Create /api/oauth/authorize route

2021-01-16 23:14:51 +01:00 · 2021-01-16 23:14:51 +01:00 · 2e4357f7f8
commit 2e4357f7f8
23 changed files with 3861 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+node_modules
+poc
--- a/.idea/.gitignore
+++ b/.idea/.gitignore
@ -0,0 +1,11 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Datasource local storage ignored files
+/../../../:\wulkanowy-bridge\.idea/dataSources/
+/dataSources.local.xml
+# Editor-based HTTP Client requests
+/httpRequests/
+
+jsLinters
+discord.xml
--- a/.idea/inspectionProfiles/Project_Default.xml
+++ b/.idea/inspectionProfiles/Project_Default.xml
@ -0,0 +1,6 @@
+<component name="InspectionProjectProfileManager">
+  <profile version="1.0">
+    <option name="myName" value="Project Default" />
+    <inspection_tool class="Eslint" enabled="true" level="WARNING" enabled_by_default="true" />
+  </profile>
+</component>
--- a/.idea/jsLibraryMappings.xml
+++ b/.idea/jsLibraryMappings.xml
@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="JavaScriptLibraryMappings">
+    <file url="file://$PROJECT_DIR$" libraries="{Node.js Core}" />
+  </component>
+</project>
--- a/.idea/jsLinters/eslint.xml
+++ b/.idea/jsLinters/eslint.xml
@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="EslintConfiguration">
+    <option name="fix-on-save" value="true" />
+  </component>
+</project>
--- a/.idea/vcs.xml
+++ b/.idea/vcs.xml
@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="$PROJECT_DIR$" vcs="Git" />
+  </component>
+</project>
--- a/.idea/wulkanowy-bridge.iml
+++ b/.idea/wulkanowy-bridge.iml
@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="JAVA_MODULE" version="4">
+  <component name="NewModuleRootManager" inherit-compiler-output="true">
+    <exclude-output />
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>
--- a/README.md
+++ b/README.md
@ -0,0 +1 @@
+wulkanowy-bridge
--- a/backend/.editorconfig
+++ b/backend/.editorconfig
@ -0,0 +1,9 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+end_of_line = lf
--- a/backend/.eslintrc.json
+++ b/backend/.eslintrc.json
@ -0,0 +1,34 @@
+{
+  "env": {
+    "es6": true,
+    "node": true
+  },
+  "extends": [
+    "airbnb-typescript/base",
+    "plugin:@typescript-eslint/eslint-recommended",
+    "plugin:@typescript-eslint/recommended",
+    "plugin:@typescript-eslint/recommended-requiring-type-checking"
+  ],
+  "parser": "@typescript-eslint/parser",
+  "parserOptions": {
+    "ecmaVersion": 2018,
+    "sourceType": "module",
+    "project": "./tsconfig.json"
+  },
+  "plugins": [
+    "@typescript-eslint"
+  ],
+  "rules": {
+    "@typescript-eslint/explicit-member-accessibility": ["error"],
+    "import/order": ["error", {
+      "alphabetize": {
+        "order": "asc"
+      }
+    }],
+    "import/prefer-default-export": "warn",
+    "no-console": "off",
+    "max-len": ["off"],
+    "import/first": ["off"],
+    "max-classes-per-file": ["off"]
+  }
+}
--- a/backend/.gitignore
+++ b/backend/.gitignore
@ -0,0 +1,3 @@
+node_modules
+.env
+dist
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
--- a/backend/package.json
+++ b/backend/package.json
@ -0,0 +1,43 @@
+{
+  "name": "@wulkanowy/bridge-backend",
+  "version": "1.0.0",
+  "description": "",
+  "main": "src/index.ts",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "lint": "eslint src -c .eslintrc.json --ext .ts",
+    "lint:fix": "eslint src -c .eslintrc.json --ext .ts --fix",
+    "start": "ts-node .",
+    "dev": "ts-node-dev ."
+  },
+  "author": "Dominik Korsa <dominik.korsa@gmail.com>",
+  "license": "MIT",
+  "private": true,
+  "dependencies": {
+    "@types/express": "^4.17.10",
+    "@types/lodash": "^4.14.167",
+    "@types/node": "^14.14.21",
+    "dotenv": "^8.2.0",
+    "fastify": "^3.10.1",
+    "fastify-cookie": "^5.1.0",
+    "fastify-sensible": "^3.1.0",
+    "fastify-session": "^5.2.1",
+    "lodash": "^4.17.20",
+    "mongodb": "^3.6.3",
+    "nanoid": "^3.1.20",
+    "pino-pretty": "^4.3.0",
+    "reflect-metadata": "^0.1.13",
+    "ts-node": "^9.1.1",
+    "typeorm": "^0.2.30",
+    "typescript": "^4.1.3"
+  },
+  "devDependencies": {
+    "@typescript-eslint/eslint-plugin": "^4.13.0",
+    "@typescript-eslint/parser": "^4.13.0",
+    "eslint": "^7.17.0",
+    "eslint-config-airbnb": "^18.2.1",
+    "eslint-config-airbnb-typescript": "^12.0.0",
+    "eslint-plugin-import": "^2.22.1",
+    "ts-node-dev": "^1.1.1"
+  }
+}
--- a/backend/src/constants.ts
+++ b/backend/src/constants.ts
@ -0,0 +1,6 @@
+export const scopes = [
+  'timetable',
+  'grades',
+  'notes',
+  'achievements',
+];
--- a/backend/src/database/database.ts
+++ b/backend/src/database/database.ts
@ -0,0 +1,25 @@
+import { Connection, createConnection, Repository } from 'typeorm';
+import Application from './entities/application';
+
+class Database {
+  private connection!: Connection;
+
+  public applicationRepo!: Repository<Application>;
+
+  public async connect(): Promise<void> {
+    this.connection = await createConnection({
+      type: 'mongodb',
+      host: 'localhost',
+      port: 27017,
+      database: 'wulkanowy-bridge-local',
+      entities: [
+        Application,
+      ],
+      useUnifiedTopology: true,
+      logging: false,
+    });
+    this.applicationRepo = this.connection.getRepository(Application);
+  }
+}
+
+export default new Database();
--- a/backend/src/database/entities/application.ts
+++ b/backend/src/database/entities/application.ts
@ -0,0 +1,32 @@
+import { nanoid } from 'nanoid';
+import {
+  Column, Entity, ObjectID, ObjectIdColumn,
+} from 'typeorm';
+
+@Entity()
+export default class Application {
+  @ObjectIdColumn()
+  public _id!: ObjectID;
+
+  @Column()
+  public clientId!: string;
+
+  @Column()
+  public name!: string;
+
+  @Column()
+  public iconUrl!: string | null;
+
+  @Column()
+  public verified!: boolean;
+
+  @Column()
+  public redirectUris!: string[];
+
+  @Column()
+  public public!: string[];
+
+  public static generateClientId(): string {
+    return nanoid(12);
+  }
+}
--- a/backend/src/errors.ts
+++ b/backend/src/errors.ts
@ -0,0 +1,7 @@
+export class ParamError extends Error {
+  public name = 'ParamError';
+}
+
+export class ScopeError extends Error {
+  public name = 'ScopeError';
+}
--- a/backend/src/index.ts
+++ b/backend/src/index.ts
@ -0,0 +1,44 @@
+import 'reflect-metadata';
+import dotenv from 'dotenv';
+
+dotenv.config();
+
+import Fastify from 'fastify';
+import FastifyCookie from 'fastify-cookie';
+import FastifySensible from 'fastify-sensible';
+import FastifySession from 'fastify-session';
+import database from './database/database';
+import registerOAuth from './routes/oauth2';
+import { parseIntStrict, requireEnv } from './utils';
+
+const server = Fastify({
+  logger: {
+    level: 'info',
+    prettyPrint: true,
+  },
+});
+
+async function start() {
+  await server.register(FastifySensible);
+  await server.register(FastifyCookie);
+  await server.register(FastifySession, {
+    secret: requireEnv('SESSION_SECRET'),
+    cookie: {
+      secure: false, // TODO: Remove this line or add development env variable
+    },
+  });
+  await server.register(registerOAuth, { prefix: '/api/oauth', logLevel: 'info' });
+
+  await database.connect();
+  server.log.info('Connected to database');
+
+  const port = parseIntStrict(requireEnv('PORT'));
+  await server.listen(port);
+  server.log.info(`Listening on port ${port}`);
+}
+
+start()
+  .catch((error) => {
+    server.log.error(error);
+    process.exit(1);
+  });
--- a/backend/src/routes/oauth2/authorize.ts
+++ b/backend/src/routes/oauth2/authorize.ts
@ -0,0 +1,92 @@
+import _ from 'lodash';
+import { nanoid } from 'nanoid';
+import { scopes } from '../../constants';
+import database from '../../database/database';
+import { ParamError, ScopeError } from '../../errors';
+import { MyFastifyInstance } from '../../types';
+import {
+  getSessionData, isObject, parseScopeParam, validateOptionalParam, validateParam,
+} from '../../utils';
+
+export default function registerAuthorize(server: MyFastifyInstance): void {
+  server.post('/authorize', async (
+    request,
+    reply,
+  ) => {
+    console.log(request.query);
+    if (!isObject(request.query)) {
+      server.log.warn('Request query is not an object');
+      throw server.httpErrors.badRequest();
+    }
+    server.log.info(JSON.stringify(request.body));
+    try {
+      validateParam('client_id', request.query.client_id);
+      validateParam('redirect_uri', request.query.redirect_uri);
+    } catch (error) {
+      if (error instanceof ParamError) {
+        throw server.httpErrors.badRequest(error.message);
+      }
+      server.log.error(error);
+      throw server.httpErrors.internalServerError();
+    }
+
+    const application = await database.applicationRepo.findOne({
+      where: {
+        clientId: request.query.client_id,
+      },
+    });
+    if (application === undefined) throw server.httpErrors.badRequest('Unknown application');
+    if (!application.redirectUris.includes(request.query.redirect_uri)) throw server.httpErrors.badRequest('Redirect URI not registered');
+
+    try {
+      validateParam('response_type', request.query.response_type);
+      if (request.query.response_type === 'code') {
+        const requestedScopes = _.uniq(parseScopeParam('scope', request.query.scope));
+        requestedScopes.forEach((scope) => {
+          if (!scopes.includes(scope)) {
+            throw new ScopeError(`Unknown scope ${scope}`);
+          }
+        });
+        validateOptionalParam('state', request.query.state);
+        validateOptionalParam('code_challenge', request.query.code_challenge);
+        validateOptionalParam('code_challenge_method', request.query.code_challenge_method);
+
+        const codeChallengeMethod = request.query.code_challenge_method ?? 'plain';
+        if (codeChallengeMethod !== 'plain' && codeChallengeMethod !== 'S256') {
+          await reply.redirect(`${request.query.redirect_uri}?error=invalid_request&error_description=${encodeURIComponent('code_challenge_method should be either plain or S256')}`);
+          return;
+        }
+
+        const promptId = nanoid(12);
+
+        const sessionData = getSessionData(request.session);
+        sessionData.prompts.set(promptId, {
+          clientId: request.query.client_id,
+          redirectUri: request.query.redirect_uri,
+          scopes,
+          state: request.query.state,
+          codeChallenge: request.query.code_challenge === undefined ? undefined : {
+            method: codeChallengeMethod,
+            value: request.query.code_challenge,
+          },
+        });
+
+        await reply.redirect(`/authenticate-prompt?prompt_id=${promptId}`);
+        return;
+      }
+      await reply.redirect(`${request.query.redirect_uri}?error=unsupported_response_type`);
+      return;
+    } catch (error) {
+      if (error instanceof ParamError) {
+        await reply.redirect(`${request.query.redirect_uri}?error=invalid_request&error_description=${encodeURIComponent(error.message)}`);
+        return;
+      }
+      if (error instanceof ScopeError) {
+        await reply.redirect(`${request.query.redirect_uri}?error=invalid_scope&error_description=${encodeURIComponent(error.message)}`);
+        return;
+      }
+      server.log.error(error);
+      await reply.redirect(`${request.query.redirect_uri}?error=server_error`);
+    }
+  });
+}
--- a/backend/src/routes/oauth2/index.ts
+++ b/backend/src/routes/oauth2/index.ts
@ -0,0 +1,9 @@
+import {
+  MyFastifyInstance,
+} from '../../types';
+import registerAuthorize from './authorize';
+
+// eslint-disable-next-line @typescript-eslint/require-await
+export default async function registerOAuth(server: MyFastifyInstance): Promise<void> {
+  registerAuthorize(server);
+}
--- a/backend/src/types.ts
+++ b/backend/src/types.ts
@ -0,0 +1,28 @@
+import {
+  FastifyInstance, RawReplyDefaultExpression, RawRequestDefaultExpression, RawServerDefault,
+} from 'fastify';
+
+export interface Prompt {
+  clientId: string;
+  redirectUri: string;
+  scopes: string[],
+  state?: string;
+  codeChallenge?: {
+    value: string;
+    method: 'plain' | 'S256';
+  };
+}
+
+export interface SessionData {
+  prompts: Map<string, Prompt>
+}
+
+export interface Session {
+  sessionId: string;
+  encryptedSessionId: string;
+  touch(): void;
+  regenerate(): void;
+  data?: SessionData;
+}
+
+export type MyFastifyInstance = FastifyInstance<RawServerDefault, RawRequestDefaultExpression<RawServerDefault>, RawReplyDefaultExpression<RawServerDefault>>;
--- a/backend/src/utils.ts
+++ b/backend/src/utils.ts
@ -0,0 +1,55 @@
+import _ from 'lodash';
+import { ParamError } from './errors';
+import { Prompt, Session, SessionData } from './types';
+
+export function requireEnv(name: string): string {
+  const value = process.env[name];
+  if (value === undefined) throw new Error(`Environment variable ${name} not set`);
+  return value;
+}
+
+export function parseIntStrict(value: string, radix = 10): number {
+  const number = parseInt(value, radix);
+  if (_.isNaN(number)) throw new Error(`Cannot parse ${value} to int`);
+  return number;
+}
+
+export function parseFloatStrict(value: string): number {
+  const number = parseFloat(value);
+  if (_.isNaN(number)) throw new Error(`Cannot parse ${value} to float`);
+  return number;
+}
+
+export function isObject(value: unknown): value is Record<string, unknown> {
+  return typeof value === 'object' && value !== null;
+}
+
+export function validateParam(key: string, value: unknown): asserts value is string {
+  if (value === undefined) throw new ParamError(`${key} param is missing`);
+  if (typeof value !== 'string') throw new ParamError(`${key} param should be a string`);
+}
+
+export function validateOptionalParam(key: string, value: unknown): asserts value is string | undefined {
+  if (value === undefined) return;
+  if (typeof value !== 'string') throw new ParamError(`${key} param should be a string`);
+}
+
+export function parseScopeParam(key: string, value: unknown): string[] {
+  if (value === undefined) throw new ParamError(`${key} param is missing`);
+  if (typeof value === 'string') {
+    if (value === '') return [];
+    return value.split('+').map((scope) => scope.trim());
+  }
+  if (_.isArray(value)) return value.flatMap((e) => parseScopeParam(key, e));
+  throw new ParamError(`${key} param should be a string or an array of strings`);
+}
+
+export function getSessionData(session: Session): SessionData {
+  if (session.data === undefined) {
+    // eslint-disable-next-line no-param-reassign
+    session.data = {
+      prompts: new Map<string, Prompt>(),
+    };
+  }
+  return session.data;
+}
--- a/backend/tsconfig.json
+++ b/backend/tsconfig.json
@ -0,0 +1,18 @@
+{
+  "compilerOptions": {
+    "target": "es6",
+    "module": "commonjs",
+    "declaration": true,
+    "outDir": "dist",
+    "rootDir": "src",
+    "strict": true,
+    "esModuleInterop": true,
+    "moduleResolution": "node",
+    "emitDecoratorMetadata": true,
+    "experimentalDecorators": true,
+    "lib": ["ES2020"],
+    "types": [
+      "node"
+    ]
+  }
+}