This commit is contained in:
Hugo Renard 2022-02-15 16:16:51 +01:00
parent d29fd81317
commit 67718df65d
Signed by: hougo
GPG key ID: 3A285FD470209C59
4 changed files with 49 additions and 12 deletions

View file

@ -1,6 +1,7 @@
import {
IAppAccessors,
IConfigurationExtend,
IConfigurationModify,
ILogger,
} from "@rocket.chat/apps-engine/definition/accessors";
import {
@ -9,12 +10,16 @@ import {
} from "@rocket.chat/apps-engine/definition/api";
import { App } from "@rocket.chat/apps-engine/definition/App";
import { IAppInfo } from "@rocket.chat/apps-engine/definition/metadata";
import { SettingType } from "@rocket.chat/apps-engine/definition/settings";
import {
ISetting,
SettingType,
} from "@rocket.chat/apps-engine/definition/settings";
import { GroupEndpoint } from "./src/endpoints/GroupEndpoint";
import { GroupsEndpoint } from "./src/endpoints/GroupsEndpoint";
import { UserEndpoint } from "./src/endpoints/UserEndpoint";
import { UsersEndpoint } from "./src/endpoints/UsersEndpoint";
import crypto = require("crypto");
export class ScimApp extends App {
constructor(info: IAppInfo, logger: ILogger, accessors: IAppAccessors) {
@ -50,14 +55,15 @@ export class ScimApp extends App {
public: false,
i18nLabel: "Rocket.Chat Token",
});
}
// public async onSettingUpdated(
// setting: ISetting,
// configurationModify: IConfigurationModify,
// read: IRead,
// http: IHttp
// ): Promise<void> {
// this.con
// }
configuration.settings.provideSetting({
id: "auth-bearer",
type: SettingType.STRING,
packageValue: "",
required: true,
public: false,
i18nLabel: "A bearer token to access the SCIM endpoints.",
value: crypto.randomBytes(128).toString("base64").slice(0, 128),
});
}
}

View file

@ -9,6 +9,7 @@ import {
IApiRequest,
} from "@rocket.chat/apps-engine/definition/api";
import { EmptyRequestError } from "../errors/EmptyRequestError";
import { UnauthorizedError } from "../errors/UnauthorizedError";
import { RcSdk } from "../rc-sdk/RcSdk";
import { Store } from "../store/Store";
@ -52,4 +53,14 @@ export class Context {
}
return this.request.content;
}
public async checkAuth() {
const token = await this.read
.getEnvironmentReader()
.getSettings()
.getValueById("auth-bearer");
if (this.request.headers.authorization !== `Bearer ${token}`) {
throw new UnauthorizedError();
}
}
}

View file

@ -118,9 +118,16 @@ export abstract class ScimEndpoint extends ApiEndpoint {
persis: IPersistence,
): Promise<IApiResponse> => {
try {
return await method.bind(this)(
new Context(request, endpoint, read, modify, http, persis),
const ctx = new Context(
request,
endpoint,
read,
modify,
http,
persis,
);
await ctx.checkAuth();
return await method.bind(this)(ctx);
} catch (e) {
let err: SCIMError;
if (e.toSCIMError && typeof e.toSCIMError === "function") {

View file

@ -0,0 +1,13 @@
import { HttpStatusCode } from "@rocket.chat/apps-engine/definition/accessors";
import { SCIMError, SCIMErrorType } from "../scim/Error";
import { BaseError } from "./BaseError";
export class UnauthorizedError extends BaseError {
public message = "The bearer token is missing or doesn't match.";
public toSCIMError(): SCIMError {
return new SCIMError()
.setStatus(HttpStatusCode.UNAUTHORIZED)
.setScimType(SCIMErrorType.INVALID_SYNTAX)
.setDetail(this.message);
}
}