server/api/v1/oauth-clients/index.js

   1 'use strict';
   2
   3 const crypto = require('crypto');
   4 const StatusError = require('statuserror');
   5 const mongoUtils = require('gitter-web-persistence-utils/lib/mongo-utils');
   6 const oauthService = require('gitter-web-oauth');
   7 const persistenceService = require('gitter-web-persistence');
   8 const restSerializer = require('../../../serializers/rest-serializer');
   9
  10 module.exports = {
  11   id: 'oauthClient',
  12
  13   index: async function(req) {
  14     const apps = await oauthService.findClientsByOwnerUserId(req.user.id);
  15
  16     const strategy = new restSerializer.OauthClientStrategy();
  17     return restSerializer.serialize(apps, strategy);
  18   },
  19
  20   create: async function(req) {
  21     const { name, registeredRedirectUri } = req.body;
  22
  23     if (!name.match(/\w+/) || !registeredRedirectUri) {
  24       throw new StatusError(400);
  25     }
  26
  27     const safeName = name.toLowerCase().replace(/\W/g, '-');
  28
  29     const app = {
  30       name: name,
  31       registeredRedirectUri: registeredRedirectUri,
  32       tag: safeName,
  33       clientKey: crypto.randomBytes(20).toString('hex'),
  34       clientSecret: crypto.randomBytes(20).toString('hex'),
  35       ownerUserId: req.user.id,
  36       canSkipAuthorization: false
  37     };
  38
  39     const oauthClient = await persistenceService.OAuthClient.create(app);
  40
  41     const strategy = new restSerializer.OauthClientStrategy();
  42     return restSerializer.serializeObject(oauthClient, strategy);
  43   },
  44
  45   destroy: async function(req) {
  46     const oauthClient = req.oauthClient;
  47
  48     if (!oauthClient) {
  49       throw new StatusError(404);
  50     }
  51
  52     await oauthService.deleteOauthClient(oauthClient);
  53   },
  54
  55   load: async function(req, id) {
  56     if (!mongoUtils.isLikeObjectId(id)) throw new StatusError(400);
  57
  58     const oauthClient = await oauthService.findClientById(id);
  59
  60     if (!oauthClient) {
  61       return null;
  62     }
  63
  64     if (!mongoUtils.objectIDsEqual(oauthClient.ownerUserId, req.user.id)) {
  65       throw new StatusError(403, 'OAuth Client owner does not match your user');
  66     }
  67
  68     return oauthClient;
  69   }
  70 };