-
Notifications
You must be signed in to change notification settings - Fork 517
/
protectedResource.js
109 lines (80 loc) · 2.54 KB
/
protectedResource.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
var express = require("express");
var bodyParser = require('body-parser');
var cons = require('consolidate');
var base64url = require('base64url');
var cors = require('cors');
var app = express();
app.use(bodyParser.urlencoded({ extended: true })); // support form-encoded bodies (for bearer tokens)
app.engine('html', cons.underscore);
app.set('view engine', 'html');
app.set('views', 'files/protectedResource');
app.set('json spaces', 4);
app.use('/', express.static('files/protectedResource'));
app.use(cors());
var resource = {
"name": "Protected Resource",
"description": "This data has been protected by OAuth 2.0"
};
var protectedResources = {
"resource_id": "protected-resource-1",
"resource_secret": "protected-resource-secret-1"
};
var authServer = {
introspectionEndpoint: 'http://localhost:9001/introspect'
};
var getAccessToken = function(req, res, next) {
// check the auth header first
var auth = req.headers['authorization'];
var inToken = null;
if (auth && auth.toLowerCase().indexOf('bearer') == 0) {
inToken = auth.slice('bearer '.length);
} else if (req.body && req.body.access_token) {
// not in the header, check in the form body
inToken = req.body.access_token;
} else if (req.query && req.query.access_token) {
inToken = req.query.access_token
}
console.log('Incoming token: %s', inToken);
var tokenParts = inToken.split('.');
var payload = JSON.parse(base64url.decode(tokenParts[1]));
console.log('Payload', payload);
if (payload.iss == 'http://localhost:9001/') {
console.log('issuer OK');
if ((Array.isArray(payload.aud) && __.contains(payload.aud, 'http://localhost:9002/')) ||
payload.aud == 'http://localhost:9002/') {
console.log('Audience OK');
var now = Math.floor(Date.now() / 1000);
if (payload.iat <= now) {
console.log('issued-at OK');
if (payload.exp >= now) {
console.log('expiration OK');
console.log('Token valid!');
req.access_token = payload;
}
}
}
}
next();
return;
};
var requireAccessToken = function(req, res, next) {
if (req.access_token) {
next();
} else {
res.status(401).end();
}
};
var savedWords = [];
app.options('/resource', cors());
app.post("/resource", cors(), getAccessToken, function(req, res){
if (req.access_token) {
res.json(resource);
} else {
res.status(401).end();
}
});
var server = app.listen(9002, 'localhost', function () {
var host = server.address().address;
var port = server.address().port;
console.log('OAuth Resource Server is listening at http://%s:%s', host, port);
});