Mirrors/audiobookshelf
Mirrors/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-09-06 17:51:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

added sso via passport js

Browse Source
This commit is contained in:
David Leimroth 2022-02-06 16:47:41 +01:00
parent 0336b65bca
commit e7f034ce59
7 changed files with 22287 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19216
client/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

36
client/pages/login.vue
View File

@ -15,6 +15,9 @@
<button type="submit" :disabled="processing" class="bg-blue-600 hover:bg-blue-800 px-8 py-1 mt-3 rounded-md text-white text-center transition duration-300 ease-in-out focus:outline-none">{{ processing ? 'Checking...' : 'Submit' }}</button>
</div>
</form>
<div class="w-full flex justify-end">
<a href="/oidc/login"><ui-btn :disabled="processing" class="bg-blue-600 hover:bg-blue-800 px-8 py-1 mt-3 rounded-md text-white text-center transition duration-300 ease-in-out focus:outline-none">SSO</ui-btn></a>
</div>
</div>
</div>
</div>
@ -87,9 +90,40 @@ export default {
}
this.processing = false
},
getCookies() {
return document.cookie.split(";").map(c => c.split("=")).reduce((acc, val)=> {
return {
...acc,
[val[0]]: val[1]
}
}, {})
},
deleteCookie(name, path="/", domain=document.location.host) {
document.cookie = name + "=" +
((path) ? ";path="+path:"")+
((domain)?";domain="+domain:"") +
";expires=Thu, 01 Jan 1970 00:00:01 GMT";
},
checkAuth() {
if (this.getCookies()["sso"]) {
this.processing = true
this.$axios
.$post('/api/authorize', null, {})
.then((res) => {
console.log({res})
this.setUser(res.user)
this.processing = false
})
.catch((error) => {
console.error('Authorize error', error)
this.deleteCookie("sso")
this.processing = false
})
return;
}
if (localStorage.getItem('token')) {
var token = localStorage.getItem('token')
let token = localStorage.getItem('token')
if (token) {
this.processing = true

6
index.js
View File

@ -13,6 +13,12 @@ if (isDev) {
process.env.AUDIOBOOK_PATH = devEnv.AudiobookPath
process.env.FFMPEG_PATH = devEnv.FFmpegPath
process.env.FFPROBE_PATH = devEnv.FFProbePath
process.env.OIDC_CLIENT_ID = devEnv.OIDC.ClientID
process.env.OIDC_CLIENT_SECRET = devEnv.OIDC.ClientSecret
process.env.OIDC_ISSUER = devEnv.OIDC.Issuer
process.env.OIDC_AUTHORIZATION_URL = devEnv.OIDC.AuthorizationURL
process.env.OIDC_TOKEN_URL = devEnv.OIDC.TokenURL
process.env.OIDC_USER_INFO_URL = devEnv.OIDC.UserInfoURL
}
const PORT = process.env.PORT || 80

2932
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

8
package.json
View File

@ -31,11 +31,13 @@
"axios": "^0.21.1",
"bcryptjs": "^2.4.3",
"command-line-args": "^5.2.0",
"cookie-parser": "^1.4.6",
"date-and-time": "^2.0.1",
"epub": "^1.2.1",
"express": "^4.17.1",
"express-fileupload": "^1.2.1",
"express-rate-limit": "^5.3.0",
"express-session": "^1.17.2",
"fast-sort": "^3.1.1",
"fluent-ffmpeg": "^2.1.2",
"fs-extra": "^10.0.0",
@ -47,6 +49,9 @@
"node-cron": "^3.0.0",
"node-ffprobe": "^3.0.0",
"node-stream-zip": "^1.15.0",
"passport": "^0.5.2",
"passport-jwt": "^4.0.0",
"passport-openidconnect": "^0.1.1",
"podcast": "^1.3.0",
"read-chunk": "^3.1.0",
"recursive-readdir-async": "^1.1.8",
@ -54,6 +59,5 @@
"string-strip-html": "^8.3.0",
"watcher": "^1.2.0",
"xml2js": "^0.4.23"
},
"devDependencies": {}
}
}

18
server/Auth.js
View File

@ -1,5 +1,6 @@
const bcrypt = require('bcryptjs')
const jwt = require('jsonwebtoken')
const passport = require('passport')
const Logger = require('./Logger')
class Auth {
@ -38,7 +39,19 @@ class Auth {
}
async authMiddleware(req, res, next) {
var token = null
let token = null;
if (req.isAuthenticated && req.isAuthenticated()) {
token = req.cookies["token"]
const user = await this.verifyToken(token)
if (!user) {
Logger.error('Verify Token User Not Found', token)
return res.sendStatus(404)
}
req.user = user
return next();
}
// If using a get request, the token can be passed as a query string
if (req.method === 'GET' && req.query && req.query.token) {
@ -53,7 +66,8 @@ class Auth {
return res.sendStatus(401)
}
var user = await this.verifyToken(token)
const user = await this.verifyToken(token)
if (!user) {
Logger.error('Verify Token User Not Found', token)
return res.sendStatus(404)

109
server/Server.js
View File

@ -1,17 +1,21 @@
const Path = require('path')
const express = require('express')
const cookieParser = require("cookie-parser");
var session = require('express-session')
const http = require('http')
const SocketIO = require('socket.io')
const fs = require('fs-extra')
const fileUpload = require('express-fileupload')
const rateLimit = require('express-rate-limit')
const passport = require('passport');
const OidcStrategy = require('passport-openidconnect').Strategy;
const { version } = require('../package.json')
// Utils
const { ScanResult } = require('./utils/constants')
const filePerms = require('./utils/filePerms')
const { secondsToTimestamp } = require('./utils/index')
const { secondsToTimestamp, getId } = require('./utils/index')
const Logger = require('./Logger')
// Classes
@ -28,6 +32,7 @@ const RssFeeds = require('./RssFeeds')
const DownloadManager = require('./DownloadManager')
const CoverController = require('./CoverController')
const CacheManager = require('./CacheManager')
const User = require('./objects/User')
class Server {
constructor(PORT, UID, GID, CONFIG_PATH, METADATA_PATH, AUDIOBOOK_PATH) {
@ -39,6 +44,10 @@ class Server {
this.AudiobookPath = Path.normalize(AUDIOBOOK_PATH)
this.MetadataPath = Path.normalize(METADATA_PATH)
console.info(this.ConfigPath)
console.info(this.MetadataPath)
console.info(this.AudiobookPath)
fs.ensureDirSync(CONFIG_PATH, 0o774)
fs.ensureDirSync(METADATA_PATH, 0o774)
fs.ensureDirSync(AUDIOBOOK_PATH, 0o774)
@ -65,6 +74,54 @@ class Server {
this.io = null
this.clients = {}
passport.serializeUser((user, next) => {
next(null, user);
});
passport.deserializeUser((obj, next) => {
next(null, obj);
});
passport.use(new OidcStrategy({
issuer: process.env.OIDC_ISSUER,
authorizationURL: process.env.OIDC_AUTHORIZATION_URL,
tokenURL: process.env.OIDC_TOKEN_URL,
userInfoURL: process.env.OIDC_USER_INFO_URL,
clientID: process.env.OIDC_CLIENT_ID,
clientSecret: process.env.OIDC_CLIENT_SECRET,
callbackURL: '/oidc/callback',
scope: "openid email profile"
}, async (issuer, profile, cb) => {
let user = this.db.users.find(u => u.id === profile.id)
if (!user) {
// create a user
let account = {}
account.id = profile.id
account.username = profile.username
account.type = "guest"
account.permissions = {
download: false,
update: false,
delete: false,
upload: false,
accessAllLibraries: false
}
account.pash = await this.auth.hashPass(getId(profile.id))
account.token = await this.auth.generateAccessToken({ userId: account.id })
account.createdAt = Date.now()
user = new User(account)
const success = await this.db.insertEntity('user', user)
if (!success) {
cb('Failed to save new user')
}
}
if (!user || !user.isActive) {
Logger.debug(`[Auth] Failed login attempt`)
cb("Invalid user or password")
return
}
cb(null, user)
})
)
}
get audiobooks() {
@ -144,6 +201,23 @@ class Server {
app.use(fileUpload())
app.use(express.urlencoded({ extended: true }));
app.use(express.json())
app.use(cookieParser());
app.use(session({
secret: process.env.TOKEN_SECRET,
resave: false,
saveUninitialized: true
}));
app.use(passport.initialize());
app.use(passport.session());
/*
if (req.method === 'GET' && req.query && req.query.token) {
token = req.query.token
} else {
const authHeader = req.headers['authorization']
token = authHeader && authHeader.split(' ')[1]
}
*/
// Static path to generated nuxt
const distPath = Path.join(global.appRoot, '/client/dist')
@ -219,6 +293,36 @@ class Server {
app.post('/logout', this.authMiddleware.bind(this), this.logout.bind(this))
app.get("/oidc/login", passport.authenticate('openidconnect'))
app.get("/oidc/callback",
passport.authenticate('openidconnect', { failureRedirect: '/oidc/login', failureMessage: true }),
async (req, res) => {
const token = this.auth.generateAccessToken({userId: req.user.id})
res.cookie('token', token, { httpOnly: true /* TODO: Set secure: true */ });
res.cookie('sso', true, { httpOnly: false /* TODO: Set secure: true */ });
res.redirect('/');
}
// (req, res, next) => {
// passport.authenticate('openidconnect', async (err, user, info) => {
//
// Logger.debug(JSON.stringify({user, info}))
//
// const token = await this.auth.generateAccessToken({ userId: user.id })
// res.cookie('token', token, { httpOnly: true /* TODO: Set secure: true */ });
// res.cookie('sso', true, { httpOnly: false /* TODO: Set secure: true */ });
//
// res.redirect('/');
// })(req, res, next)
//
// }
)
// app.get("/oidc/token", (req, res) => {
// req.cookies.get("token")
// })
app.get('/ping', (req, res) => {
Logger.info('Recieved ping')
res.json({ success: true })
@ -472,6 +576,9 @@ class Server {
var { socketId } = req.body
Logger.info(`[Server] User ${req.user ? req.user.username : 'Unknown'} is logging out with socket ${socketId}`)
res.clearCookie('sso');
res.clearCookie('token');
if (req.logout) req.logout();
// Strip user and client from client and client socket
if (socketId && this.clients[socketId]) {
var client = this.clients[socketId]