Add an OAuth2 auth provider.

2025-10-05 10:39:25 +02:00 · 2014-10-30 19:03:17 +09:00 · 2014-10-30 19:03:17 +09:00 · af09fc084a
commit af09fc084a
parent 2ff16baf7a
3 changed files with 175 additions and 0 deletions
--- a/lib/units/auth/oauth2/index.js
+++ b/lib/units/auth/oauth2/index.js
@ -0,0 +1,51 @@
+var http = require('http')
+
+// @todo Figure something out
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"
+
+var express = require('express')
+var passport = require('passport')
+
+var logger = require('../../../util/logger')
+var urlutil = require('../../../util/urlutil')
+var jwtutil = require('../../../util/jwtutil')
+var Strategy = require('./strategy')
+
+module.exports = function(options) {
+  var log = logger.createLogger('auth-oauth2')
+    , app = express()
+    , server = http.createServer(app)
+
+  app.set('strict routing', true)
+  app.set('case sensitive routing', true)
+
+  function verify(accessToken, refreshToken, profile, done) {
+    done(null, profile)
+  }
+
+  passport.use(new Strategy(options.oauth, verify))
+
+  app.use(passport.initialize())
+  app.use(passport.authenticate('oauth2', {
+    failureRedirect: '/auth/oauth/'
+  , session: false
+  }))
+
+  app.get(
+    '/auth/oauth/callback'
+  , function(req, res) {
+      res.redirect(urlutil.addParams(options.appUrl, {
+        jwt: jwtutil.encode({
+          payload: {
+            email: req.user.email
+          , name: req.user.email.split('@', 1).join('')
+          }
+        , secret: options.secret
+        })
+      }))
+    }
+  )
+
+  server.listen(options.port)
+  log.info('Listening on port %d', options.port)
+}
--- a/lib/units/auth/oauth2/strategy.js
+++ b/lib/units/auth/oauth2/strategy.js
@ -0,0 +1,32 @@
+var util = require('util')
+
+var oauth2 = require('passport-oauth2')
+
+function Strategy(options, verify) {
+  oauth2.Strategy.call(this, options, verify)
+  if (!options.authorizationURL) {
+    throw new TypeError('OAuth2Strategy requires a userinfoURL option')
+  }
+  this._userinfoURL = options.userinfoURL
+  this._oauth2.useAuthorizationHeaderforGET(true)
+}
+
+util.inherits(Strategy, oauth2.Strategy)
+
+Strategy.prototype.userProfile = function(accessToken, callback) {
+  this._oauth2.get(this._userinfoURL, accessToken, function(err, data) {
+    if (err) {
+      return callback(err)
+    }
+    else {
+      try {
+        return callback(null, JSON.parse(data))
+      }
+      catch (err) {
+        return callback(err)
+      }
+    }
+  })
+}
+
+module.exports = Strategy