forked from ammmir/node-oauth2-provider
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Renamed express 2.x example, added express 3.x example.
- Loading branch information
Showing
2 changed files
with
143 additions
and
0 deletions.
There are no files selected for viewing
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,143 @@ | ||
| // simple server with a protected resource at /secret secured by OAuth 2 | ||
|
|
||
| var OAuth2Provider = require('../index').OAuth2Provider, | ||
| express = require('express'), | ||
| MemoryStore = express.session.MemoryStore; | ||
|
|
||
| // hardcoded list of <client id, client secret> tuples | ||
| var myClients = { | ||
| '1': '1secret', | ||
| }; | ||
|
|
||
| var app = express(); | ||
|
|
||
| // temporary grant storage | ||
| var myGrants = {}; | ||
|
|
||
| var myOAP = new OAuth2Provider('encryption secret', 'signing secret'); | ||
|
|
||
| // before showing authorization page, make sure the user is logged in | ||
| myOAP.on('enforce_login', function(req, res, authorize_url, next) { | ||
| if(req.session.user) { | ||
| next(req.session.user); | ||
| } else { | ||
| res.writeHead(303, {Location: '/login?next=' + encodeURIComponent(authorize_url)}); | ||
| res.end(); | ||
| } | ||
| }); | ||
|
|
||
| // render the authorize form with the submission URL | ||
| // use two submit buttons named "allow" and "deny" for the user's choice | ||
| myOAP.on('authorize_form', function(req, res, client_id, authorize_url) { | ||
| res.end('<html>this app wants to access your account... <form method="post" action="' + authorize_url + '"><button name="allow">Allow</button><button name="deny">Deny</button></form>'); | ||
| }); | ||
|
|
||
| // save the generated grant code for the current user | ||
| myOAP.on('save_grant', function(req, client_id, code, next) { | ||
| if(!(req.session.user in myGrants)) | ||
| myGrants[req.session.user] = {}; | ||
|
|
||
| myGrants[req.session.user][client_id] = code; | ||
| next(); | ||
| }); | ||
|
|
||
| // remove the grant when the access token has been sent | ||
| myOAP.on('remove_grant', function(user_id, client_id, code) { | ||
| if(myGrants[user_id] && myGrants[user_id][client_id]) | ||
| delete myGrants[user_id][client_id]; | ||
| }); | ||
|
|
||
| // find the user for a particular grant | ||
| myOAP.on('lookup_grant', function(client_id, client_secret, code, next) { | ||
| // verify that client id/secret pair are valid | ||
| if(client_id in myClients && myClients[client_id] == client_secret) { | ||
| for(var user in myGrants) { | ||
| var clients = myGrants[user]; | ||
|
|
||
| if(clients[client_id] && clients[client_id] == code) | ||
| return next(null, user); | ||
| } | ||
| } | ||
|
|
||
| next(new Error('no such grant found')); | ||
| }); | ||
|
|
||
| // embed an opaque value in the generated access token | ||
| myOAP.on('create_access_token', function(user_id, client_id, next) { | ||
| var data = 'blah'; // can be any data type or null | ||
|
|
||
| next(data); | ||
| }); | ||
|
|
||
| // (optional) do something with the generated access token | ||
| myOAP.on('save_access_token', function(user_id, client_id, access_token) { | ||
| console.log('saving access token %s for user_id=%s client_id=%s', access_token, user_id, client_id); | ||
| }); | ||
|
|
||
| // an access token was received in a URL query string parameter or HTTP header | ||
| myOAP.on('access_token', function(req, token, next) { | ||
| var TOKEN_TTL = 10 * 60 * 1000; // 10 minutes | ||
|
|
||
| if(token.grant_date.getTime() + TOKEN_TTL > Date.now()) { | ||
| req.session.user = token.user_id; | ||
| req.session.data = token.extra_data; | ||
| } else { | ||
| console.warn('access token for user %s has expired', token.user_id); | ||
| } | ||
|
|
||
| next(); | ||
| }); | ||
|
|
||
| app.use(express.logger()); | ||
| app.use(express.bodyParser()); | ||
| app.use(express.query()); | ||
| app.use(express.cookieParser()); | ||
| app.use(express.session({store: new MemoryStore({reapInterval: 5 * 60 * 1000}), secret: 'abracadabra'})); | ||
| app.use(myOAP.oauth()); | ||
| app.use(myOAP.login()); | ||
|
|
||
| app.get('/', function(req, res, next) { | ||
| console.dir(req.session); | ||
| res.end('home, logged in? ' + !!req.session.user); | ||
| }); | ||
|
|
||
| app.get('/login', function(req, res, next) { | ||
| if(req.session.user) { | ||
| res.writeHead(303, {Location: '/'}); | ||
| return res.end(); | ||
| } | ||
|
|
||
| var next_url = req.query.next ? req.query.next : '/'; | ||
|
|
||
| res.end('<html><form method="post" action="/login"><input type="hidden" name="next" value="' + next_url + '"><input type="text" placeholder="username" name="username"><input type="password" placeholder="password" name="password"><button type="submit">Login</button></form>'); | ||
| }); | ||
|
|
||
| app.post('/login', function(req, res, next) { | ||
| req.session.user = req.body.username; | ||
|
|
||
| res.writeHead(303, {Location: req.body.next || '/'}); | ||
| res.end(); | ||
| }); | ||
|
|
||
| app.get('/logout', function(req, res, next) { | ||
| req.session.destroy(function(err) { | ||
| res.writeHead(303, {Location: '/'}); | ||
| res.end(); | ||
| }); | ||
| }); | ||
|
|
||
| app.get('/secret', function(req, res, next) { | ||
| if(req.session.user) { | ||
| res.end('proceed to secret lair, extra data: ' + JSON.stringify(req.session.data)); | ||
| } else { | ||
| res.writeHead(403); | ||
| res.end('no'); | ||
| } | ||
| }); | ||
|
|
||
| app.listen(8081); | ||
|
|
||
| function escape_entities(s) { | ||
| return s.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>'); | ||
| } | ||
|
|