202 lines
4.5 KiB
TypeScript
202 lines
4.5 KiB
TypeScript
|
|
namespace _zeitbild.auth
|
|
{
|
|
|
|
/**
|
|
*/
|
|
let _subject : (
|
|
null
|
|
|
|
|
lib_plankton.auth.type_auth<any, any, any>
|
|
) = null;
|
|
|
|
|
|
|
|
/**
|
|
*/
|
|
let _subject_oidc : (null | lib_plankton.auth.oidc.type_subject) = null;
|
|
|
|
|
|
|
|
/**
|
|
*/
|
|
let _oidc_redict_uri_template_map : (
|
|
null
|
|
|
|
|
lib_plankton.map.type_map<string, string>
|
|
) = null;
|
|
|
|
|
|
/**
|
|
*/
|
|
export function oidc_get_redirect_uri_template(
|
|
key : string
|
|
) : string
|
|
{
|
|
if (_oidc_redict_uri_template_map === null) {
|
|
throw (new Error("apparently not initialized yet"));
|
|
}
|
|
else {
|
|
return _oidc_redict_uri_template_map.get(key);
|
|
}
|
|
}
|
|
|
|
|
|
/**
|
|
*/
|
|
export function init(
|
|
) : Promise<void>
|
|
{
|
|
switch (_zeitbild.conf.get().authentication.kind) {
|
|
case "internal": {
|
|
_subject = lib_plankton.auth.internal.implementation_auth(
|
|
{
|
|
"password_image_chest": {
|
|
"setup": (input) => Promise.resolve<void>(undefined),
|
|
"clear": () => Promise.reject<void>("not implemented"),
|
|
"write": (key, item) => _zeitbild.repository.auth_internal.write(key, item),
|
|
"delete": (key) => _zeitbild.repository.auth_internal.delete_(key),
|
|
"read": (key) => _zeitbild.repository.auth_internal.read(key),
|
|
"search": (term) => Promise.reject<any>("not implemented"),
|
|
},
|
|
"check_password": (image, input) => _zeitbild.service.auth_internal.check_raw(image, input),
|
|
}
|
|
);
|
|
break;
|
|
}
|
|
case "oidc": {
|
|
_subject_oidc = lib_plankton.auth.oidc.make(
|
|
{
|
|
"url_authorization": _zeitbild.conf.get().authentication.data.url_authorization,
|
|
"url_token": _zeitbild.conf.get().authentication.data.url_token,
|
|
"url_userinfo": _zeitbild.conf.get().authentication.data.url_userinfo,
|
|
"client_id": _zeitbild.conf.get().authentication.data.client_id,
|
|
"client_secret": _zeitbild.conf.get().authentication.data.client_secret,
|
|
"url_redirect": (_zeitbild.conf.get().authentication.data.backend_url_base + "/session/oidc"),
|
|
"scopes": [
|
|
"openid",
|
|
"profile",
|
|
"email",
|
|
],
|
|
"label": _zeitbild.conf.get().authentication.data.label,
|
|
}
|
|
);
|
|
_oidc_redict_uri_template_map = lib_plankton.map.simplemap.implementation_map(
|
|
lib_plankton.map.simplemap.make(
|
|
)
|
|
);
|
|
// TODO
|
|
return Promise.resolve(undefined);
|
|
break;
|
|
}
|
|
default: {
|
|
// do nothing
|
|
break;
|
|
}
|
|
}
|
|
return Promise.resolve<void>(undefined);
|
|
}
|
|
|
|
|
|
/**
|
|
*/
|
|
export function prepare(
|
|
input : any
|
|
) : Promise<{kind : string; data : any;}>
|
|
{
|
|
switch (_zeitbild.conf.get().authentication.kind) {
|
|
case "oidc": {
|
|
if ((_subject_oidc === null) || (_oidc_redict_uri_template_map === null)) {
|
|
throw (new Error("not initialized yet"));
|
|
}
|
|
else {
|
|
const stuff : {state : string; authorization_url : string;} = lib_plankton.auth.oidc.prepare_login(_subject_oidc);
|
|
_oidc_redict_uri_template_map.set(
|
|
stuff.state,
|
|
input["oidc_redirect_uri_template"]
|
|
);
|
|
return Promise.resolve(
|
|
{
|
|
"kind": "oidc",
|
|
"data": {
|
|
"url": stuff.authorization_url,
|
|
"label": _zeitbild.conf.get().authentication.data.label,
|
|
}
|
|
}
|
|
);
|
|
}
|
|
break;
|
|
}
|
|
default: {
|
|
if (_subject === null) {
|
|
return Promise.reject(new Error("not initialized yet"));
|
|
}
|
|
else {
|
|
return (
|
|
_subject.login_prepare()
|
|
.then(
|
|
(data : any) => ({
|
|
"kind": _zeitbild.conf.get().authentication.kind,
|
|
"data": data,
|
|
})
|
|
)
|
|
);
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
/**
|
|
*/
|
|
export async function oidc_handle_authorization_callback(
|
|
cookie : (null | string),
|
|
data : Record<string, string>
|
|
) : Promise<
|
|
{
|
|
token : string;
|
|
userinfo : {
|
|
name : (null | string);
|
|
email : (null | string);
|
|
};
|
|
redirect_uri_template : string;
|
|
}
|
|
>
|
|
{
|
|
if ((_subject_oidc === null) || (_oidc_redict_uri_template_map === null)) {
|
|
throw (new Error("not initialized yet"));
|
|
}
|
|
else {
|
|
const state : string = data["state"];
|
|
const result : {
|
|
token : string;
|
|
userinfo : {
|
|
name : (null | string);
|
|
email : (null | string);
|
|
};
|
|
} = await lib_plankton.auth.oidc.handle_authorization_callback(
|
|
_subject_oidc,
|
|
cookie,
|
|
data
|
|
);
|
|
return Promise.resolve<
|
|
{
|
|
token : string;
|
|
userinfo : {
|
|
name : (null | string);
|
|
email : (null | string);
|
|
};
|
|
redirect_uri_template : string;
|
|
}
|
|
>(
|
|
{
|
|
"token": result.token,
|
|
"userinfo": result.userinfo,
|
|
"redirect_uri_template": _oidc_redict_uri_template_map.get(state),
|
|
}
|
|
);
|
|
}
|
|
}
|
|
|
|
}
|