2021-06-27 20:44:05 +08:00
|
|
|
import crypto from 'crypto';
|
|
|
|
import Koa from 'koa';
|
|
|
|
import mount from 'koa-mount';
|
|
|
|
import { Provider } from 'oidc-provider';
|
|
|
|
import postgresAdapter from '../oidc/adapter';
|
|
|
|
|
|
|
|
import { fromKeyLike } from 'jose/jwk/from_key_like';
|
|
|
|
import { getEnv } from '../utils';
|
2021-07-02 21:14:18 +08:00
|
|
|
import { findUserById } from '../queries/user';
|
2021-07-02 22:09:38 +08:00
|
|
|
import { signInRoute } from '../consts';
|
2021-06-27 20:44:05 +08:00
|
|
|
|
|
|
|
export default async function initOidc(app: Koa, port: number): Promise<void> {
|
|
|
|
const privateKey = crypto.createPrivateKey(
|
|
|
|
Buffer.from(getEnv('OIDC_PROVIDER_PRIVATE_KEY_BASE64'), 'base64')
|
|
|
|
);
|
|
|
|
const keys = [await fromKeyLike(privateKey)];
|
|
|
|
const oidc = new Provider(`http://localhost:${port}/oidc`, {
|
|
|
|
adapter: postgresAdapter,
|
|
|
|
renderError: (ctx, out, error) => {
|
|
|
|
console.log(error);
|
|
|
|
},
|
|
|
|
cookies: {
|
|
|
|
// V2: Rotate this when necessary
|
|
|
|
// https://github.com/panva/node-oidc-provider/blob/main/docs/README.md#cookieskeys
|
|
|
|
keys: ['LOGTOSEKRIT1'],
|
|
|
|
},
|
|
|
|
jwks: {
|
|
|
|
keys,
|
|
|
|
},
|
|
|
|
clients: [
|
|
|
|
{
|
|
|
|
client_id: 'foo',
|
|
|
|
redirect_uris: ['http://localhost:3000/callback'],
|
|
|
|
grant_types: ['authorization_code', 'refresh_token'],
|
|
|
|
token_endpoint_auth_method: 'none',
|
|
|
|
},
|
|
|
|
],
|
2021-07-02 22:09:38 +08:00
|
|
|
features: {
|
|
|
|
revocation: { enabled: true },
|
|
|
|
introspection: { enabled: true },
|
|
|
|
devInteractions: { enabled: false },
|
|
|
|
},
|
|
|
|
interactions: {
|
|
|
|
url: (_, interaction) => `${signInRoute}?uid=${interaction.uid}`,
|
|
|
|
},
|
|
|
|
clientBasedCORS: (_, origin) => {
|
2021-07-02 21:14:18 +08:00
|
|
|
console.log('origin', origin);
|
2021-06-29 22:58:59 +08:00
|
|
|
return origin.startsWith('http://localhost:3000');
|
|
|
|
},
|
2021-07-02 21:14:18 +08:00
|
|
|
findAccount: async (ctx, sub) => {
|
|
|
|
await findUserById(sub);
|
|
|
|
|
2021-06-27 20:44:05 +08:00
|
|
|
return {
|
|
|
|
accountId: sub,
|
2021-07-02 22:09:38 +08:00
|
|
|
claims: async (use, scope, claims, rejected) => {
|
|
|
|
console.log('use:', use);
|
|
|
|
console.log('scope:', scope);
|
|
|
|
console.log('claims:', claims);
|
|
|
|
console.log('rejected:', rejected);
|
2021-06-27 20:44:05 +08:00
|
|
|
return { sub };
|
|
|
|
},
|
|
|
|
};
|
|
|
|
},
|
|
|
|
});
|
|
|
|
app.use(mount('/oidc', oidc.app));
|
|
|
|
}
|