This commit is contained in:
Hugo Renard 2022-02-15 16:16:51 +01:00
parent d29fd81317
commit 67718df65d
Signed by: hougo
GPG key ID: 3A285FD470209C59
4 changed files with 49 additions and 12 deletions

View file

@ -1,6 +1,7 @@
import { import {
IAppAccessors, IAppAccessors,
IConfigurationExtend, IConfigurationExtend,
IConfigurationModify,
ILogger, ILogger,
} from "@rocket.chat/apps-engine/definition/accessors"; } from "@rocket.chat/apps-engine/definition/accessors";
import { import {
@ -9,12 +10,16 @@ import {
} from "@rocket.chat/apps-engine/definition/api"; } from "@rocket.chat/apps-engine/definition/api";
import { App } from "@rocket.chat/apps-engine/definition/App"; import { App } from "@rocket.chat/apps-engine/definition/App";
import { IAppInfo } from "@rocket.chat/apps-engine/definition/metadata"; import { IAppInfo } from "@rocket.chat/apps-engine/definition/metadata";
import { SettingType } from "@rocket.chat/apps-engine/definition/settings"; import {
ISetting,
SettingType,
} from "@rocket.chat/apps-engine/definition/settings";
import { GroupEndpoint } from "./src/endpoints/GroupEndpoint"; import { GroupEndpoint } from "./src/endpoints/GroupEndpoint";
import { GroupsEndpoint } from "./src/endpoints/GroupsEndpoint"; import { GroupsEndpoint } from "./src/endpoints/GroupsEndpoint";
import { UserEndpoint } from "./src/endpoints/UserEndpoint"; import { UserEndpoint } from "./src/endpoints/UserEndpoint";
import { UsersEndpoint } from "./src/endpoints/UsersEndpoint"; import { UsersEndpoint } from "./src/endpoints/UsersEndpoint";
import crypto = require("crypto");
export class ScimApp extends App { export class ScimApp extends App {
constructor(info: IAppInfo, logger: ILogger, accessors: IAppAccessors) { constructor(info: IAppInfo, logger: ILogger, accessors: IAppAccessors) {
@ -50,14 +55,15 @@ export class ScimApp extends App {
public: false, public: false,
i18nLabel: "Rocket.Chat Token", i18nLabel: "Rocket.Chat Token",
}); });
}
// public async onSettingUpdated( configuration.settings.provideSetting({
// setting: ISetting, id: "auth-bearer",
// configurationModify: IConfigurationModify, type: SettingType.STRING,
// read: IRead, packageValue: "",
// http: IHttp required: true,
// ): Promise<void> { public: false,
// this.con i18nLabel: "A bearer token to access the SCIM endpoints.",
// } value: crypto.randomBytes(128).toString("base64").slice(0, 128),
});
}
} }

View file

@ -9,6 +9,7 @@ import {
IApiRequest, IApiRequest,
} from "@rocket.chat/apps-engine/definition/api"; } from "@rocket.chat/apps-engine/definition/api";
import { EmptyRequestError } from "../errors/EmptyRequestError"; import { EmptyRequestError } from "../errors/EmptyRequestError";
import { UnauthorizedError } from "../errors/UnauthorizedError";
import { RcSdk } from "../rc-sdk/RcSdk"; import { RcSdk } from "../rc-sdk/RcSdk";
import { Store } from "../store/Store"; import { Store } from "../store/Store";
@ -52,4 +53,14 @@ export class Context {
} }
return this.request.content; return this.request.content;
} }
public async checkAuth() {
const token = await this.read
.getEnvironmentReader()
.getSettings()
.getValueById("auth-bearer");
if (this.request.headers.authorization !== `Bearer ${token}`) {
throw new UnauthorizedError();
}
}
} }

View file

@ -118,9 +118,16 @@ export abstract class ScimEndpoint extends ApiEndpoint {
persis: IPersistence, persis: IPersistence,
): Promise<IApiResponse> => { ): Promise<IApiResponse> => {
try { try {
return await method.bind(this)( const ctx = new Context(
new Context(request, endpoint, read, modify, http, persis), request,
endpoint,
read,
modify,
http,
persis,
); );
await ctx.checkAuth();
return await method.bind(this)(ctx);
} catch (e) { } catch (e) {
let err: SCIMError; let err: SCIMError;
if (e.toSCIMError && typeof e.toSCIMError === "function") { if (e.toSCIMError && typeof e.toSCIMError === "function") {

View file

@ -0,0 +1,13 @@
import { HttpStatusCode } from "@rocket.chat/apps-engine/definition/accessors";
import { SCIMError, SCIMErrorType } from "../scim/Error";
import { BaseError } from "./BaseError";
export class UnauthorizedError extends BaseError {
public message = "The bearer token is missing or doesn't match.";
public toSCIMError(): SCIMError {
return new SCIMError()
.setStatus(HttpStatusCode.UNAUTHORIZED)
.setScimType(SCIMErrorType.INVALID_SYNTAX)
.setDetail(this.message);
}
}