-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathmodel.js
More file actions
116 lines (95 loc) · 2.69 KB
/
model.js
File metadata and controls
116 lines (95 loc) · 2.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
const enabledScopes = ['read', 'write'];
const getUserDoc = () => ({ id: 'system' });
function createModel (db) {
async function getClient (clientId, clientSecret) {
return db.findClient(clientId, clientSecret);
}
async function validateScope (user, client, scope) {
if (!user || user.id !== 'system') {
return false;
}
if (!client || !db.findClientById(client.id)) {
return false;
}
if (typeof scope === 'string') {
return enabledScopes.includes(scope) ? [scope] : false;
} else {
return scope.every(s => enabledScopes.includes(s)) ? scope : false;
}
}
async function getUserFromClient (_client) {
// In this setup we don't have any users, so
// we return an object, representing a "system" user
// and avoid creating any user documents.
// The user document is nowhere relevant for accessing resources,
// so we can safely use it like this.
const client = db.findClient(_client.id, _client.secret);
return client && getUserDoc();
}
async function saveToken (token, client, user) {
const meta = {
clientId: client.id,
userId: user.id,
scope: token.scope,
accessTokenExpiresAt: token.accessTokenExpiresAt,
refreshTokenExpiresAt: token.refreshTokenExpiresAt
};
token.client = client;
token.user = user;
if (token.accessToken) {
db.saveAccessToken(token.accessToken, meta);
}
if (token.refreshToken) {
db.saveRefreshToken(token.refreshToken, meta);
}
return token;
}
async function getAccessToken (accessToken) {
const meta = db.findAccessToken(accessToken);
if (!meta) {
return false;
}
return {
accessToken,
accessTokenExpiresAt: meta.accessTokenExpiresAt,
user: getUserDoc(),
client: db.findClientById(meta.clientId),
scope: meta.scope
};
}
async function getRefreshToken (refreshToken) {
const meta = db.findRefreshToken(refreshToken);
if (!meta) {
return false;
}
return {
refreshToken,
refreshTokenExpiresAt: meta.refreshTokenExpiresAt,
user: getUserDoc(),
client: db.findClientById(meta.clientId),
scope: meta.scope
};
}
async function revokeToken (token) {
db.deleteRefreshToken(token.refreshToken);
return true;
}
async function verifyScope (token, scope) {
if (typeof scope === 'string') {
return enabledScopes.includes(scope);
} else {
return scope.every(s => enabledScopes.includes(s));
}
}
return {
getClient,
saveToken,
getAccessToken,
getRefreshToken,
revokeToken,
validateScope,
verifyScope,
getUserFromClient
};
}
module.exports = createModel;