add auth
This commit is contained in:
parent
d29fd81317
commit
67718df65d
4 changed files with 49 additions and 12 deletions
26
ScimApp.ts
26
ScimApp.ts
|
@ -1,6 +1,7 @@
|
||||||
import {
|
import {
|
||||||
IAppAccessors,
|
IAppAccessors,
|
||||||
IConfigurationExtend,
|
IConfigurationExtend,
|
||||||
|
IConfigurationModify,
|
||||||
ILogger,
|
ILogger,
|
||||||
} from "@rocket.chat/apps-engine/definition/accessors";
|
} from "@rocket.chat/apps-engine/definition/accessors";
|
||||||
import {
|
import {
|
||||||
|
@ -9,12 +10,16 @@ import {
|
||||||
} from "@rocket.chat/apps-engine/definition/api";
|
} from "@rocket.chat/apps-engine/definition/api";
|
||||||
import { App } from "@rocket.chat/apps-engine/definition/App";
|
import { App } from "@rocket.chat/apps-engine/definition/App";
|
||||||
import { IAppInfo } from "@rocket.chat/apps-engine/definition/metadata";
|
import { IAppInfo } from "@rocket.chat/apps-engine/definition/metadata";
|
||||||
import { SettingType } from "@rocket.chat/apps-engine/definition/settings";
|
import {
|
||||||
|
ISetting,
|
||||||
|
SettingType,
|
||||||
|
} from "@rocket.chat/apps-engine/definition/settings";
|
||||||
import { GroupEndpoint } from "./src/endpoints/GroupEndpoint";
|
import { GroupEndpoint } from "./src/endpoints/GroupEndpoint";
|
||||||
import { GroupsEndpoint } from "./src/endpoints/GroupsEndpoint";
|
import { GroupsEndpoint } from "./src/endpoints/GroupsEndpoint";
|
||||||
|
|
||||||
import { UserEndpoint } from "./src/endpoints/UserEndpoint";
|
import { UserEndpoint } from "./src/endpoints/UserEndpoint";
|
||||||
import { UsersEndpoint } from "./src/endpoints/UsersEndpoint";
|
import { UsersEndpoint } from "./src/endpoints/UsersEndpoint";
|
||||||
|
import crypto = require("crypto");
|
||||||
|
|
||||||
export class ScimApp extends App {
|
export class ScimApp extends App {
|
||||||
constructor(info: IAppInfo, logger: ILogger, accessors: IAppAccessors) {
|
constructor(info: IAppInfo, logger: ILogger, accessors: IAppAccessors) {
|
||||||
|
@ -50,14 +55,15 @@ export class ScimApp extends App {
|
||||||
public: false,
|
public: false,
|
||||||
i18nLabel: "Rocket.Chat Token",
|
i18nLabel: "Rocket.Chat Token",
|
||||||
});
|
});
|
||||||
}
|
|
||||||
|
|
||||||
// public async onSettingUpdated(
|
configuration.settings.provideSetting({
|
||||||
// setting: ISetting,
|
id: "auth-bearer",
|
||||||
// configurationModify: IConfigurationModify,
|
type: SettingType.STRING,
|
||||||
// read: IRead,
|
packageValue: "",
|
||||||
// http: IHttp
|
required: true,
|
||||||
// ): Promise<void> {
|
public: false,
|
||||||
// this.con
|
i18nLabel: "A bearer token to access the SCIM endpoints.",
|
||||||
// }
|
value: crypto.randomBytes(128).toString("base64").slice(0, 128),
|
||||||
|
});
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,6 +9,7 @@ import {
|
||||||
IApiRequest,
|
IApiRequest,
|
||||||
} from "@rocket.chat/apps-engine/definition/api";
|
} from "@rocket.chat/apps-engine/definition/api";
|
||||||
import { EmptyRequestError } from "../errors/EmptyRequestError";
|
import { EmptyRequestError } from "../errors/EmptyRequestError";
|
||||||
|
import { UnauthorizedError } from "../errors/UnauthorizedError";
|
||||||
import { RcSdk } from "../rc-sdk/RcSdk";
|
import { RcSdk } from "../rc-sdk/RcSdk";
|
||||||
import { Store } from "../store/Store";
|
import { Store } from "../store/Store";
|
||||||
|
|
||||||
|
@ -52,4 +53,14 @@ export class Context {
|
||||||
}
|
}
|
||||||
return this.request.content;
|
return this.request.content;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public async checkAuth() {
|
||||||
|
const token = await this.read
|
||||||
|
.getEnvironmentReader()
|
||||||
|
.getSettings()
|
||||||
|
.getValueById("auth-bearer");
|
||||||
|
if (this.request.headers.authorization !== `Bearer ${token}`) {
|
||||||
|
throw new UnauthorizedError();
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -118,9 +118,16 @@ export abstract class ScimEndpoint extends ApiEndpoint {
|
||||||
persis: IPersistence,
|
persis: IPersistence,
|
||||||
): Promise<IApiResponse> => {
|
): Promise<IApiResponse> => {
|
||||||
try {
|
try {
|
||||||
return await method.bind(this)(
|
const ctx = new Context(
|
||||||
new Context(request, endpoint, read, modify, http, persis),
|
request,
|
||||||
|
endpoint,
|
||||||
|
read,
|
||||||
|
modify,
|
||||||
|
http,
|
||||||
|
persis,
|
||||||
);
|
);
|
||||||
|
await ctx.checkAuth();
|
||||||
|
return await method.bind(this)(ctx);
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
let err: SCIMError;
|
let err: SCIMError;
|
||||||
if (e.toSCIMError && typeof e.toSCIMError === "function") {
|
if (e.toSCIMError && typeof e.toSCIMError === "function") {
|
||||||
|
|
13
src/errors/UnauthorizedError.ts
Normal file
13
src/errors/UnauthorizedError.ts
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
import { HttpStatusCode } from "@rocket.chat/apps-engine/definition/accessors";
|
||||||
|
import { SCIMError, SCIMErrorType } from "../scim/Error";
|
||||||
|
import { BaseError } from "./BaseError";
|
||||||
|
|
||||||
|
export class UnauthorizedError extends BaseError {
|
||||||
|
public message = "The bearer token is missing or doesn't match.";
|
||||||
|
public toSCIMError(): SCIMError {
|
||||||
|
return new SCIMError()
|
||||||
|
.setStatus(HttpStatusCode.UNAUTHORIZED)
|
||||||
|
.setScimType(SCIMErrorType.INVALID_SYNTAX)
|
||||||
|
.setDetail(this.message);
|
||||||
|
}
|
||||||
|
}
|
Reference in a new issue