-12-14 10:07:57 +01:00
|
|
|
}
|
2017-12-12 17:53:50 +01:00
|
|
|
}
|
2016-12-11 21:50:51 +01:00
|
|
|
|
2018-09-20 10:13:13 +02:00
|
|
|
return OAuthTokenModel.scope(ScopeNames.WITH_USER)
|
2017-12-14 10:07:57 +01:00
|
|
|
.findOne(query)
|
|
|
|
.then(token => {
|
2020-04-24 11:33:01 +02:00
|
|
|
if (!token) return undefined
|
2019-08-15 11:53:26 +02:00
|
|
|
|
|
|
|
return Object.assign(token, { user: token.User })
|
2017-12-14 10:07:57 +01:00
|
|
|
})
|
2016-12-11 21:50:51 +01:00
|
|
|
}
|
2018-01-23 09:15:36 +01:00
|
|
|
|
2018-08-08 14:58:21 +02:00
|
|
|
static deleteUserToken (userId: number, t?: Transaction) {
|
2021-03-12 15:20:46 +01:00
|
|
|
TokensCache.Instance.deleteUserToken(userId)
|
|
|
|
|
2018-01-23 09:15:36 +01:00
|
|
|
const query = {
|
|
|
|
where: {
|
|
|
|
userId
|
2018-08-08 14:58:21 +02:00
|
|
|
},
|
|
|
|
transaction: t
|
2018-01-23 09:15:36 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return OAuthTokenModel.destroy(query)
|
|
|
|
}
|
2016-07-20 16:23:58 +02:00
|
|
|
}
|