mirror of
https://github.com/tornadocash/trusted-setup-server.git
synced 2025-01-18 16:58:53 +01:00
187 lines
5.4 KiB
JavaScript
187 lines
5.4 KiB
JavaScript
/* eslint-disable no-console */
|
|
const crypto = require('crypto')
|
|
const express = require('express')
|
|
const router = express.Router()
|
|
const oauth = require('oauth')
|
|
|
|
const {
|
|
TWITTER_CONSUMER_KEY,
|
|
TWITTER_CONSUMER_SECRET,
|
|
TWITTER_CALLBACK_URL,
|
|
GITHUB_CLIEND_ID,
|
|
GITHUB_CLIENT_SECRET,
|
|
GITHUB_CALLBACK_URL
|
|
} = process.env
|
|
const providers = ['github', 'twitter']
|
|
const signInPages = ['/make-contribution', '/authorize-contribution']
|
|
|
|
// twitter uses OAuth1
|
|
const twitter = new oauth.OAuth(
|
|
'https://twitter.com/oauth/request_token',
|
|
'https://twitter.com/oauth/access_token',
|
|
TWITTER_CONSUMER_KEY,
|
|
TWITTER_CONSUMER_SECRET,
|
|
'1.0A',
|
|
TWITTER_CALLBACK_URL,
|
|
'HMAC-SHA1'
|
|
)
|
|
|
|
// github uses OAuth2
|
|
const github = new oauth.OAuth2(
|
|
GITHUB_CLIEND_ID,
|
|
GITHUB_CLIENT_SECRET,
|
|
'https://github.com/',
|
|
'login/oauth/authorize',
|
|
'login/oauth/access_token'
|
|
)
|
|
github.useAuthorizationHeaderforGET(true)
|
|
|
|
function validateProvider(req, res, next) {
|
|
const { provider } = req.params
|
|
if (!providers.includes(provider)) {
|
|
res.status(404).send('Wrong provider')
|
|
} else {
|
|
next()
|
|
}
|
|
}
|
|
|
|
function validateRefferer(req, res, next) {
|
|
let referrer
|
|
try {
|
|
referrer = new URL(req.get('Referrer'))
|
|
} catch (e) {
|
|
res.status(403).send('Access forbidden')
|
|
return
|
|
}
|
|
|
|
if (!signInPages.includes(referrer.pathname)) {
|
|
res.status(403).send('Access forbidden')
|
|
return
|
|
}
|
|
|
|
next()
|
|
}
|
|
|
|
function restrictSymbols(value) {
|
|
if (value) {
|
|
const regExpression = new RegExp('[^0-9a-zA-Z\\x20]', 'g')
|
|
return value.toString().replace(regExpression, '')
|
|
} else {
|
|
return ''
|
|
}
|
|
}
|
|
|
|
router.get('/connect/:provider', validateProvider, validateRefferer, (req, res) => {
|
|
const { provider } = req.params
|
|
const referrer = new URL(req.get('Referrer'))
|
|
|
|
req.session.pageToReturn = referrer.pathname // the page a user will be redirected after signIn
|
|
if (referrer.pathname === '/authorize-contribution') {
|
|
req.session.pageToReturn += referrer.search // to add `token` parameter for authorize-contribution page
|
|
}
|
|
|
|
if (provider === 'github') {
|
|
const CSRFToken = crypto.randomBytes(32).toString('hex')
|
|
const authorizeUrl = github.getAuthorizeUrl({
|
|
redirect_uri: GITHUB_CALLBACK_URL,
|
|
scope: [], // 'gist' - https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/
|
|
state: CSRFToken
|
|
})
|
|
req.session.CSRFToken = CSRFToken
|
|
res.redirect(authorizeUrl)
|
|
} else if (provider === 'twitter') {
|
|
twitter.getOAuthRequestToken(function(error, oauthToken, oauthTokenSecret) {
|
|
if (error) {
|
|
res.status(500).send(error)
|
|
} else {
|
|
req.session.oauthRequestToken = oauthToken
|
|
req.session.oauthRequestTokenSecret = oauthTokenSecret
|
|
res.redirect(
|
|
'https://twitter.com/oauth/authorize?oauth_token=' + req.session.oauthRequestToken
|
|
)
|
|
}
|
|
})
|
|
}
|
|
})
|
|
|
|
router.get('/oauth_callback/:provider', validateProvider, (req, res) => {
|
|
const { provider } = req.params
|
|
|
|
if (provider === 'github') {
|
|
const { code, state } = req.query
|
|
if (state !== req.session.CSRFToken) {
|
|
res.status(404).send('Malformed request')
|
|
return
|
|
}
|
|
github.getOAuthAccessToken(code, {}, function(error, accessToken, refreshToken, results) {
|
|
if (error || results.error) {
|
|
console.error('getOAuthAccessToken error', error || results.error)
|
|
res.status(500).send(error || results.error)
|
|
} else {
|
|
req.session.refreshToken = refreshToken
|
|
req.session.accessToken = accessToken
|
|
res.redirect(req.session.pageToReturn)
|
|
}
|
|
})
|
|
} else if (provider === 'twitter') {
|
|
twitter.getOAuthAccessToken(
|
|
req.query.oauth_token,
|
|
req.session.oauthRequestTokenSecret,
|
|
req.query.oauth_verifier,
|
|
(error, oauthAccessToken, oauthAccessTokenSecret) => {
|
|
if (error) {
|
|
console.error('getOAuthAccessToken error', error)
|
|
res.status(500).send(error)
|
|
} else {
|
|
req.session.oauthAccessToken = oauthAccessToken
|
|
req.session.oauthAccessTokenSecret = oauthAccessTokenSecret
|
|
res.redirect(req.session.pageToReturn)
|
|
}
|
|
}
|
|
)
|
|
}
|
|
})
|
|
|
|
router.get('/user_data/', (req, res) => {
|
|
let userData = { name: 'Anonymous' }
|
|
if (req.session.accessToken) {
|
|
github.get('https://api.github.com/user', req.session.accessToken, function(error, data) {
|
|
if (!error) {
|
|
userData = JSON.parse(data)
|
|
userData.name = restrictSymbols(userData.name)
|
|
userData.handle = userData.login
|
|
userData.socialType = 'github'
|
|
req.session.handle = userData.login
|
|
req.session.socialType = 'github'
|
|
}
|
|
res.json(userData)
|
|
})
|
|
} else if (req.session.oauthAccessToken && req.session.oauthAccessTokenSecret) {
|
|
twitter.get(
|
|
'https://api.twitter.com/1.1/account/verify_credentials.json',
|
|
req.session.oauthAccessToken,
|
|
req.session.oauthAccessTokenSecret,
|
|
function(error, data) {
|
|
if (!error) {
|
|
userData = JSON.parse(data)
|
|
userData.name = restrictSymbols(userData.name)
|
|
userData.handle = userData.screen_name
|
|
userData.socialType = 'twitter'
|
|
req.session.handle = userData.screen_name
|
|
req.session.socialType = 'twitter'
|
|
}
|
|
res.json(userData)
|
|
}
|
|
)
|
|
} else {
|
|
res.json(userData)
|
|
}
|
|
})
|
|
|
|
router.get('/logout', (req, res) => {
|
|
req.session.destroy()
|
|
res.send('OK')
|
|
})
|
|
|
|
module.exports = router
|