oauth returns access token

package.json

@@ -16,6 +16,7 @@
     "start:app:debug:ssh": "cd app && cross-env DEBUG=ssh yarn start",
     "start:api:portal": "yarn workspace dbgate-api start:portal",
     "start:api:singledb": "yarn workspace dbgate-api start:singledb",
+    "start:api:auth": "yarn workspace dbgate-api start:auth",
     "start:web": "yarn workspace dbgate-web dev",
     "start:sqltree": "yarn workspace dbgate-sqltree start",
     "start:tools": "yarn workspace dbgate-tools start",

packages/api/env/auth/.env

@@ -0,0 +1,4 @@
+DEVMODE=1
+OAUTH=http://auth.metrostav.vychozi.cz/auth/realms/metrostav/protocol/openid-connect
+OAUTH_CLIENT_ID=dbgate
+OAUTH_CLIENT_SECRET=ffd5634b-b60a-4c3a-bbec-b4144c73ea2a

packages/api/package.json

@@ -57,6 +57,7 @@
     "start": "env-cmd node src/index.js --listen-api",
     "start:portal": "env-cmd -f env/portal/.env node src/index.js --listen-api",
     "start:singledb": "env-cmd -f env/singledb/.env node src/index.js --listen-api",
+    "start:auth": "env-cmd -f env/auth/.env node src/index.js --listen-api",
     "start:filedb": "env-cmd node src/index.js /home/jena/test/chinook/Chinook.db --listen-api",
     "start:singleconn": "env-cmd node src/index.js --server localhost --user root --port 3307 --engine mysql@dbgate-plugin-mysql --password test --listen-api",
     "ts": "tsc",

packages/api/src/controllers/auth.js

@@ -0,0 +1,17 @@
+const axios = require('axios');
+
+module.exports = {
+  oauthToken_meta: true,
+  async oauthToken(params) {
+    const { redirectUri, code } = params;
+
+    const resp = await axios.default.post(
+      `${process.env.OAUTH}/token`,
+      `grant_type=authorization_code&code=${encodeURIComponent(code)}&redirect_uri=${encodeURIComponent(
+        redirectUri
+      )}&client_id=${process.env.OAUTH_CLIENT_ID}&client_secret=${process.env.OAUTH_CLIENT_SECRET}`
+    );
+
+    return resp.data;
+  },
+};

packages/api/src/controllers/config.js

@@ -40,6 +40,7 @@ module.exports = {
       isDocker: platformInfo.isDocker,
       permissions,
       login,
+      oauth: process.env.OAUTH,
       ...currentVersion,
     };
   },

packages/api/src/main.js

@@ -20,6 +20,7 @@ const jsldata = require('./controllers/jsldata');
 const config = require('./controllers/config');
 const archive = require('./controllers/archive');
 const apps = require('./controllers/apps');
+const auth = require('./controllers/auth');
 const uploads = require('./controllers/uploads');
 const plugins = require('./controllers/plugins');
 const files = require('./controllers/files');
@@ -157,6 +158,7 @@ function useAllControllers(app, electron) {
   useController(app, electron, '/scheduler', scheduler);
   useController(app, electron, '/query-history', queryHistory);
   useController(app, electron, '/apps', apps);
+  useController(app, electron, '/auth', auth);
 }
 
 function setElectronSender(electronSender) {

packages/web/src/App.svelte

@@ -24,6 +24,34 @@
   let loadedApi = false;
   let loadedPlugins = false;
 
+  async function handleAuth(config) {
+    if (config.oauth) {
+      const params = new URLSearchParams(location.search);
+      const sentCode = params.get('code');
+      const sentState = params.get('state');
+      if (
+        sentCode &&
+        sentState &&
+        sentState.startsWith('dbg-oauth:') &&
+        sentState == sessionStorage.getItem('oauthState')
+      ) {
+        const accessToken = await apiCall('auth/oauth-token', {
+          code: sentCode,
+          redirectUri: location.origin,
+        });
+        console.log('TOKEN', accessToken);
+      } else {
+        const state = `dbg-oauth:${Math.random().toString().substr(2)}`;
+        sessionStorage.setItem('oauthState', state);
+        location.replace(
+          `${config.oauth}/auth?client_id=dbgate&response_type=code&redirect_uri=${encodeURIComponent(
+            location.origin
+          )}&state=${encodeURIComponent(state)}`
+        );
+      }
+    }
+  }
+
   async function loadApi() {
     // if (shouldWaitForElectronInitialize()) {
     //   setTimeout(loadApi, 100);
@@ -36,6 +64,7 @@
       const connections = await apiCall('connections/list');
       const settings = await getSettings();
       const config = await getConfig();
+      handleAuth(config);
       const apps = await getUsedApps();
       loadedApi = settings && connections && config && apps;
 

packages/web/src/main.ts

@@ -4,6 +4,22 @@ import './utility/changeCurrentDbByTab';
 import './commands/stdCommands';
 import localStorageGarbageCollector from './utility/localStorageGarbageCollector';
 
+const params = new URLSearchParams(location.search);
+console.log('CODE', params.get('code'));
+// console.log(
+//   `http://auth.metrostav.vychozi.cz/auth/realms/metrostav/protocol/openid-connect/auth?client_id=dbgate&response_type=code&redirect_uri=${encodeURIComponent(
+//     'http://localhost:5001/oauth-redirect'
+//   )}&state=1234`
+// );
+
+console.log(location);
+
+// location.replace(
+//   `http://auth.metrostav.vychozi.cz/auth/realms/metrostav/protocol/openid-connect/auth?client_id=dbgate&response_type=code&redirect_uri=${encodeURIComponent(
+//     'http://localhost:5001/'
+//   )}&state=1234`
+// );
+
 localStorageGarbageCollector();
 
 const app = new App({