mirror of
https://github.com/dbgate/dbgate
synced 2024-11-07 20:26:23 +00:00
OAuth scope added #407
This commit is contained in:
Jan Prochazka
parent
9ce743a8d3
commit
5684eab3e2
@ -62,11 +62,12 @@ module.exports = {
|
||||
async oauthToken(params) {
|
||||
const { redirectUri, code } = params;
|
||||
|
||||
const scopeParam = process.env.OAUTH_SCOPE ? `&scope=${process.env.OAUTH_SCOPE}` : '';
|
||||
const resp = await axios.default.post(
|
||||
`${process.env.OAUTH_TOKEN}`,
|
||||
`grant_type=authorization_code&code=${encodeURIComponent(code)}&redirect_uri=${encodeURIComponent(
|
||||
redirectUri
|
||||
)}&client_id=${process.env.OAUTH_CLIENT_ID}&client_secret=${process.env.OAUTH_CLIENT_SECRET}`
|
||||
)}&client_id=${process.env.OAUTH_CLIENT_ID}&client_secret=${process.env.OAUTH_CLIENT_SECRET}${scopeParam}`
|
||||
);
|
||||
|
||||
const { access_token, refresh_token } = resp.data;
|
||||
@ -75,7 +76,10 @@ module.exports = {
|
||||
|
||||
console.log('User payload returned from OAUTH:', payload);
|
||||
|
||||
const login = process.env.OAUTH_LOGIN_FIELD ? payload[process.env.OAUTH_LOGIN_FIELD] : 'oauth';
|
||||
const login =
|
||||
process.env.OAUTH_LOGIN_FIELD && payload && payload[process.env.OAUTH_LOGIN_FIELD]
|
||||
? payload[process.env.OAUTH_LOGIN_FIELD]
|
||||
: 'oauth';
|
||||
|
||||
if (
|
||||
process.env.OAUTH_ALLOWED_LOGINS &&
|
||||
@ -113,7 +117,7 @@ module.exports = {
|
||||
!process.env.AD_ALLOWED_LOGINS.split(',').find(x => x.toLowerCase().trim() == login.toLowerCase().trim())
|
||||
) {
|
||||
return { error: `Username ${login} not allowed to log in` };
|
||||
}
|
||||
}
|
||||
return {
|
||||
accessToken: jwt.sign({ login }, tokenSecret, { expiresIn: getTokenLifetime() }),
|
||||
};
|
||||
@ -129,7 +133,7 @@ module.exports = {
|
||||
if (!logins) {
|
||||
return { error: 'Logins not configured' };
|
||||
}
|
||||
const foundLogin = logins.find(x => x.login == login)
|
||||
const foundLogin = logins.find(x => x.login == login);
|
||||
if (foundLogin && foundLogin.password == password) {
|
||||
return {
|
||||
accessToken: jwt.sign({ login }, tokenSecret, { expiresIn: getTokenLifetime() }),
|
||||
|
||||
@ -48,6 +48,7 @@ module.exports = {
|
||||
login,
|
||||
oauth: process.env.OAUTH_AUTH,
|
||||
oauthClient: process.env.OAUTH_CLIENT_ID,
|
||||
oauthScope: process.env.OAUTH_SCOPE,
|
||||
oauthLogout: process.env.OAUTH_LOGOUT,
|
||||
isLoginForm: !!process.env.AD_URL || (!!logins && !process.env.BASIC_AUTH),
|
||||
...currentVersion,
|
||||
|
||||
@ -71,19 +71,20 @@ export async function redirectToLogin(config = null, force = false) {
|
||||
|
||||
if (config.oauth) {
|
||||
const state = `dbg-oauth:${Math.random().toString().substr(2)}`;
|
||||
const scopeParam = config.oauthScope ? `&scope=${config.oauthScope}` : '';
|
||||
sessionStorage.setItem('oauthState', state);
|
||||
console.log('Redirecting to OAUTH provider');
|
||||
location.replace(
|
||||
`${config.oauth}?client_id=${config.oauthClient}&response_type=code&redirect_uri=${encodeURIComponent(
|
||||
location.origin + location.pathname
|
||||
)}&state=${encodeURIComponent(state)}`
|
||||
)}&state=${encodeURIComponent(state)}${scopeParam}`
|
||||
);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
export function internalRedirectTo(path) {
|
||||
const index = location.pathname.lastIndexOf('/');
|
||||
const index = location.pathname.lastIndexOf('/');
|
||||
const newPath = index >= 0 ? location.pathname.substring(0, index) + path : path;
|
||||
location.replace(newPath);
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user