Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
…into main
  • Loading branch information
Alex4386 committed Feb 12, 2022
2 parents 8977d25 + 3a414a5 commit 25a3944
Show file tree
Hide file tree
Showing 42 changed files with 150 additions and 153 deletions.
3 changes: 1 addition & 2 deletions .github/workflows/deploy-s4ait-production.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,7 @@ on:
types: [created]

jobs:
build:

deploy:
runs-on: ubuntu-latest
environment: Stella IT Accounts Deployment
steps:
Expand Down
4 changes: 2 additions & 2 deletions INSTALL.md
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ FASTIFY_USE_PROXY=1
# The "issuer" on OpenID Connect id_token
OPENID_ISSUING_AUTHORITY="https://demo.meili.ng"
# Deprecated: use "yarn genkey" will automatically generate certificates for creating JWTs
# Deprecated: use "yarn keygen" will automatically generate certificates for creating JWTs
OPENID_SECRET_KEY=""
NOTIFICATION_API_HOST="http://notification.meili.ng"
Expand All @@ -117,7 +117,7 @@ These are the secret key to sign your OpenID Token. Please make sure this is lon

**Please Run the following:**
```bash
yarn genkey
yarn keygen
```


Expand Down
6 changes: 3 additions & 3 deletions package.json
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
{
"name": "meiling",
"version": "0.7.0",
"version": "0.8.1",
"description": "An easy-to-use, open-source, flexible oAuth2 Authentication Provider and OpenID Connect Server",
"main": "dist/",
"repository": "https://github.com/meiling-gatekeeper/meiling",
"author": "Alex4386 <[email protected]>",
"license": "MIT",
"dependencies": {
"@prisma/client": "^3.7.0",
"@prisma/client": "^3.9.1",
"@xmldom/xmldom": "^0.8.0",
"ansi-regex": "^6.0.1",
"axios": "^0.21.2",
Expand Down Expand Up @@ -49,7 +49,7 @@
"husky": "^4.3.0",
"lint-staged": "^10.5.1",
"prettier": "^2.1.2",
"prisma": "^3.7.0",
"prisma": "^3.9.1",
"ts-node": "^9.0.0"
},
"scripts": {
Expand Down
4 changes: 2 additions & 2 deletions src/common/event/baridegi.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ import config from '../../resources/config';
export enum BaridegiLogType {
NEW_SESSION = 'new_session',
AUTHORIZE_APP = 'authorize_app',
CREATE_AUTHORIZATION_REQUEST = 'create_authorization_request',
VERIFY_AUTHORIZATION_REQUEST = 'verify_authorization_request',
CREATE_AUTHENTICATION_REQUEST = 'create_authentication_request',
VERIFY_AUTHENTICATION_REQUEST = 'verify_authentication_request',
CREATE_PASSWORD_RESET_REQUEST = 'create_password_reset_request',
USER_SIGNIN = 'user_signin',
USER_SIGNOUT = 'user_signout',
Expand Down
File renamed without changes.
File renamed without changes.
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ export function validateOTP(challengeResponse: string, secret: string) {
export async function sendOTPSMS(phone: PhoneNumber, challenge: string, lang: Notification.TemplateLanguage = 'ko') {
await Notification.sendNotification(Notification.NotificationMethod.SMS, {
type: 'template',
templateId: Notification.TemplateId.AUTHORIZATION_CODE,
templateId: Notification.TemplateId.AUTHENTICATION_CODE,

lang,
messages: [
Expand Down
11 changes: 6 additions & 5 deletions src/common/meiling/identity/user.ts
Original file line number Diff line number Diff line change
Expand Up @@ -169,11 +169,12 @@ export async function getAuthorizedApps(user: UserModel | string): Promise<OAuth
});

const rawNotFiltered = await Promise.all(
authRaw.map((n) => getPrismaClient().oAuthClient.findUnique({ where: { id: n.id } })),
Utils.getUnique(authRaw, (m, n) => m.clientId === n.clientId).map((n) =>
getPrismaClient().oAuthClient.findUnique({ where: { id: n.clientId } }),
),
);
const raw = rawNotFiltered.filter((n) => n !== null) as OAuthClient[];

return Utils.getUnique(raw, (m, n) => m.id === n.id);
return rawNotFiltered.filter((n) => n !== null) as OAuthClient[];
}

export async function getOwnedApps(user: UserModel | string): Promise<OAuthClient[] | undefined> {
Expand Down Expand Up @@ -693,7 +694,7 @@ export async function prevent2FALockout(user: UserModel | string): Promise<void>
const data = await getInfo(user);
if (!data) return undefined;

const authorizations = await getPrismaClient().authentication.count({
const authentications = await getPrismaClient().authentication.count({
where: {
AND: [
{
Expand All @@ -711,7 +712,7 @@ export async function prevent2FALockout(user: UserModel | string): Promise<void>
},
});

if (authorizations === 0) {
if (authentications === 0) {
await getPrismaClient().user.update({
where: {
id: data.id,
Expand Down
2 changes: 1 addition & 1 deletion src/common/meiling/index.ts
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
export * as OAuth2 from './oauth2';
export * as SAML2 from './saml2';
export * as Identity from './identity';
export * as Authorization from './authorization';
export * as Authentication from './authentication';
export * as Database from './database';
export * as Error from './error';
export * as Sanitize from './sanitize';
Expand Down
10 changes: 5 additions & 5 deletions src/common/meiling/oauth2/clientAuthorization.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import { OAuthClient, OAuthClientAuthorization, OAuthToken, OAuthTokenType, Permission, User } from '@prisma/client';
import { Authorization } from '..';
import { Authentication } from '..';
import { getPrismaClient } from '../../../resources/prisma';

// TODO: OPTIMIZE
Expand Down Expand Up @@ -175,10 +175,10 @@ export async function getUser(authorization: OAuthClientAuthorization | string):
export async function createToken(
authorization: OAuthClientAuthorization,
type: OAuthTokenType,
metadata?: Authorization.Token.TokenMetadata,
metadata?: Authentication.Token.TokenMetadata,
): Promise<OAuthToken> {
// TODO: allow custom generator for token
const tokenKey = Authorization.Token.generateToken();
const tokenKey = Authentication.Token.generateToken();

const token = await getPrismaClient().oAuthToken.create({
data: {
Expand Down Expand Up @@ -217,9 +217,9 @@ export async function getToken(authorization: OAuthClientAuthorization, type: OA

if (
!token ||
Authorization.Token.getExpiresInByType(type, token.issuedAt) < Authorization.Token.getValidTimeByType(type) * 0.1
Authentication.Token.getExpiresInByType(type, token.issuedAt) < Authentication.Token.getValidTimeByType(type) * 0.1
) {
token = await createToken(authorization, type, token?.metadata as Authorization.Token.TokenMetadata);
token = await createToken(authorization, type, token?.metadata as Authentication.Token.TokenMetadata);
}

updateLastUpdated(authorization);
Expand Down
6 changes: 3 additions & 3 deletions src/common/meiling/v1/challenge.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ import { Authentication } from '@prisma/client';
import { Meiling } from '../..';
import { ExtendedAuthMethods, SigninType, SigninExtendedAuthentication } from './interfaces';
import { AuthenticationJSONObject, AuthenticationOTPObject, AuthenticationPGPSSHKeyObject } from '../identity/user';
import { validateOTP, validatePGPSign } from '../authorization/validate';
import { validateOTP, validatePGPSign } from '../authentication/validate';
import config from '../../../resources/config';

export function getMeilingAvailableAuthMethods(
Expand Down Expand Up @@ -53,10 +53,10 @@ export function generateChallenge(signinMethod: ExtendedAuthMethods): string | u
switch (signinMethod) {
case ExtendedAuthMethods.PGP_SIGNATURE:
case ExtendedAuthMethods.SECURITY_KEY:
return Meiling.Authorization.Token.generateToken();
return Meiling.Authentication.Token.generateToken();
case ExtendedAuthMethods.SMS:
case ExtendedAuthMethods.EMAIL:
return Meiling.Authorization.Token.generateToken(6, '0123456789');
return Meiling.Authentication.Token.generateToken(6, '0123456789');
case ExtendedAuthMethods.OTP:
default:
return undefined;
Expand Down
11 changes: 5 additions & 6 deletions src/common/meiling/v1/error/error.ts
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,8 @@ function getMeilingErrorStatusCode(type: ErrorType) {
case ErrorType.ALREADY_SIGNED_IN:
case ErrorType.ALREADY_SIGNED_OUT:
case ErrorType.APPLICATION_REDIRECT_URI_INVALID:
case ErrorType.AUTHORIZATION_REQUEST_NOT_GENERATED:
case ErrorType.AUTHORIZATION_REQUEST_NOT_COMPLETED:
case ErrorType.AUTHENTICATION_REQUEST_NOT_GENERATED:
case ErrorType.AUTHENTICATION_REQUEST_NOT_COMPLETED:
return 400;

case ErrorType.UNAUTHORIZED:
Expand All @@ -37,7 +37,7 @@ function getMeilingErrorStatusCode(type: ErrorType) {
case ErrorType.INVALID_SESSION:
case ErrorType.APPLICATION_NOT_AUTHORIZED_BY_USER:
case ErrorType.APPLICATION_NOT_AUTHORIZED_SCOPES:
case ErrorType.AUTHORIZATION_REQUEST_INVALID:
case ErrorType.AUTHENTICATION_REQUEST_INVALID:
return 401;

case ErrorType.FORBIDDEN:
Expand All @@ -50,7 +50,7 @@ function getMeilingErrorStatusCode(type: ErrorType) {
case ErrorType.UNSUPPORTED_SIGNIN_METHOD:
case ErrorType.UNSUPPORTED_SCOPE:
case ErrorType.UNSUPPORTED_RESPONSE_TYPE:
case ErrorType.UNSUPPORTED_AUTHORIZATION_TYPE:
case ErrorType.UNSUPPORTED_AUTHENTICATION_TYPE:
return 405;

case ErrorType.MORE_THAN_ONE_USER_MATCHED:
Expand All @@ -63,10 +63,9 @@ function getMeilingErrorStatusCode(type: ErrorType) {
return 409;

case ErrorType.AUTHENTICATION_TIMEOUT:
case ErrorType.AUTHORIZATION_REQUEST_TIMEOUT:
return 410;

case ErrorType.AUTHORIZATION_REQUEST_RATE_LIMITED:
case ErrorType.AUTHENTICATION_REQUEST_RATE_LIMITED:
return 429;

case ErrorType.INTERNAL_SERVER_ERROR:
Expand Down
10 changes: 4 additions & 6 deletions src/common/meiling/v1/error/type.ts
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,16 @@ export enum ErrorType {
UNSUPPORTED_SIGNIN_METHOD = 'unsupported_signin_method',
UNSUPPORTED_SCOPE = 'unsupported_scope',
UNSUPPORTED_RESPONSE_TYPE = 'unsupported_response_type',
UNSUPPORTED_AUTHORIZATION_TYPE = 'unsupported_authorization_type',
UNSUPPORTED_AUTHENTICATION_TYPE = 'unsupported_authentication_type',
TWO_FACTOR_AUTHENTICATION_REQUIRED = 'two_factor_authentication_required',
TWO_FACTOR_AUTHENTICATION_REQUEST_NOT_GENERATED = 'two_factor_authentication_request_not_generated',
MORE_THAN_ONE_USER_MATCHED = 'more_than_one_user_matched',
AUTHENTICATION_REQUEST_NOT_GENERATED = 'authentication_request_not_generated',
AUTHENTICATION_NOT_CURRENT_CHALLENGE_METHOD = 'authentication_not_current_challenge_method',
AUTHENTICATION_TIMEOUT = 'authentication_timeout',
AUTHENTICATION_REQUEST_INVALID = 'authentication_request_invalid',
AUTHENTICATION_REQUEST_NOT_COMPLETED = 'authentication_request_not_completed',
AUTHENTICATION_REQUEST_RATE_LIMITED = 'authentication_request_rate_limited',
NOT_IMPLEMENTED = 'not_implemented',
NOT_FOUND = 'not_found',
CONFLICT = 'conflict',
Expand All @@ -30,11 +33,6 @@ export enum ErrorType {
APPLICATION_NOT_AUTHORIZED_SCOPES = 'application_not_authorized_scopes',
APPLICATION_USER_ACTION_REQUIRED = 'application_user_action_required',
INTERNAL_SERVER_ERROR = 'internal_server_error',
AUTHORIZATION_REQUEST_INVALID = 'authorization_request_invalid',
AUTHORIZATION_REQUEST_NOT_GENERATED = 'authorization_request_not_generated',
AUTHORIZATION_REQUEST_NOT_COMPLETED = 'authorization_request_not_completed',
AUTHORIZATION_REQUEST_RATE_LIMITED = 'authorization_request_rate_limited',
AUTHORIZATION_REQUEST_TIMEOUT = 'authorization_request_timeout',
EMAIL_NOT_ALLOWED = 'email_not_allowed',
PHONE_NOT_ALLOWED = 'phone_not_allowed',
EXISTING_USERNAME = 'existing_username',
Expand Down
4 changes: 2 additions & 2 deletions src/common/meiling/v1/session.ts
Original file line number Diff line number Diff line change
Expand Up @@ -131,12 +131,12 @@ export async function isToken(token?: string): Promise<boolean> {
}

export function getTokenFromRequest(req: FastifyRequest): string | undefined {
const token = Meiling.Authorization.Token.getTokenFromRequest(req);
const token = Meiling.Authentication.Token.getTokenFromRequest(req);
return token ? token.token : undefined;
}

export async function createToken(req: FastifyRequest): Promise<string | undefined> {
const token = Meiling.Authorization.Token.generateToken();
const token = Meiling.Authentication.Token.generateToken();
const expiration = new Date(new Date().getTime() + config.session.v1.maxAge * 1000);
const userTimeFieldMinimum = new Date().getTime() - config.session.v1.rateLimit.timeframe * 1000;

Expand Down
6 changes: 3 additions & 3 deletions src/common/notification.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import { BaridegiLogType, sendBaridegiLog } from './event/baridegi';
export type TemplateLanguage = 'ko' | 'en';

export enum TemplateId {
AUTHORIZATION_CODE = 'authorization_code',
AUTHENTICATION_CODE = 'authentication_code',
}

export enum NotificationMethod {
Expand All @@ -19,7 +19,7 @@ type NotificationPayload = SMSPayload | AlimtalkPayload | CallPayload;

type SMSPayload = SMSPlainPayload | TemplatePayload;
type AlimtalkPayload = TemplatePayload;
type CallPayload = AuthorizationCodeCallPayload;
type CallPayload = AuthentcationCodeCallPayload;

// Not Recommended. Please use Template.
interface SMSPlainPayload {
Expand All @@ -46,7 +46,7 @@ interface PlainMessagePayload {
message: string;
}

interface AuthorizationCodeCallPayload {
interface AuthentcationCodeCallPayload {
type: 'authorization_code';
to: string;
lang: TemplateLanguage;
Expand Down
4 changes: 2 additions & 2 deletions src/common/startup.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import crypto from 'crypto';
import { Meiling } from '.';
import config from '../resources/config';
import Log from './terminal/log';
import { generateToken } from './meiling/authorization/token';
import { generateToken } from './meiling/authentication/token';

export function checkIDTokenIssueCredentials(): true | string {
if (!config.openid.jwt.algorithm) {
Expand Down Expand Up @@ -88,7 +88,7 @@ export async function runStartupGarbageCollection(force?: boolean): Promise<void
await Meiling.V1.Session.garbageCollect();

Log.info('Garbage Collecting for OAuth2 Tokens...');
await Meiling.Authorization.Token.garbageCollect();
await Meiling.Authentication.Token.garbageCollect();

console.log('Garbage Collecting for OAuth2 ACL Data... This may take awhile...');
await Meiling.OAuth2.ClientAuthorization.garbageCollect();
Expand Down
2 changes: 1 addition & 1 deletion src/interface.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import { OAuthTokenType } from '@prisma/client';
import { Algorithm } from 'jsonwebtoken';
import { TokenGenerator } from './common/meiling/authorization/token';
import { TokenGenerator } from './common/meiling/authentication/token';

export enum NodeEnvironment {
Production = 'production',
Expand Down
2 changes: 1 addition & 1 deletion src/routes/v1/admin/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ const adminV1Plugin = (app: FastifyInstance, opts: FastifyPluginOptions, done: (
throw new Error('User is not providing proper login credentials for admin');
}

const token = Meiling.Authorization.Token.getTokenFromRequest(req);
const token = Meiling.Authentication.Token.getTokenFromRequest(req);
if (!token) {
rep
.status(401)
Expand Down
2 changes: 1 addition & 1 deletion src/routes/v1/admin/internal/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ const internalAdminHandler = (app: FastifyInstance, opts: FastifyPluginOptions,
await Meiling.V1.Session.garbageCollect();

Terminal.Log.info('Running Garbage Collect for OAuth2 Tokens...');
await Meiling.Authorization.Token.garbageCollect();
await Meiling.Authentication.Token.garbageCollect();

Terminal.Log.info('Running Garbage Collect for OAuth2 ACL Data...');
await Meiling.OAuth2.ClientAuthorization.garbageCollect();
Expand Down
6 changes: 3 additions & 3 deletions src/routes/v1/admin/tokens/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -36,16 +36,16 @@ const tokensAdminHandler = (app: FastifyInstance, opts: FastifyPluginOptions, do
throw new Error('session not found');
}

const data = await Meiling.Authorization.Token.serialize(tokenData.token, tokenData.type);
const data = await Meiling.Authentication.Token.serialize(tokenData.token, tokenData.type);

rep.send({
...tokenData,
...data,
expires_at: new Date(
Meiling.Authorization.Token.getExpiresInByType(tokenData.type, new Date()) * 1000 +
Meiling.Authentication.Token.getExpiresInByType(tokenData.type, new Date()) * 1000 +
new Date(tokenData.issuedAt).getTime(),
),
is_valid: await Meiling.Authorization.Token.isValid(token, tokenData.type),
is_valid: await Meiling.Authentication.Token.isValid(token, tokenData.type),
issued_at: tokenData.issuedAt,
issuedAt: undefined,
});
Expand Down
Loading

0 comments on commit 25a3944

Please sign in to comment.