oauth returns access token

2024-11-07 20:26:23 +00:00 · 2022-11-14 21:20:58 +01:00 · 2022-11-14 21:20:58 +01:00 · f42d78b2fb
commit f42d78b2fb
parent 792fa75ccd
8 changed files with 71 additions and 0 deletions
--- a/package.json
+++ b/package.json
@ -16,6 +16,7 @@
    "start:app:debug:ssh": "cd app && cross-env DEBUG=ssh yarn start",
    "start:api:portal": "yarn workspace dbgate-api start:portal",
    "start:api:singledb": "yarn workspace dbgate-api start:singledb",
+    "start:api:auth": "yarn workspace dbgate-api start:auth",
    "start:web": "yarn workspace dbgate-web dev",
    "start:sqltree": "yarn workspace dbgate-sqltree start",
    "start:tools": "yarn workspace dbgate-tools start",
--- a/packages/api/env/auth/.env
+++ b/packages/api/env/auth/.env
@ -0,0 +1,4 @@
+DEVMODE=1
+OAUTH=http://auth.metrostav.vychozi.cz/auth/realms/metrostav/protocol/openid-connect
+OAUTH_CLIENT_ID=dbgate
+OAUTH_CLIENT_SECRET=ffd5634b-b60a-4c3a-bbec-b4144c73ea2a
--- a/packages/api/package.json
+++ b/packages/api/package.json
@ -57,6 +57,7 @@
    "start": "env-cmd node src/index.js --listen-api",
    "start:portal": "env-cmd -f env/portal/.env node src/index.js --listen-api",
    "start:singledb": "env-cmd -f env/singledb/.env node src/index.js --listen-api",
+    "start:auth": "env-cmd -f env/auth/.env node src/index.js --listen-api",
    "start:filedb": "env-cmd node src/index.js /home/jena/test/chinook/Chinook.db --listen-api",
    "start:singleconn": "env-cmd node src/index.js --server localhost --user root --port 3307 --engine mysql@dbgate-plugin-mysql --password test --listen-api",
    "ts": "tsc",
--- a/packages/api/src/controllers/auth.js
+++ b/packages/api/src/controllers/auth.js
@ -0,0 +1,17 @@
+const axios = require('axios');
+
+module.exports = {
+  oauthToken_meta: true,
+  async oauthToken(params) {
+    const { redirectUri, code } = params;
+
+    const resp = await axios.default.post(
+      `${process.env.OAUTH}/token`,
+      `grant_type=authorization_code&code=${encodeURIComponent(code)}&redirect_uri=${encodeURIComponent(
+        redirectUri
+      )}&client_id=${process.env.OAUTH_CLIENT_ID}&client_secret=${process.env.OAUTH_CLIENT_SECRET}`
+    );
+
+    return resp.data;
+  },
+};
--- a/packages/api/src/controllers/config.js
+++ b/packages/api/src/controllers/config.js
@ -40,6 +40,7 @@ module.exports = {
      isDocker: platformInfo.isDocker,
      permissions,
      login,
+      oauth: process.env.OAUTH,
      ...currentVersion,
    };
  },
--- a/packages/api/src/main.js
+++ b/packages/api/src/main.js
@ -20,6 +20,7 @@ const jsldata = require('./controllers/jsldata');
 const config = require('./controllers/config');
 const archive = require('./controllers/archive');
 const apps = require('./controllers/apps');
+const auth = require('./controllers/auth');
 const uploads = require('./controllers/uploads');
 const plugins = require('./controllers/plugins');
 const files = require('./controllers/files');
@ -157,6 +158,7 @@ function useAllControllers(app, electron) {
  useController(app, electron, '/scheduler', scheduler);
  useController(app, electron, '/query-history', queryHistory);
  useController(app, electron, '/apps', apps);
+  useController(app, electron, '/auth', auth);
 }

 function setElectronSender(electronSender) {
--- a/packages/web/src/App.svelte
+++ b/packages/web/src/App.svelte
@ -24,6 +24,34 @@
  let loadedApi = false;
  let loadedPlugins = false;

+  async function handleAuth(config) {
+    if (config.oauth) {
+      const params = new URLSearchParams(location.search);
+      const sentCode = params.get('code');
+      const sentState = params.get('state');
+      if (
+        sentCode &&
+        sentState &&
+        sentState.startsWith('dbg-oauth:') &&
+        sentState == sessionStorage.getItem('oauthState')
+      ) {
+        const accessToken = await apiCall('auth/oauth-token', {
+          code: sentCode,
+          redirectUri: location.origin,
+        });
+        console.log('TOKEN', accessToken);
+      } else {
+        const state = `dbg-oauth:${Math.random().toString().substr(2)}`;
+        sessionStorage.setItem('oauthState', state);
+        location.replace(
+          `${config.oauth}/auth?client_id=dbgate&response_type=code&redirect_uri=${encodeURIComponent(
+            location.origin
+          )}&state=${encodeURIComponent(state)}`
+        );
+      }
+    }
+  }
+
  async function loadApi() {
    // if (shouldWaitForElectronInitialize()) {
    //   setTimeout(loadApi, 100);
@ -36,6 +64,7 @@
      const connections = await apiCall('connections/list');
      const settings = await getSettings();
      const config = await getConfig();
+      handleAuth(config);
      const apps = await getUsedApps();
      loadedApi = settings && connections && config && apps;

--- a/packages/web/src/main.ts
+++ b/packages/web/src/main.ts
@ -4,6 +4,22 @@ import './utility/changeCurrentDbByTab';
 import './commands/stdCommands';
 import localStorageGarbageCollector from './utility/localStorageGarbageCollector';

+const params = new URLSearchParams(location.search);
+console.log('CODE', params.get('code'));
+// console.log(
+//   `http://auth.metrostav.vychozi.cz/auth/realms/metrostav/protocol/openid-connect/auth?client_id=dbgate&response_type=code&redirect_uri=${encodeURIComponent(
+//     'http://localhost:5001/oauth-redirect'
+//   )}&state=1234`
+// );
+
+console.log(location);
+
+// location.replace(
+//   `http://auth.metrostav.vychozi.cz/auth/realms/metrostav/protocol/openid-connect/auth?client_id=dbgate&response_type=code&redirect_uri=${encodeURIComponent(
+//     'http://localhost:5001/'
+//   )}&state=1234`
+// );
+
 localStorageGarbageCollector();

 const app = new App({