namespace _zeitbild.auth { /** */ let _subject : ( null | lib_plankton.auth.type_auth ) = null; /** */ let _subject_oidc : (null | lib_plankton.auth.oidc.type_subject) = null; /** */ let _oidc_redict_uri_template_map : ( null | lib_plankton.map.type_map ) = null; /** */ export function oidc_get_redirect_uri_template( key : string ) : string { if (_oidc_redict_uri_template_map === null) { throw (new Error("apparently not initialized yet")); } else { return _oidc_redict_uri_template_map.get(key); } } /** */ export function init( ) : Promise { switch (_zeitbild.conf.get().authentication.kind) { case "internal": { _subject = lib_plankton.auth.internal.implementation_auth( { "password_image_chest": { "setup": (input) => Promise.resolve(undefined), "clear": () => Promise.reject("not implemented"), "write": (key, item) => _zeitbild.repository.auth_internal.write(key, item), "delete": (key) => _zeitbild.repository.auth_internal.delete_(key), "read": (key) => _zeitbild.repository.auth_internal.read(key), "search": (term) => Promise.reject("not implemented"), }, "check_password": (image, input) => _zeitbild.service.auth_internal.check_raw(image, input), } ); break; } case "oidc": { _subject_oidc = lib_plankton.auth.oidc.make( { "url_authorization": _zeitbild.conf.get().authentication.data.url_authorization, "url_token": _zeitbild.conf.get().authentication.data.url_token, "url_userinfo": _zeitbild.conf.get().authentication.data.url_userinfo, "client_id": _zeitbild.conf.get().authentication.data.client_id, "client_secret": _zeitbild.conf.get().authentication.data.client_secret, "url_redirect": (_zeitbild.conf.get().authentication.data.backend_url_base + "/session/oidc"), "scopes": [ "openid", "profile", "email", ], "label": _zeitbild.conf.get().authentication.data.label, } ); _oidc_redict_uri_template_map = lib_plankton.map.simplemap.implementation_map( lib_plankton.map.simplemap.make( ) ); // TODO return Promise.resolve(undefined); break; } default: { // do nothing break; } } return Promise.resolve(undefined); } /** */ export function prepare( input : any ) : Promise<{kind : string; data : any;}> { switch (_zeitbild.conf.get().authentication.kind) { case "oidc": { if ((_subject_oidc === null) || (_oidc_redict_uri_template_map === null)) { throw (new Error("not initialized yet")); } else { const stuff : {state : string; authorization_url : string;} = lib_plankton.auth.oidc.prepare_login(_subject_oidc); _oidc_redict_uri_template_map.set( stuff.state, input["oidc_redirect_uri_template"] ); return Promise.resolve( { "kind": "oidc", "data": { "url": stuff.authorization_url, "label": _zeitbild.conf.get().authentication.data.label, } } ); } break; } default: { if (_subject === null) { return Promise.reject(new Error("not initialized yet")); } else { return ( _subject.login_prepare() .then( (data : any) => ({ "kind": _zeitbild.conf.get().authentication.kind, "data": data, }) ) ); } break; } } } /** */ export async function oidc_handle_authorization_callback( cookie : (null | string), data : Record ) : Promise< { token : string; userinfo : { name : (null | string); email : (null | string); }; redirect_uri_template : string; } > { if ((_subject_oidc === null) || (_oidc_redict_uri_template_map === null)) { throw (new Error("not initialized yet")); } else { const state : string = data["state"]; const result : { token : string; userinfo : { name : (null | string); email : (null | string); }; } = await lib_plankton.auth.oidc.handle_authorization_callback( _subject_oidc, cookie, data ); return Promise.resolve< { token : string; userinfo : { name : (null | string); email : (null | string); }; redirect_uri_template : string; } >( { "token": result.token, "userinfo": result.userinfo, "redirect_uri_template": _oidc_redict_uri_template_map.get(state), } ); } } }