Skip to content

Commit

Permalink
Migrate login to OpenID Connect / Ory Hydra
Browse files Browse the repository at this point in the history
  • Loading branch information
Brutus5000 committed Sep 19, 2021
1 parent b77c966 commit 5aeeddb
Show file tree
Hide file tree
Showing 4 changed files with 60 additions and 42 deletions.
1 change: 1 addition & 0 deletions .env.example
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ CHALLONGE_USERNAME=joe
CHALLONGE_APIKEY=12345
PORT=3000
API_URL=http://localhost:8010
OAUTH_URL=https://hydra.test.faforever.com
OAUTH_CLIENT_ID=faf-website
OAUTH_CLIENT_SECRET=banana
HOST=http://localhost:3000
Expand Down
47 changes: 25 additions & 22 deletions express.js
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ let middleware = require('./routes/middleware');

let bodyParser = require('body-parser');
let passport = require('passport');
let OAuth2Strategy = require('passport-oauth2');
let OidcStrategy = require('passport-openidconnect');

const cors = require('cors');
const showdown = require('showdown');
Expand All @@ -25,6 +25,7 @@ process.env.WP_NEWSHUBARCHIVE_CATEGORYID = process.env.WP_NEWSHUBARCHIVE_CATEGOR
process.env.CHALLONGE_USERNAME = process.env.CHALLONGE_USERNAME || 'joe';
process.env.CHALLONGE_APIKEY = process.env.CHALLONGE_APIKEY || '12345';
process.env.PORT = process.env.PORT || '4000';
process.env.OAUTH_URL = process.env.OAUTH_URL || 'https://hydra.test.faforever.com';
process.env.API_URL = process.env.API_URL || 'https://api.test.faforever.com';
process.env.OAUTH_CLIENT_ID = process.env.OAUTH_CLIENT_ID || '12345';
process.env.OAUTH_CLIENT_SECRET = process.env.OAUTH_CLIENT_SECRET || '12345';
Expand Down Expand Up @@ -208,27 +209,29 @@ app.get('/login', passport.authenticate('faforever', {
res.redirect('/');
});

passport.use('faforever', new OAuth2Strategy({
tokenURL: process.env.API_URL + '/oauth/token',
authorizationURL: process.env.API_URL + '/oauth/authorize',
clientID: process.env.OAUTH_CLIENT_ID,
clientSecret: process.env.OAUTH_CLIENT_SECRET,
callbackURL: process.env.HOST + '/callback',
scope: ['write_account_data', 'public_profile']
},
function (accessToken, refreshToken, profile, done) {
let request = require('request');
request.get(
{url: process.env.API_URL + '/me', headers: {'Authorization': 'Bearer ' + accessToken}},
function (e, r, body) {
if (r.statusCode != 200) {
return done(null);
}
let user = JSON.parse(body);
user.data.attributes.token = accessToken;
user.data.id = user.data.attributes.userId;
return done(null, user);
}
passport.use('faforever', new OidcStrategy({
issuer: process.env.OAUTH_URL + '/',
tokenURL: process.env.OAUTH_URL + '/oauth2/token',
authorizationURL: process.env.OAUTH_URL + '/oauth2/auth',
userInfoURL: process.env.OAUTH_URL + '/userinfo?schema=openid',
clientID: process.env.OAUTH_CLIENT_ID,
clientSecret: process.env.OAUTH_CLIENT_SECRET,
callbackURL: process.env.HOST + '/callback',
scope: ['openid', 'public_profile', 'write_account_data']
},
function (iss, sub, profile, jwtClaims, accessToken, refreshToken, params, verified) {
let request = require('request');
request.get(
{url: process.env.API_URL + '/me', headers: {'Authorization': 'Bearer ' + accessToken}},
function (e, r, body) {
if (r.statusCode !== 200) {
return verified(null);
}
let user = JSON.parse(body);
user.data.attributes.token = accessToken;
user.data.id = user.data.attributes.userId;
return verified(null, user);
}
);
}
));
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
"moment": "2.29.1",
"moment-timezone": "0.5.33",
"passport": "0.4.1",
"passport-oauth2": "1.6.0",
"passport-openidconnect": "^0.0.2",
"pug": "3.0.2",
"request": "2.88.2",
"showdown": "1.9.1",
Expand Down
52 changes: 33 additions & 19 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -348,11 +348,6 @@ balanced-match@^1.0.0:
resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.2.tgz#e83e3a7e3f300b34cb9d87f615fa0cbf357690ee"
integrity sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==

base64url@3.x.x:
version "3.0.1"
resolved "https://registry.yarnpkg.com/base64url/-/base64url-3.0.1.tgz#6399d572e2bc3f90a9a8b22d5dbb0a32d33f788d"
integrity sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==

base@^0.11.1:
version "0.11.2"
resolved "https://registry.yarnpkg.com/base/-/base-0.11.2.tgz#7bde5ced145b6d551a90db87f83c558b4eb48a8f"
Expand Down Expand Up @@ -3525,16 +3520,15 @@ pascalcase@^0.1.1:
resolved "https://registry.yarnpkg.com/pascalcase/-/pascalcase-0.1.1.tgz#b363e55e8006ca6fe21784d2db22bd15d7917f14"
integrity sha1-s2PlXoAGym/iF4TS2yK9FdeRfxQ=

passport-oauth2@1.6.0:
version "1.6.0"
resolved "https://registry.yarnpkg.com/passport-oauth2/-/passport-oauth2-1.6.0.tgz#5f599735e0ea40ea3027643785f81a3a9b4feb50"
integrity sha512-emXPLqLcVEcLFR/QvQXZcwLmfK8e9CqvMgmOFJxcNT3okSFMtUbRRKpY20x5euD+01uHsjjCa07DYboEeLXYiw==
passport-openidconnect@^0.0.2:
version "0.0.2"
resolved "https://registry.yarnpkg.com/passport-openidconnect/-/passport-openidconnect-0.0.2.tgz#e488f8bdb386c9a9fd39c91d5ab8c880156e8153"
integrity sha1-5Ij4vbOGyan9OckdWrjIgBVugVM=
dependencies:
base64url "3.x.x"
oauth "0.9.x"
passport-strategy "1.x.x"
uid2 "0.0.x"
utils-merge "1.x.x"
request "^2.75.0"
webfinger "0.4.x"

passport-strategy@1.x.x:
version "1.0.0"
Expand Down Expand Up @@ -4133,7 +4127,7 @@ repeating@^2.0.0:
dependencies:
is-finite "^1.0.0"

request@2.88.2, request@^2.87.0, request@^2.88.0, request@^2.88.2:
request@2.88.2, request@^2.75.0, request@^2.87.0, request@^2.88.0, request@^2.88.2:
version "2.88.2"
resolved "https://registry.yarnpkg.com/request/-/request-2.88.2.tgz#d73c918731cb5a87da047e207234146f664d12b3"
integrity sha512-MsvtOrfG9ZcrOwAW+Qi+F6HbD0CWXEh9ou77uOb7FM2WPhwT7smM833PzanhJLsgXjN89Ir6V2PczXNnMpwKhw==
Expand Down Expand Up @@ -4270,6 +4264,11 @@ sass-graph@2.2.5:
scss-tokenizer "^0.2.3"
yargs "^13.3.2"

sax@>=0.1.1:
version "1.2.4"
resolved "https://registry.yarnpkg.com/sax/-/sax-1.2.4.tgz#2816234e2378bddc4e5354fab5caa895df7100d9"
integrity sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw==

scss-tokenizer@^0.2.3:
version "0.2.3"
resolved "https://registry.yarnpkg.com/scss-tokenizer/-/scss-tokenizer-0.2.3.tgz#8eb06db9a9723333824d3f5530641149847ce5d1"
Expand Down Expand Up @@ -4575,6 +4574,11 @@ stdout-stream@^1.4.0:
dependencies:
readable-stream "^2.0.1"

step@0.0.x:
version "0.0.6"
resolved "https://registry.yarnpkg.com/step/-/step-0.0.6.tgz#143e7849a5d7d3f4a088fe29af94915216eeede2"
integrity sha1-FD54SaXX0/SgiP4pr5SRUhbu7eI=

stream-shift@^1.0.0:
version "1.0.1"
resolved "https://registry.yarnpkg.com/stream-shift/-/stream-shift-1.0.1.tgz#d7088281559ab2778424279b0877da3c392d5a3d"
Expand Down Expand Up @@ -4969,11 +4973,6 @@ uid-safe@~2.1.5:
dependencies:
random-bytes "~1.0.0"

uid2@0.0.x:
version "0.0.4"
resolved "https://registry.yarnpkg.com/uid2/-/uid2-0.0.4.tgz#033f3b1d5d32505f5ce5f888b9f3b667123c0a44"
integrity sha512-IevTus0SbGwQzYh3+fRsAMTVVPOoIVufzacXcHPmdlle1jUpq7BRL+mw3dgeLanvGZdwwbWhRV6XrcFNdBmjWA==

unc-path-regex@^0.1.2:
version "0.1.2"
resolved "https://registry.yarnpkg.com/unc-path-regex/-/unc-path-regex-0.1.2.tgz#e73dd3d7b0d7c5ed86fbac6b0ae7d8c6a69d50fa"
Expand Down Expand Up @@ -5094,7 +5093,7 @@ util-deprecate@^1.0.1, util-deprecate@^1.0.2, util-deprecate@~1.0.1:
resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf"
integrity sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=

utils-merge@1.0.1, utils-merge@1.x.x:
utils-merge@1.0.1:
version "1.0.1"
resolved "https://registry.yarnpkg.com/utils-merge/-/utils-merge-1.0.1.tgz#9f95710f50a267947b2ccc124741c1028427e713"
integrity sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM=
Expand Down Expand Up @@ -5143,6 +5142,14 @@ void-elements@^3.1.0:
resolved "https://registry.yarnpkg.com/void-elements/-/void-elements-3.1.0.tgz#614f7fbf8d801f0bb5f0661f5b2f5785750e4f09"
integrity sha1-YU9/v42AHwu18GYfWy9XhXUOTwk=

webfinger@0.4.x:
version "0.4.2"
resolved "https://registry.yarnpkg.com/webfinger/-/webfinger-0.4.2.tgz#3477a6d97799461896039fcffc650b73468ee76d"
integrity sha1-NHem2XeZRhiWA5/P/GULc0aO520=
dependencies:
step "0.0.x"
xml2js "0.1.x"

websocket-driver@>=0.5.1:
version "0.7.4"
resolved "https://registry.yarnpkg.com/websocket-driver/-/websocket-driver-0.7.4.tgz#89ad5295bbf64b480abcba31e4953aca706f5760"
Expand Down Expand Up @@ -5238,6 +5245,13 @@ xdg-basedir@^3.0.0:
resolved "https://registry.yarnpkg.com/xdg-basedir/-/xdg-basedir-3.0.0.tgz#496b2cc109eca8dbacfe2dc72b603c17c5870ad4"
integrity sha1-SWsswQnsqNus/i3HK2A8F8WHCtQ=

xml2js@0.1.x:
version "0.1.14"
resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.1.14.tgz#5274e67f5a64c5f92974cd85139e0332adc6b90c"
integrity sha1-UnTmf1pkxfkpdM2FE54DMq3GuQw=
dependencies:
sax ">=0.1.1"

xtend@~4.0.1:
version "4.0.2"
resolved "https://registry.yarnpkg.com/xtend/-/xtend-4.0.2.tgz#bb72779f5fa465186b1f438f674fa347fdb5db54"
Expand Down

0 comments on commit 5aeeddb

Please sign in to comment.