mirror of https://github.com/Chocobozzz/PeerTube
initial commit
parent
74db34b55e
commit
a226f56ac3
|
@ -202,9 +202,9 @@ object_storage:
|
|||
|
||||
credentials:
|
||||
# You can also use AWS_ACCESS_KEY_ID env variable
|
||||
access_key_id: 'GOOG1EHDHI4G6TE5KSGBFHQAHOKH3ETSBIDY37BWDRDRZQBJTVJ77U5HPSF3V'
|
||||
access_key_id: ''
|
||||
# You can also use AWS_SECRET_ACCESS_KEY env variable
|
||||
secret_access_key: 'e2bTFj31PkUamL54wEvsDihKCyCxibJzgt3yS4Sq'
|
||||
secret_access_key: ''
|
||||
|
||||
# Maximum amount to upload in one request to object storage
|
||||
max_upload_part: 100MB
|
||||
|
@ -217,13 +217,13 @@ object_storage:
|
|||
|
||||
# Base url for object URL generation, scheme and host will be replaced by this URL
|
||||
# Useful when you want to use a CDN/external proxy
|
||||
base_url: 'http://34.49.197.126' # Example: 'https://mirror.example.com'
|
||||
base_url: 'http://34.49.197.12' # Example: 'https://mirror.example.com'
|
||||
|
||||
# Same settings but for web videos
|
||||
web_videos:
|
||||
bucket_name: 'meshminds'
|
||||
prefix: 'web-videos/'
|
||||
base_url: 'http://34.49.197.126'
|
||||
base_url: 'http://34.49.197.12'
|
||||
|
||||
log:
|
||||
level: 'info' # 'debug' | 'info' | 'warn' | 'error'
|
||||
|
|
|
@ -14,19 +14,19 @@ import { Emailer } from '../../../lib/emailer.js'
|
|||
import { Redis } from '../../../lib/redis.js'
|
||||
import { buildUser, createUserAccountAndChannelAndPlaylist } from '../../../lib/user.js'
|
||||
import {
|
||||
adminUsersSortValidator,
|
||||
// adminUsersSortValidator,
|
||||
apiRateLimiter,
|
||||
asyncMiddleware,
|
||||
asyncRetryTransactionMiddleware,
|
||||
authenticate,
|
||||
ensureUserHasRight,
|
||||
paginationValidator,
|
||||
// paginationValidator,
|
||||
setDefaultPagination,
|
||||
setDefaultSort,
|
||||
userAutocompleteValidator,
|
||||
usersAddValidator,
|
||||
usersGetValidator,
|
||||
usersListValidator,
|
||||
// usersListValidator,
|
||||
usersRemoveValidator,
|
||||
usersUpdateValidator
|
||||
} from '../../../middlewares/index.js'
|
||||
|
@ -73,12 +73,12 @@ usersRouter.get('/autocomplete',
|
|||
|
||||
usersRouter.get('/',
|
||||
authenticate,
|
||||
ensureUserHasRight(UserRight.MANAGE_USERS),
|
||||
paginationValidator,
|
||||
adminUsersSortValidator,
|
||||
//ensureUserHasRight(UserRight.MANAGE_USERS),
|
||||
//paginationValidator,
|
||||
//adminUsersSortValidator,
|
||||
setDefaultSort,
|
||||
setDefaultPagination,
|
||||
usersListValidator,
|
||||
//usersListValidator,
|
||||
asyncMiddleware(listUsers)
|
||||
)
|
||||
|
||||
|
|
|
@ -226,10 +226,10 @@ async function registerUser (req: express.Request, res: express.Response) {
|
|||
|
||||
const userToCreate = buildUser({
|
||||
...pick(body, [ 'username', 'password', 'email' ]),
|
||||
|
||||
|
||||
emailVerified: CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION ? false : null
|
||||
})
|
||||
|
||||
console.log( 'userBody:', userToCreate)
|
||||
const { user, account, videoChannel } = await createUserAccountAndChannelAndPlaylist({
|
||||
userToCreate,
|
||||
userDisplayName: body.displayName || undefined,
|
||||
|
@ -245,6 +245,7 @@ async function registerUser (req: express.Request, res: express.Response) {
|
|||
|
||||
Notifier.Instance.notifyOnNewDirectRegistration(user)
|
||||
|
||||
|
||||
Hooks.runAction('action:api.user.registered', { body, user, account, videoChannel, req, res })
|
||||
|
||||
return res.sendStatus(HttpStatusCode.NO_CONTENT_204)
|
||||
|
|
|
@ -18,6 +18,10 @@ import { buildUser, createUserAccountAndChannelAndPlaylist } from '../user.js'
|
|||
import { ExternalUser } from './external-auth.js'
|
||||
import { TokensCache } from './tokens-cache.js'
|
||||
|
||||
//added imports
|
||||
// import axios from 'axios'
|
||||
// import { createHash } from 'crypto'
|
||||
|
||||
type TokenInfo = {
|
||||
accessToken: string
|
||||
refreshToken: string
|
||||
|
@ -58,6 +62,8 @@ async function getAccessToken (bearerToken: string) {
|
|||
|
||||
return tokenModel
|
||||
}
|
||||
|
||||
|
||||
|
||||
function getClient (clientId: string, clientSecret: string) {
|
||||
logger.debug('Getting Client (clientId: ' + clientId + ', clientSecret: ' + clientSecret + ').')
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
import express from 'express'
|
||||
import OAuth2Server, {
|
||||
import OAuth2Server,
|
||||
{
|
||||
InvalidClientError,
|
||||
InvalidGrantError,
|
||||
InvalidRequestError,
|
||||
|
@ -16,9 +17,13 @@ import { MOAuthClient } from '@server/types/models/index.js'
|
|||
import { sha1 } from '@peertube/peertube-node-utils'
|
||||
import { HttpStatusCode, ServerErrorCode, UserRegistrationState } from '@peertube/peertube-models'
|
||||
import { OTP } from '../../initializers/constants.js'
|
||||
import { BypassLogin, getAccessToken, getClient, getRefreshToken, getUser, revokeToken, saveToken } from './oauth-model.js'
|
||||
import { BypassLogin, getAccessToken,
|
||||
getClient, getRefreshToken, getUser, revokeToken, saveToken } from './oauth-model.js'
|
||||
|
||||
//added import into the module
|
||||
import axios from 'axios'
|
||||
import {createHash} from 'crypto';
|
||||
|
||||
|
||||
|
||||
class MissingTwoFactorError extends Error {
|
||||
code = HttpStatusCode.UNAUTHORIZED_401
|
||||
|
@ -119,15 +124,20 @@ function handleOAuthAuthenticate (
|
|||
req: express.Request,
|
||||
res: express.Response
|
||||
) {
|
||||
return oAuthServer.authenticate(new Request(req), new Response(res))
|
||||
|
||||
|
||||
//oAuthServer.authenticate(new Request(req), new Response(res)).then((token) => {console.log('get token details' , token)})
|
||||
return oAuthServer.authenticate(new Request(req), new Response(res));
|
||||
}
|
||||
|
||||
|
||||
export {
|
||||
MissingTwoFactorError,
|
||||
InvalidTwoFactorError,
|
||||
|
||||
handleOAuthToken,
|
||||
handleOAuthAuthenticate
|
||||
handleOAuthAuthenticate,
|
||||
|
||||
}
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
|
@ -137,10 +147,12 @@ async function handlePasswordGrant (options: {
|
|||
client: MOAuthClient
|
||||
bypassLogin?: BypassLogin
|
||||
}) {
|
||||
|
||||
|
||||
|
||||
const { request, client, bypassLogin } = options
|
||||
|
||||
const tokenNinjacart = request.headers.authorization ;
|
||||
if (!request.body.username) {
|
||||
|
||||
throw new InvalidRequestError('Missing parameter: `username`')
|
||||
}
|
||||
|
||||
|
@ -149,6 +161,17 @@ async function handlePasswordGrant (options: {
|
|||
}
|
||||
|
||||
const user = await getUser(request.body.username, request.body.password, bypassLogin)
|
||||
|
||||
|
||||
//added validation for ninjacart IAM service
|
||||
const uid = await axios.get('https://api.trafyn.info/iam/api/v1/auth/validate/token' , {
|
||||
headers :{
|
||||
authorization : `Bearer ${request.headers.authorization}`
|
||||
}
|
||||
})
|
||||
|
||||
//to here
|
||||
|
||||
if (!user) {
|
||||
const registration = await UserRegistrationModel.loadByEmailOrUsername(request.body.username)
|
||||
|
||||
|
@ -158,7 +181,18 @@ async function handlePasswordGrant (options: {
|
|||
throw new RegistrationWaitingForApproval('Registration for this account is awaiting approval')
|
||||
}
|
||||
|
||||
throw new InvalidGrantError('Invalid grant: user credentials are invalid')
|
||||
//checking whether the user exists or not , added code from here
|
||||
await axios.post('http://localhost:9000/api/v1/users/register' , {
|
||||
"username": uid.data.data.userId.toString(),
|
||||
"password": uid.data.data.userId.toString(),
|
||||
"email": uid.data.data.userId + "@ninjacart.com",
|
||||
"displayName": "string",
|
||||
"channel": {
|
||||
"name": uid.data.data.userId + "_channel",
|
||||
"displayName": "string"
|
||||
}
|
||||
})
|
||||
// addtionional code ends here
|
||||
}
|
||||
|
||||
if (user.otpSecret) {
|
||||
|
@ -171,12 +205,12 @@ async function handlePasswordGrant (options: {
|
|||
}
|
||||
}
|
||||
|
||||
//remove this part of the code
|
||||
//add api call to get token and save below
|
||||
|
||||
let token = await buildToken()
|
||||
|
||||
//overwriting ninjacart's access token onto the token generated by peertube
|
||||
token.accessToken = tokenNinjacart ;
|
||||
|
||||
const token = await buildToken()
|
||||
|
||||
// console.log('CheckingRequestData' ,request , 'checkingTokenDara' ,token , user )
|
||||
return saveToken(token, client, user, { bypassLogin })
|
||||
}
|
||||
|
||||
|
@ -212,7 +246,7 @@ async function handleRefreshGrant (options: {
|
|||
return saveToken(token, client, refreshToken.user, { refreshTokenAuthName })
|
||||
}
|
||||
|
||||
function generateRandomToken (){
|
||||
function generateRandomToken () {
|
||||
return randomBytesPromise(256)
|
||||
.then(buffer => sha1(buffer))
|
||||
}
|
||||
|
@ -227,53 +261,11 @@ function getTokenExpiresAt (type: 'access' | 'refresh') {
|
|||
|
||||
async function buildToken () {
|
||||
const [ accessToken, refreshToken ] = await Promise.all([ generateRandomToken(), generateRandomToken() ])
|
||||
console.log(accessToken);
|
||||
// //part of the code modified
|
||||
|
||||
//custom headers to send request to Ninjacart IAM service
|
||||
const headers = {
|
||||
'authority': 'api.trafyn.info',
|
||||
'accept': 'application/json, text/plain, */*',
|
||||
'accept-language': 'en-GB,en-US;q=0.9,en;q=0.8',
|
||||
'content-type': 'application/json',
|
||||
'origin': 'https://retail-banking.trafyn.info',
|
||||
'referer': 'https://retail-banking.trafyn.info/',
|
||||
'sec-fetch-dest': 'empty',
|
||||
'sec-fetch-mode': 'cors',
|
||||
'sec-fetch-site': 'same-site',
|
||||
'user-agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1',
|
||||
};
|
||||
|
||||
//Data of the user that can be changed , right now for demo purposes it is hardcoded
|
||||
const data = {
|
||||
contactNumber : "12345678" ,
|
||||
retryCount : null
|
||||
};
|
||||
|
||||
//sending/ triggering the api request to recieve the otp from user
|
||||
await axios.post('https://api.trafyn.info/iam/api/v1/auth/send/otp', data, { headers });
|
||||
|
||||
//recieving the OTP data from the user side , right now for demo purposes it is hardcoded
|
||||
//it defines the user data from the server side , and verifies it is the user the number belongs to
|
||||
const userData = {
|
||||
action: "VERIFY",
|
||||
contactNumber: "12345678" ,
|
||||
loginMode: "Mobile",
|
||||
newUser: true,
|
||||
otp: "111111",
|
||||
roles: "TRADER",
|
||||
}
|
||||
|
||||
//triggers the api request to recieve the token data from the IAM service
|
||||
const getTokenData = await axios.post('https://api.trafyn.info/iam/api/v1/auth/signin/otp' , userData , {headers});
|
||||
const accessTokenNinjacart = createHash('sha256').update(getTokenData.data.data.access_token).digest('base64');
|
||||
|
||||
//till here modifications were added , and below the accesstoken passed is the one generated from NINJACART'S IAM service
|
||||
|
||||
return {
|
||||
accessToken : String(accessTokenNinjacart),
|
||||
accessToken,
|
||||
refreshToken,
|
||||
accessTokenExpiresAt: getTokenExpiresAt('access'),
|
||||
refreshTokenExpiresAt: getTokenExpiresAt('refresh')
|
||||
}
|
||||
}
|
||||
}
|
|
@ -210,7 +210,13 @@ export class PluginManager implements ServerHook {
|
|||
return true
|
||||
}
|
||||
}
|
||||
console.log('auth token external : ' , token)
|
||||
return true
|
||||
}
|
||||
|
||||
async isTokenValidNinjacart (token: string) {
|
||||
|
||||
console.log('auth token external : ' , token)
|
||||
return true
|
||||
}
|
||||
|
||||
|
|
|
@ -5,24 +5,27 @@ import { getAccessToken } from '@server/lib/auth/oauth-model.js'
|
|||
import { RunnerModel } from '@server/models/runner/runner.js'
|
||||
import { logger } from '../helpers/logger.js'
|
||||
import { handleOAuthAuthenticate } from '../lib/auth/oauth.js'
|
||||
// import axios from 'axios'
|
||||
|
||||
function authenticate (req: express.Request, res: express.Response, next: express.NextFunction) {
|
||||
|
||||
async function authenticate (req: express.Request, res: express.Response, next: express.NextFunction) {
|
||||
console.log('finding token' , req.headers.authorization)
|
||||
handleOAuthAuthenticate(req, res)
|
||||
.then((token: any) => {
|
||||
res.locals.oauth = { token }
|
||||
res.locals.authenticated = true
|
||||
.then((token: any) => {
|
||||
res.locals.oauth = { token }
|
||||
res.locals.authenticated = true
|
||||
|
||||
return next()
|
||||
})
|
||||
.catch(err => {
|
||||
logger.info('Cannot authenticate.', { err })
|
||||
return next()
|
||||
})
|
||||
.catch(err => {
|
||||
logger.info('Cannot authenticate.', { err })
|
||||
|
||||
return res.fail({
|
||||
status: err.status,
|
||||
message: 'Token is invalid',
|
||||
type: err.name
|
||||
})
|
||||
return res.fail({
|
||||
status: err.status,
|
||||
message: 'Token is invalid',
|
||||
type: err.name
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
function authenticateSocket (socket: Socket, next: (err?: any) => void) {
|
||||
|
|
|
@ -235,7 +235,7 @@ const videosUpdateValidator = getCommonVideoEditAttributes().concat([
|
|||
return res.fail({ message: 'Cannot update privacy of a live that has already started' })
|
||||
}
|
||||
|
||||
// Check if the user who did the request is able to update the video
|
||||
// Check if the user who did the request is able to update the video
|
||||
const user = res.locals.oauth.token.User
|
||||
if (!checkUserCanManageVideo(user, res.locals.videoAll, UserRight.UPDATE_ANY_VIDEO, res)) return cleanUpReqFiles(req)
|
||||
|
||||
|
|
Loading…
Reference in New Issue