wiki-cafe/wiki-security-passportjs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reinstate fork changes

Browse Source
This commit is contained in:
3wc 2024-10-30 22:22:57 -04:00
parent a10c577037
commit f9538b8a96
3 changed files with 39 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
package-lock.json generated
View File

@ -11,6 +11,7 @@
"dependencies": { "dependencies": {
"@passport-js/passport-twitter": "^1.0.8", "@passport-js/passport-twitter": "^1.0.8",
"coffeescript": "^2.4.1", "coffeescript": "^2.4.1",
"jwt-decode": "^4.0.0",
"lodash": "^4.17.19", "lodash": "^4.17.19",
"passport": "^0.3.2", "passport": "^0.3.2",
"passport-github2": "^0.1.12", "passport-github2": "^0.1.12",
@ -4329,6 +4330,14 @@
"dev": true, "dev": true,
"license": "ISC" "license": "ISC"
}, },
"node_modules/jwt-decode": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/jwt-decode/-/jwt-decode-4.0.0.tgz",
"integrity": "sha512-+KJGIyHgkGuIq3IEBNftfhW/LfWhXUIY6OmyVWjliu5KH1y0fw7VQ8YndE2O4qZdMSd9SqbnC8GOcZEy0Om7sA==",
"engines": {
"node": ">=18"
}
},
"node_modules/lodash": { "node_modules/lodash": {
"version": "4.17.21", "version": "4.17.21",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",

1
package.json
View File

@ -7,6 +7,7 @@
"dependencies": { "dependencies": {
"@passport-js/passport-twitter": "^1.0.8", "@passport-js/passport-twitter": "^1.0.8",
"coffeescript": "^2.4.1", "coffeescript": "^2.4.1",
"jwt-decode": "^4.0.0",
"lodash": "^4.17.19", "lodash": "^4.17.19",
"passport": "^0.3.2", "passport": "^0.3.2",
"passport-github2": "^0.1.12", "passport-github2": "^0.1.12",

49
server/social.coffee
View File

@ -17,6 +17,8 @@ url = require 'url'
_ = require 'lodash' _ = require 'lodash'
glob = require 'glob' glob = require 'glob'
{ jwtDecode } = require('jwt-decode');
passport = require('passport') passport = require('passport')
# Export a function that generates security handler # Export a function that generates security handler
@ -188,6 +190,8 @@ module.exports = exports = (log, loga, argv) ->
userInfoURL: argv.oauth2_UserInfoURL userInfoURL: argv.oauth2_UserInfoURL
}, (accessToken, refreshToken, params, profile, cb) -> }, (accessToken, refreshToken, params, profile, cb) ->
token = jwtDecode(accessToken)
extractUserInfo = (uiParam, uiDef) -> extractUserInfo = (uiParam, uiDef) ->
uiPath = '' uiPath = ''
if typeof uiParam == 'undefined' then (uiPath = uiDef) else (uiPath = uiParam) if typeof uiParam == 'undefined' then (uiPath = uiDef) else (uiPath = uiParam)
@ -195,6 +199,8 @@ module.exports = exports = (log, loga, argv) ->
sParts = uiPath.split('.') sParts = uiPath.split('.')
sFrom = sParts.shift() sFrom = sParts.shift()
switch sFrom switch sFrom
when "token"
obj = token
when "params" when "params"
obj = params obj = params
when "profile" when "profile"
@ -207,10 +213,6 @@ module.exports = exports = (log, loga, argv) ->
obj = obj[sParts.shift()] obj = obj[sParts.shift()]
return obj return obj
console.log("accessToken", accessToken)
console.log("refreshToken", refreshToken)
console.log("params", params)
console.log("profile", profile)
if argv.oauth2_UsernameField? if argv.oauth2_UsernameField?
username_query = argv.oauth2_UsernameField username_query = argv.oauth2_UsernameField
else else
@ -388,24 +390,31 @@ module.exports = exports = (log, loga, argv) ->
# see http://ward.asia.wiki.org/login-to-view.html # see http://ward.asia.wiki.org/login-to-view.html
if argv.restricted? if argv.restricted?
allowedToView = (req) -> allowedToView = (req) ->
allowed = []
if argv.allowed_domains? if argv.allowed_domains?
if Array.isArray(argv.allowed_domains) try
allowed = argv.allowed_domains allowed_domains = argv.allowed_domains
else emails = req.session.passport.user.google.emails
# accommodate copy bug to be fixed soon for entry in emails
# https://github.com/fedwiki/wiki/blob/4c6eee69e78c1ba3f3fc8d61f4450f70afb78f10/farm.coffee#L98-L103 have = entry.value.split('@')[1]
for k, v of argv.allowed_domains for want in allowed_domains
allowed.push v return true if want == have
# emails = [ { value: 'ward.cunningham@gmail.com', type: 'account' } ] catch error
emails = req.session?.passport?.user?.google?.emails if emails?
return false unless emails console.log "argv.allowed_domains exists, but there was an error. Make sure it's value is an array in your config."
for entry in emails if argv.allowed_ids?
have = entry.value.split('@')[1] try
for want in allowed allowed_ids = argv.allowed_ids
return true if want == have idProvider = _.head(_.keys(req.session.passport.user))
switch idProvider
when 'github', 'twitter', 'oauth2'
id = req.session.passport.user[idProvider].id
return true if (allowed_ids.length == 1 and allowed_ids[0] == "*")
for want in allowed_ids
return true if want == id
catch error
if idProvider?
console.log "argv.allowed_ids exists, but there was an error. Make sure it's value is an array in your config."
false false
app.all '*', (req, res, next) -> app.all '*', (req, res, next) ->