2022-02-27 03:07:39 +01:00
|
|
|
import isNativeToken from './common/is-native-token.js';
|
2022-03-25 08:27:41 +01:00
|
|
|
import { CacheableLocalUser, ILocalUser } from '@/models/entities/user.js';
|
2022-02-27 03:07:39 +01:00
|
|
|
import { Users, AccessTokens, Apps } from '@/models/index.js';
|
|
|
|
import { AccessToken } from '@/models/entities/access-token.js';
|
2022-03-25 08:27:41 +01:00
|
|
|
import { Cache } from '@/misc/cache.js';
|
|
|
|
import { App } from '@/models/entities/app.js';
|
|
|
|
import { localUserByIdCache, localUserByNativeTokenCache } from '@/services/user-cache.js';
|
|
|
|
|
|
|
|
const appCache = new Cache<App>(Infinity);
|
2021-03-18 02:19:30 +01:00
|
|
|
|
2021-07-17 17:53:16 +02:00
|
|
|
export class AuthenticationError extends Error {
|
|
|
|
constructor(message: string) {
|
|
|
|
super(message);
|
|
|
|
this.name = 'AuthenticationError';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-03-25 08:27:41 +01:00
|
|
|
export default async (token: string | null): Promise<[CacheableLocalUser | null | undefined, AccessToken | null | undefined]> => {
|
2017-01-05 17:28:16 +01:00
|
|
|
if (token == null) {
|
2019-01-23 11:25:36 +01:00
|
|
|
return [null, null];
|
2017-01-05 17:28:16 +01:00
|
|
|
}
|
|
|
|
|
2017-01-06 03:07:42 +01:00
|
|
|
if (isNativeToken(token)) {
|
2022-03-25 08:27:41 +01:00
|
|
|
// TODO: typeorm 3.0にしたら .then(x => x || null) は消せる
|
|
|
|
const user = await localUserByNativeTokenCache.fetch(token,
|
|
|
|
() => Users.findOne({ token }).then(x => x || null) as Promise<ILocalUser | null>);
|
2016-12-28 23:49:51 +01:00
|
|
|
|
2019-04-07 14:50:36 +02:00
|
|
|
if (user == null) {
|
2021-07-17 17:53:16 +02:00
|
|
|
throw new AuthenticationError('user not found');
|
2016-12-28 23:49:51 +01:00
|
|
|
}
|
|
|
|
|
2019-01-23 11:25:36 +01:00
|
|
|
return [user, null];
|
2017-01-05 17:28:16 +01:00
|
|
|
} else {
|
2019-04-07 14:50:36 +02:00
|
|
|
const accessToken = await AccessTokens.findOne({
|
2020-06-03 06:19:07 +02:00
|
|
|
where: [{
|
2021-12-09 15:58:30 +01:00
|
|
|
hash: token.toLowerCase(), // app
|
2020-06-03 06:19:07 +02:00
|
|
|
}, {
|
2021-12-09 15:58:30 +01:00
|
|
|
token: token, // miauth
|
2020-06-03 06:19:07 +02:00
|
|
|
}],
|
2016-12-28 23:49:51 +01:00
|
|
|
});
|
|
|
|
|
2019-04-07 14:50:36 +02:00
|
|
|
if (accessToken == null) {
|
2021-07-17 17:53:16 +02:00
|
|
|
throw new AuthenticationError('invalid signature');
|
2016-12-28 23:49:51 +01:00
|
|
|
}
|
|
|
|
|
2020-03-28 03:24:37 +01:00
|
|
|
AccessTokens.update(accessToken.id, {
|
|
|
|
lastUsedAt: new Date(),
|
|
|
|
});
|
2016-12-28 23:49:51 +01:00
|
|
|
|
2022-03-25 08:27:41 +01:00
|
|
|
const user = await localUserByIdCache.fetch(accessToken.userId,
|
|
|
|
() => Users.findOne({
|
2021-12-09 15:58:30 +01:00
|
|
|
id: accessToken.userId, // findOne(accessToken.userId) のように書かないのは後方互換性のため
|
2022-03-25 08:27:41 +01:00
|
|
|
}) as Promise<ILocalUser>);
|
2016-12-28 23:49:51 +01:00
|
|
|
|
2020-03-28 03:24:37 +01:00
|
|
|
if (accessToken.appId) {
|
2022-03-25 08:27:41 +01:00
|
|
|
const app = await appCache.fetch(accessToken.appId,
|
|
|
|
() => Apps.findOneOrFail(accessToken.appId!));
|
2020-03-28 03:24:37 +01:00
|
|
|
|
|
|
|
return [user, {
|
2020-03-28 10:07:41 +01:00
|
|
|
id: accessToken.id,
|
2021-12-09 15:58:30 +01:00
|
|
|
permission: app.permission,
|
2020-03-28 10:07:41 +01:00
|
|
|
} as AccessToken];
|
2020-03-28 03:24:37 +01:00
|
|
|
} else {
|
2020-03-28 10:07:41 +01:00
|
|
|
return [user, accessToken];
|
2020-03-28 03:24:37 +01:00
|
|
|
}
|
2016-12-28 23:49:51 +01:00
|
|
|
}
|
2019-01-23 11:25:36 +01:00
|
|
|
};
|