mirror of
https://github.com/advplyr/audiobookshelf.git
synced 2024-12-20 19:06:06 +01:00
Use a short-time cookie to remember where to callback to
This commit is contained in:
parent
405c954b65
commit
af4c35069b
@ -39,10 +39,10 @@
|
|||||||
</form>
|
</form>
|
||||||
<hr />
|
<hr />
|
||||||
<div class="w-full flex py-3">
|
<div class="w-full flex py-3">
|
||||||
<a href="http://localhost:3333/auth/google">
|
<a :href="`http://localhost:3333/auth/google?callback=${currentUrl}`">
|
||||||
<ui-btn color="primary" class="leading-none">Login with Google</ui-btn>
|
<ui-btn color="primary" class="leading-none">Login with Google</ui-btn>
|
||||||
</a>
|
</a>
|
||||||
<a href="http://localhost:3333/auth/openid">
|
<a :href="`http://localhost:3333/auth/openid?callback=${currentUrl}`">
|
||||||
<ui-btn color="primary" class="leading-none">Login with OpenId</ui-btn>
|
<ui-btn color="primary" class="leading-none">Login with OpenId</ui-btn>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -69,7 +69,8 @@ export default {
|
|||||||
},
|
},
|
||||||
confirmPassword: '',
|
confirmPassword: '',
|
||||||
ConfigPath: '',
|
ConfigPath: '',
|
||||||
MetadataPath: ''
|
MetadataPath: '',
|
||||||
|
currentUrl: location.toString()
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
watch: {
|
watch: {
|
||||||
|
2160
package-lock.json
generated
2160
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
@ -31,16 +31,17 @@
|
|||||||
"license": "GPL-3.0",
|
"license": "GPL-3.0",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"axios": "^0.27.2",
|
"axios": "^0.27.2",
|
||||||
|
"cookie-parser": "^1.4.6",
|
||||||
"express": "^4.17.1",
|
"express": "^4.17.1",
|
||||||
"express-session": "^1.17.3",
|
"express-session": "^1.17.3",
|
||||||
"graceful-fs": "^4.2.10",
|
"graceful-fs": "^4.2.10",
|
||||||
"htmlparser2": "^8.0.1",
|
"htmlparser2": "^8.0.1",
|
||||||
"node-tone": "^1.0.1",
|
"node-tone": "^1.0.1",
|
||||||
|
"nodemailer": "^6.9.2",
|
||||||
"passport": "^0.6.0",
|
"passport": "^0.6.0",
|
||||||
"passport-google-oauth20": "^2.0.0",
|
"passport-google-oauth20": "^2.0.0",
|
||||||
"passport-jwt": "^4.0.1",
|
"passport-jwt": "^4.0.1",
|
||||||
"passport-openidconnect": "^0.1.1",
|
"passport-openidconnect": "^0.1.1",
|
||||||
"nodemailer": "^6.9.2",
|
|
||||||
"sequelize": "^6.32.1",
|
"sequelize": "^6.32.1",
|
||||||
"socket.io": "^4.5.4",
|
"socket.io": "^4.5.4",
|
||||||
"sqlite3": "^5.1.6",
|
"sqlite3": "^5.1.6",
|
||||||
|
@ -32,7 +32,6 @@ class Auth {
|
|||||||
clientSecret: global.ServerSettings.authGoogleOauth20ClientSecret,
|
clientSecret: global.ServerSettings.authGoogleOauth20ClientSecret,
|
||||||
callbackURL: global.ServerSettings.authGoogleOauth20CallbackURL
|
callbackURL: global.ServerSettings.authGoogleOauth20CallbackURL
|
||||||
}, (async function (accessToken, refreshToken, profile, done) {
|
}, (async function (accessToken, refreshToken, profile, done) {
|
||||||
// TODO: what to use as username
|
|
||||||
// TODO: do we want to create the users which does not exist?
|
// TODO: do we want to create the users which does not exist?
|
||||||
const user = await Database.userModel.getUserByEmail(profile.emails[0].value.toLowerCase())
|
const user = await Database.userModel.getUserByEmail(profile.emails[0].value.toLowerCase())
|
||||||
|
|
||||||
@ -59,7 +58,6 @@ class Auth {
|
|||||||
skipUserProfile: false
|
skipUserProfile: false
|
||||||
},
|
},
|
||||||
(function (issuer, profile, done) {
|
(function (issuer, profile, done) {
|
||||||
// TODO: what to use as username
|
|
||||||
// TODO: do we want to create the users which does not exist?
|
// TODO: do we want to create the users which does not exist?
|
||||||
var user = Database.userModel.getUserByEmail(profile.emails[0].value.toLowerCase())
|
var user = Database.userModel.getUserByEmail(profile.emails[0].value.toLowerCase())
|
||||||
|
|
||||||
@ -116,7 +114,20 @@ class Auth {
|
|||||||
)
|
)
|
||||||
|
|
||||||
// google-oauth20 strategy login route (this redirects to the google login)
|
// google-oauth20 strategy login route (this redirects to the google login)
|
||||||
router.get('/auth/google', passport.authenticate('google', { scope: ['email'] }))
|
router.get('/auth/google', (req, res, next) => {
|
||||||
|
const auth_func = passport.authenticate('google', { scope: ['email'] })
|
||||||
|
if (!req.query.callback || req.query.callback === "") {
|
||||||
|
res.status(400).send({
|
||||||
|
message: 'No callback parameter'
|
||||||
|
})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
res.cookie('auth_cb', req.query.callback, {
|
||||||
|
maxAge: 120000 * 120, // Hack - this semms to be in UTC??
|
||||||
|
httpOnly: true
|
||||||
|
})
|
||||||
|
auth_func(req, res, next);
|
||||||
|
})
|
||||||
|
|
||||||
// google-oauth20 strategy callback route (this receives the token from google)
|
// google-oauth20 strategy callback route (this receives the token from google)
|
||||||
router.get('/auth/google/callback',
|
router.get('/auth/google/callback',
|
||||||
@ -125,13 +136,31 @@ class Auth {
|
|||||||
// return the user login response json if the login was successfull
|
// return the user login response json if the login was successfull
|
||||||
var data_json = await this.getUserLoginResponsePayload(req.user)
|
var data_json = await this.getUserLoginResponsePayload(req.user)
|
||||||
// res.json(data_json)
|
// res.json(data_json)
|
||||||
// TODO: figure out how to redirect back to the app page
|
// TODO: do we want to somehow limit the values for auth_cb?
|
||||||
res.redirect(301, `http://localhost:3000/login?setToken=${data_json.user.token}`)
|
if (req.cookies.auth_cb) {
|
||||||
|
res.redirect(302, `${req.cookies.auth_cb}?setToken=${data_json.user.token}`)
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
res.status(400).send("No callback or already expired")
|
||||||
|
}
|
||||||
}).bind(this)
|
}).bind(this)
|
||||||
)
|
)
|
||||||
|
|
||||||
// openid strategy login route (this redirects to the configured openid login provider)
|
// openid strategy login route (this redirects to the configured openid login provider)
|
||||||
router.get('/auth/openid', passport.authenticate('openidconnect'))
|
router.get('/auth/openid', (req, res, next) => {
|
||||||
|
const auth_func = passport.authenticate('openidconnect')
|
||||||
|
if (!req.query.callback || req.query.callback === "") {
|
||||||
|
res.status(400).send({
|
||||||
|
message: 'No callback parameter'
|
||||||
|
})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
res.cookie('auth_cb', req.query.callback, {
|
||||||
|
maxAge: 120000 * 120, // Hack - this semms to be in UTC??
|
||||||
|
httpOnly: true
|
||||||
|
})
|
||||||
|
auth_func(req, res, next);
|
||||||
|
})
|
||||||
|
|
||||||
// openid strategy callback route (this receives the token from the configured openid login provider)
|
// openid strategy callback route (this receives the token from the configured openid login provider)
|
||||||
router.get('/auth/openid/callback',
|
router.get('/auth/openid/callback',
|
||||||
@ -140,8 +169,12 @@ class Auth {
|
|||||||
// return the user login response json if the login was successfull
|
// return the user login response json if the login was successfull
|
||||||
var data_json = await this.getUserLoginResponsePayload(req.user)
|
var data_json = await this.getUserLoginResponsePayload(req.user)
|
||||||
// res.json(data_json)
|
// res.json(data_json)
|
||||||
// TODO: figure out how to redirect back to the app page
|
if (req.cookies.auth_cb) {
|
||||||
res.redirect(301, `http://localhost:3000/login?setToken=${data_json.user.token}`)
|
res.redirect(302, `${req.cookies.auth_cb}?setToken=${data_json.user.token}`)
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
res.status(400).send("No callback or already expired")
|
||||||
|
}
|
||||||
}).bind(this)
|
}).bind(this)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -5,6 +5,7 @@ const http = require('http')
|
|||||||
const fs = require('./libs/fsExtra')
|
const fs = require('./libs/fsExtra')
|
||||||
const fileUpload = require('./libs/expressFileupload')
|
const fileUpload = require('./libs/expressFileupload')
|
||||||
const rateLimit = require('./libs/expressRateLimit')
|
const rateLimit = require('./libs/expressRateLimit')
|
||||||
|
const cookieParser = require("cookie-parser");
|
||||||
|
|
||||||
const { version } = require('../package.json')
|
const { version } = require('../package.json')
|
||||||
|
|
||||||
@ -136,6 +137,8 @@ class Server {
|
|||||||
|
|
||||||
const app = express()
|
const app = express()
|
||||||
|
|
||||||
|
// parse cookies in requests
|
||||||
|
app.use(cookieParser());
|
||||||
// enable express-session
|
// enable express-session
|
||||||
app.use(expressSession({
|
app.use(expressSession({
|
||||||
secret: global.ServerSettings.tokenSecret,
|
secret: global.ServerSettings.tokenSecret,
|
||||||
|
Loading…
Reference in New Issue
Block a user