accessToken per subdomain
This commit is contained in:
Tom Moor
@@ -1,11 +1,10 @@
|
||||
// @flow
|
||||
import crypto from 'crypto';
|
||||
import Router from 'koa-router';
|
||||
import addMonths from 'date-fns/add_months';
|
||||
import { stripSubdomain } from '../../shared/utils/domains';
|
||||
import { capitalize } from 'lodash';
|
||||
import { OAuth2Client } from 'google-auth-library';
|
||||
import { User, Team } from '../models';
|
||||
import auth from '../middlewares/authentication';
|
||||
|
||||
const router = new Router();
|
||||
const client = new OAuth2Client(
|
||||
@@ -30,7 +29,7 @@ router.get('google', async ctx => {
|
||||
});
|
||||
|
||||
// signin callback from Google
|
||||
router.get('google.callback', async ctx => {
|
||||
router.get('google.callback', auth({ required: false }), async ctx => {
|
||||
const { code } = ctx.request.query;
|
||||
ctx.assertPresent(code, 'code is required');
|
||||
const response = await client.getToken(code);
|
||||
@@ -103,21 +102,8 @@ router.get('google.callback', async ctx => {
|
||||
}
|
||||
}
|
||||
|
||||
// not awaiting the promise here so that the request is not blocked
|
||||
user.updateSignedIn(ctx.request.ip);
|
||||
|
||||
ctx.cookies.set('lastSignedIn', 'google', {
|
||||
httpOnly: false,
|
||||
expires: new Date('2100'),
|
||||
domain: stripSubdomain(ctx.request.hostname),
|
||||
});
|
||||
ctx.cookies.set('accessToken', user.getJwtToken(), {
|
||||
httpOnly: false,
|
||||
expires: addMonths(new Date(), 1),
|
||||
domain: stripSubdomain(ctx.request.hostname),
|
||||
});
|
||||
|
||||
ctx.redirect(team.url);
|
||||
// set cookies on response and redirect to team subdomain
|
||||
ctx.signIn(user, team, 'google');
|
||||
});
|
||||
|
||||
export default router;
|
||||
|
||||
@@ -2,9 +2,8 @@
|
||||
import Router from 'koa-router';
|
||||
import auth from '../middlewares/authentication';
|
||||
import addHours from 'date-fns/add_hours';
|
||||
import addMonths from 'date-fns/add_months';
|
||||
import { slackAuth } from '../../shared/utils/routeHelpers';
|
||||
import { stripSubdomain } from '../../shared/utils/domains';
|
||||
import { slackAuth } from '../../shared/utils/routeHelpers';
|
||||
import { Authentication, Integration, User, Team } from '../models';
|
||||
import * as Slack from '../slack';
|
||||
|
||||
@@ -25,7 +24,7 @@ router.get('slack', async ctx => {
|
||||
});
|
||||
|
||||
// signin callback from Slack
|
||||
router.get('slack.callback', async ctx => {
|
||||
router.get('slack.callback', auth({ required: false }), async ctx => {
|
||||
const { code, error, state } = ctx.request.query;
|
||||
ctx.assertPresent(code || error, 'code is required');
|
||||
ctx.assertPresent(state, 'state is required');
|
||||
@@ -72,21 +71,8 @@ router.get('slack.callback', async ctx => {
|
||||
}
|
||||
}
|
||||
|
||||
// not awaiting the promise here so that the request is not blocked
|
||||
user.updateSignedIn(ctx.request.ip);
|
||||
|
||||
ctx.cookies.set('lastSignedIn', 'slack', {
|
||||
httpOnly: false,
|
||||
expires: new Date('2100'),
|
||||
domain: stripSubdomain(ctx.request.hostname),
|
||||
});
|
||||
ctx.cookies.set('accessToken', user.getJwtToken(), {
|
||||
httpOnly: false,
|
||||
expires: addMonths(new Date(), 1),
|
||||
domain: stripSubdomain(ctx.request.hostname),
|
||||
});
|
||||
|
||||
ctx.redirect(team.url);
|
||||
// set cookies on response and redirect to team subdomain
|
||||
ctx.signIn(user, team, 'slack');
|
||||
});
|
||||
|
||||
router.get('slack.commands', auth(), async ctx => {
|
||||
|
||||
@@ -3,6 +3,8 @@ import JWT from 'jsonwebtoken';
|
||||
import { type Context } from 'koa';
|
||||
import { User, ApiKey } from '../models';
|
||||
import { AuthenticationError, UserSuspendedError } from '../errors';
|
||||
import addMonths from 'date-fns/add_months';
|
||||
import { stripSubdomain } from '../../shared/utils/domains';
|
||||
|
||||
export default function auth(options?: { required?: boolean } = {}) {
|
||||
return async function authMiddleware(ctx: Context, next: () => Promise<*>) {
|
||||
@@ -28,8 +30,6 @@ export default function auth(options?: { required?: boolean } = {}) {
|
||||
token = ctx.body.token;
|
||||
} else if (ctx.request.query.token) {
|
||||
token = ctx.request.query.token;
|
||||
} else if (ctx.cookies.get('accessToken')) {
|
||||
token = ctx.cookies.get('accessToken');
|
||||
}
|
||||
|
||||
if (!token && options.required !== false) {
|
||||
@@ -90,6 +90,33 @@ export default function auth(options?: { required?: boolean } = {}) {
|
||||
ctx.cache[user.id] = user;
|
||||
}
|
||||
|
||||
ctx.signIn = (user, team, service) => {
|
||||
// not awaiting the promise here so that the request is not blocked
|
||||
user.updateSignedIn(ctx.request.ip);
|
||||
|
||||
const existing = JSON.parse(ctx.cookies.get('sessions') || '{}');
|
||||
const domain = stripSubdomain(ctx.request.hostname);
|
||||
const sessions = JSON.stringify({
|
||||
...existing,
|
||||
[team.subdomain || 'root']: {
|
||||
name: team.name,
|
||||
logo: team.logo,
|
||||
accessToken: user.getJwtToken(),
|
||||
},
|
||||
});
|
||||
ctx.cookies.set('lastSignedIn', service, {
|
||||
httpOnly: false,
|
||||
expires: new Date('2100'),
|
||||
domain,
|
||||
});
|
||||
ctx.cookies.set('sessions', sessions, {
|
||||
httpOnly: false,
|
||||
expires: addMonths(new Date(), 3),
|
||||
domain,
|
||||
});
|
||||
ctx.redirect(team.url);
|
||||
};
|
||||
|
||||
return next();
|
||||
};
|
||||
}
|
||||
|
||||
@@ -51,6 +51,11 @@ const Team = sequelize.define(
|
||||
url.host = `${this.subdomain}.${url.host}`;
|
||||
return url.href.replace(/\/$/, '');
|
||||
},
|
||||
logo() {
|
||||
return (
|
||||
this.avatarUrl || (this.slackData ? this.slackData.image_88 : null)
|
||||
);
|
||||
},
|
||||
},
|
||||
}
|
||||
);
|
||||
|
||||
@@ -64,7 +64,7 @@ function Home(props: Props) {
|
||||
</Grid.Unit>
|
||||
<Feature size={{ tablet: 2 / 3 }}>
|
||||
<Screenshot
|
||||
srcset="screenshot.png, screenshot@2x.png 2x"
|
||||
srcSet="screenshot.png, screenshot@2x.png 2x"
|
||||
src="/screenshot@2x.png"
|
||||
alt="Outline Screenshot"
|
||||
/>
|
||||
|
||||
@@ -7,8 +7,7 @@ function present(ctx: Object, team: Team) {
|
||||
return {
|
||||
id: team.id,
|
||||
name: team.name,
|
||||
avatarUrl:
|
||||
team.avatarUrl || (team.slackData ? team.slackData.image_88 : null),
|
||||
avatarUrl: team.logo,
|
||||
slackConnected: !!team.slackId,
|
||||
googleConnected: !!team.googleId,
|
||||
sharing: team.sharing,
|
||||
|
||||
@@ -66,9 +66,21 @@ router.get('/changelog', async ctx => {
|
||||
// home page
|
||||
router.get('/', async ctx => {
|
||||
const lastSignedIn = ctx.cookies.get('lastSignedIn');
|
||||
const accessToken = ctx.cookies.get('accessToken');
|
||||
const sessions = JSON.parse(ctx.cookies.get('sessions') || '{}');
|
||||
const domain = parseDomain(ctx.request.hostname);
|
||||
const subdomain = domain ? domain.subdomain : false;
|
||||
const subdomain = domain ? domain.subdomain : undefined;
|
||||
console.log('domain', domain);
|
||||
console.log('subdomain', subdomain);
|
||||
|
||||
let accessToken;
|
||||
if (subdomain) {
|
||||
accessToken = sessions[subdomain] && sessions[subdomain].accessToken;
|
||||
} else {
|
||||
accessToken = sessions.root
|
||||
? sessions.root.accessToken
|
||||
: ctx.cookies.get('accessToken');
|
||||
}
|
||||
console.log('accessToken', accessToken);
|
||||
|
||||
if (accessToken) {
|
||||
return renderapp(ctx);
|
||||
|
||||
Reference in New Issue
Block a user