backend/source/auth.ts


namespace _zeitbild.auth
{
	
	/**
	 */
	let _subject : (
		null
		|
		lib_plankton.auth.type_auth<any, any, any>
	) = null;
	
	
	
	/**
	 */
	let _subject_oidc : (null | lib_plankton.auth.oidc.type_subject) = null;

	
	
	/**
	 */
	let _oidc_redict_uri_template_map : (
		null
		|
		lib_plankton.map.type_map<string, string>
	) = null;
	
	
	/**
	 */
	export function oidc_get_redirect_uri_template(
		key : string
	) : string
	{
		if (_oidc_redict_uri_template_map === null) {
			throw (new Error("apparently not initialized yet"));
		}
		else {
			return _oidc_redict_uri_template_map.get(key);
		}
	}
	
	
	/**
	 */
	export function init(
	) : Promise<void>
	{
		switch (_zeitbild.conf.get().authentication.kind) {
			case "internal": {
				_subject = lib_plankton.auth.internal.implementation_auth(
					{
						"password_image_chest": {
							"setup": (input) => Promise.resolve<void>(undefined),
							"clear": () => Promise.reject<void>("not implemented"),
							"write": (key, item) => _zeitbild.repository.auth_internal.write(key, item),
							"delete": (key) => _zeitbild.repository.auth_internal.delete_(key),
							"read": (key) => _zeitbild.repository.auth_internal.read(key),
							"search": (term) => Promise.reject<any>("not implemented"),
						},
						"check_password": (image, input) => _zeitbild.service.auth_internal.check_raw(image, input),
					}
				);
				break;
			}
			case "oidc": {
				_subject_oidc = lib_plankton.auth.oidc.make(
					{
						"url_authorization": _zeitbild.conf.get().authentication.data.url_authorization,
						"url_token": _zeitbild.conf.get().authentication.data.url_token,
						"url_userinfo": _zeitbild.conf.get().authentication.data.url_userinfo,
						"client_id": _zeitbild.conf.get().authentication.data.client_id,
						"client_secret": _zeitbild.conf.get().authentication.data.client_secret,
						"url_redirect": (_zeitbild.conf.get().authentication.data.backend_url_base + "/session/oidc"),
						"scopes": [
							"openid",
							"profile",
							"email",
						],
						"label": _zeitbild.conf.get().authentication.data.label,
					}
				);
				_oidc_redict_uri_template_map = lib_plankton.map.simplemap.implementation_map(
					lib_plankton.map.simplemap.make(
					)
				);
				// TODO
				return Promise.resolve(undefined);
				break;
			}
			default: {
				// do nothing
				break;
			}
		}
		return Promise.resolve<void>(undefined);
	}
	
	
	/**
	 */
	export function prepare(
		input : any
	) : Promise<{kind : string; data : any;}>
	{
		switch (_zeitbild.conf.get().authentication.kind) {
			case "oidc": {
				if (_subject_oidc === null) {
					throw (new Error("not initialized yet"));
				}
				else {
					const stuff : {state : string; authorization_url : string;} = lib_plankton.auth.oidc.prepare_login(_subject_oidc);
					_oidc_redict_uri_template_map.set(
						stuff.state,
						input["oidc_redirect_uri_template"]
					);
					return Promise.resolve(
						{
							"kind": "oidc",
							"data": {
								"url": stuff.authorization_url,
								"label": _zeitbild.conf.get().authentication.data.label,
							}
						}
					);
				}
				break;
			}
			default: {
				if (_subject === null) {
					return Promise.reject(new Error("not initialized yet"));
				}
				else {
					return (
						_subject.login_prepare()
						.then(
							(data : any) => ({
								"kind": _zeitbild.conf.get().authentication.kind,
								"data": data,
							})
						)
					);
				}
				break;
			}
		}
	}
	
	
	/**
	 */
	export function oidc_handle_authorization_callback(
		cookie : (null | string),
		data : Record<string, string>
	) : Promise<
		{
			token : string;
			userinfo : {
				name : (null | string);
				email : (null | string);
			};
			redirect_uri_template : string;
		}
	>
	{
		const state : string = data["state"];
		const result : {
			token : string;
			userinfo : {
				name : (null | string);
				email : (null | string);
			};
		} = await lib_plankton.auth.oidc.handle_authorization_callback(
			_oidc_subject,
			cookie,
			data
		);
		return Promise.resolve<
			{
				token : string;
				userinfo : {
					name : (null | string);
					email : (null | string);
				};
				redirect_uri_template : string;
			}
		>(
			{
				"token": result.token,
				"userinfo": result.userinfo,
				"redirect_uri_template": _oidc_redict_uri_template_map.get(state),
			}
		)
	}
	
}
[mod] 2024-09-18 18:17:25 +02:00
			`namespace _zeitbild.auth`
			`{`

			`/**`
[mod] oidc!!! 2024-09-19 13:34:07 +02:00			`*/`
[mod] 2024-09-18 18:17:25 +02:00			`let _subject : (`
			`null`
			`\|`
[mod] oidc!!! 2024-09-19 13:34:07 +02:00			`lib_plankton.auth.type_auth<any, any, any>`
[mod] 2024-09-18 18:17:25 +02:00			`) = null;`


[mod] auth:oidc 2024-10-20 14:26:15 +02:00
			`/**`
			`*/`
			`let _subject_oidc : (null \| lib_plankton.auth.oidc.type_subject) = null;`



[mod] auth:oidc zum laufen gebracht, muss aber noch besser angebunden und abstrahier werden 2024-09-26 18:59:46 +02:00			`/**`
			`*/`
			`let _oidc_redict_uri_template_map : (`
			`null`
			`\|`
			`lib_plankton.map.type_map<string, string>`
			`) = null;`


			`/**`
			`*/`
			`export function oidc_get_redirect_uri_template(`
			`key : string`
			`) : string`
			`{`
			`if (_oidc_redict_uri_template_map === null) {`
			`throw (new Error("apparently not initialized yet"));`
			`}`
			`else {`
			`return _oidc_redict_uri_template_map.get(key);`
			`}`
			`}`


[mod] 2024-09-18 18:17:25 +02:00			`/**`
			`*/`
			`export function init(`
			`) : Promise<void>`
			`{`
[mod] oidc!!! 2024-09-19 13:34:07 +02:00			`switch (_zeitbild.conf.get().authentication.kind) {`
[mod] 2024-09-18 18:17:25 +02:00			`case "internal": {`
			`_subject = lib_plankton.auth.internal.implementation_auth(`
			`{`
[mod] oidc!!! 2024-09-19 13:34:07 +02:00			`"password_image_chest": {`
			`"setup": (input) => Promise.resolve<void>(undefined),`
			`"clear": () => Promise.reject<void>("not implemented"),`
			`"write": (key, item) => _zeitbild.repository.auth_internal.write(key, item),`
			`"delete": (key) => _zeitbild.repository.auth_internal.delete_(key),`
			`"read": (key) => _zeitbild.repository.auth_internal.read(key),`
			`"search": (term) => Promise.reject<any>("not implemented"),`
			`},`
			`"check_password": (image, input) => _zeitbild.service.auth_internal.check_raw(image, input),`
[mod] 2024-09-18 18:17:25 +02:00			`}`
			`);`
[mod] oidc!!! 2024-09-19 13:34:07 +02:00			`break;`
[mod] 2024-09-18 18:17:25 +02:00			`}`
			`case "oidc": {`
[mod] auth:oidc 2024-10-20 14:26:15 +02:00			`_subject_oidc = lib_plankton.auth.oidc.make(`
			`{`
			`"url_authorization": _zeitbild.conf.get().authentication.data.url_authorization,`
			`"url_token": _zeitbild.conf.get().authentication.data.url_token,`
			`"url_userinfo": _zeitbild.conf.get().authentication.data.url_userinfo,`
			`"client_id": _zeitbild.conf.get().authentication.data.client_id,`
			`"client_secret": _zeitbild.conf.get().authentication.data.client_secret,`
			`"url_redirect": (_zeitbild.conf.get().authentication.data.backend_url_base + "/session/oidc"),`
			`"scopes": [`
			`"openid",`
			`"profile",`
			`"email",`
			`],`
			`"label": _zeitbild.conf.get().authentication.data.label,`
			`}`
			`);`
[mod] auth:oidc zum laufen gebracht, muss aber noch besser angebunden und abstrahier werden 2024-09-26 18:59:46 +02:00			`_oidc_redict_uri_template_map = lib_plankton.map.simplemap.implementation_map(`
			`lib_plankton.map.simplemap.make(`
			`)`
[mod] 2024-09-18 18:17:25 +02:00			`);`
[mod] auth:oidc zum laufen gebracht, muss aber noch besser angebunden und abstrahier werden 2024-09-26 18:59:46 +02:00			`// TODO`
			`return Promise.resolve(undefined);`
[mod] oidc!!! 2024-09-19 13:34:07 +02:00			`break;`
[mod] 2024-09-18 18:17:25 +02:00			`}`
			`default: {`
			`// do nothing`
			`break;`
			`}`
			`}`
			`return Promise.resolve<void>(undefined);`
			`}`


			`/**`
[mod] oidc!!! 2024-09-19 13:34:07 +02:00			`*/`
[mod] 2024-09-18 18:17:25 +02:00			`export function prepare(`
[mod] auth:oidc zum laufen gebracht, muss aber noch besser angebunden und abstrahier werden 2024-09-26 18:59:46 +02:00			`input : any`
[mod] 2024-09-18 18:17:25 +02:00			`) : Promise<{kind : string; data : any;}>`
			`{`
[mod] auth:oidc zum laufen gebracht, muss aber noch besser angebunden und abstrahier werden 2024-09-26 18:59:46 +02:00			`switch (_zeitbild.conf.get().authentication.kind) {`
			`case "oidc": {`
[mod] auth:oidc 2024-10-20 14:26:15 +02:00			`if (_subject_oidc === null) {`
			`throw (new Error("not initialized yet"));`
[mod] auth:oidc zum laufen gebracht, muss aber noch besser angebunden und abstrahier werden 2024-09-26 18:59:46 +02:00			`}`
			`else {`
[mod] auth:oidc 2024-10-20 14:26:15 +02:00			`const stuff : {state : string; authorization_url : string;} = lib_plankton.auth.oidc.prepare_login(_subject_oidc);`
[mod] auth:oidc zum laufen gebracht, muss aber noch besser angebunden und abstrahier werden 2024-09-26 18:59:46 +02:00			`_oidc_redict_uri_template_map.set(`
[mod] auth:oidc 2024-10-20 14:26:15 +02:00			`stuff.state,`
[mod] auth:oidc zum laufen gebracht, muss aber noch besser angebunden und abstrahier werden 2024-09-26 18:59:46 +02:00			`input["oidc_redirect_uri_template"]`
			`);`
			`return Promise.resolve(`
			`{`
			`"kind": "oidc",`
			`"data": {`
[mod] auth:oidc 2024-10-20 14:26:15 +02:00			`"url": stuff.authorization_url,`
			`"label": _zeitbild.conf.get().authentication.data.label,`
[mod] auth:oidc zum laufen gebracht, muss aber noch besser angebunden und abstrahier werden 2024-09-26 18:59:46 +02:00			`}`
			`}`
			`);`
			`}`
			`break;`
			`}`
			`default: {`
			`if (_subject === null) {`
			`return Promise.reject(new Error("not initialized yet"));`
			`}`
			`else {`
			`return (`
			`_subject.login_prepare()`
			`.then(`
			`(data : any) => ({`
			`"kind": _zeitbild.conf.get().authentication.kind,`
			`"data": data,`
			`})`
			`)`
			`);`
			`}`
			`break;`
			`}`
[mod] oidc!!! 2024-09-19 13:34:07 +02:00			`}`
[mod] 2024-09-18 18:17:25 +02:00			`}`


			`/**`
[mod] oidc!!! 2024-09-19 13:34:07 +02:00			`*/`
[mod] auth:oidc 2024-10-20 14:26:15 +02:00			`export function oidc_handle_authorization_callback(`
			`cookie : (null \| string),`
			`data : Record<string, string>`
			`) : Promise<`
			`{`
			`token : string;`
			`userinfo : {`
			`name : (null \| string);`
			`email : (null \| string);`
			`};`
			`redirect_uri_template : string;`
[mod] oidc!!! 2024-09-19 13:34:07 +02:00			`}`
[mod] auth:oidc 2024-10-20 14:26:15 +02:00			`>`
[mod] 2024-09-18 18:17:25 +02:00			`{`
[mod] auth:oidc 2024-10-20 14:26:15 +02:00			`const state : string = data["state"];`
			`const result : {`
			`token : string;`
			`userinfo : {`
			`name : (null \| string);`
			`email : (null \| string);`
			`};`
			`} = await lib_plankton.auth.oidc.handle_authorization_callback(`
			`_oidc_subject,`
			`cookie,`
			`data`
			`);`
			`return Promise.resolve<`
			`{`
			`token : string;`
			`userinfo : {`
			`name : (null \| string);`
			`email : (null \| string);`
			`};`
			`redirect_uri_template : string;`
			`}`
			`>(`
			`{`
			`"token": result.token,`
			`"userinfo": result.userinfo,`
			`"redirect_uri_template": _oidc_redict_uri_template_map.get(state),`
			`}`
			`)`
[mod] 2024-09-18 18:17:25 +02:00			`}`
[mod] oidc!!! 2024-09-19 13:34:07 +02:00
[mod] 2024-09-18 18:17:25 +02:00			`}`