oAuth server WIP

zapakh · Feb 7, 2018 · bbfd908 · bbfd908
1 parent 618186c
commit bbfd908
Show file tree

Hide file tree

Showing 4 changed files with 57 additions and 5 deletions.
diff --git a/conf/base.conf b/conf/base.conf
@@ -248,8 +248,15 @@ security {
     refresh_delay = 10 minutes
   }
   recaptcha = ${recaptcha}
-  whois {
-    key = "matewithknightandbishop"
+  oauth {
+    mongodb {
+      uri = "mongodb://127.0.0.1:27017/oauth"
+      mongo-async-driver = {}
+    }
+    collection {
+      access_token = oauth_access_token
+      client = oauth_client
+    }
   }
   mailgun = ${mailgun}
   net {

diff --git a/modules/security/src/main/Env.scala b/modules/security/src/main/Env.scala
@@ -43,6 +43,10 @@ final class Env(
     val NetBaseUrl = config getString "net.base_url"
     val NetDomain = config getString "net.domain"
     val NetEmail = config getString "net.email"
+    object oauth {
+      val CollectionAccessToken = config getString "collection.access_token"
+      val CollectionClient = config getString "collection.client"
+    }
   }
   import settings._
 
@@ -156,7 +160,12 @@ final class Env(
   scheduler.once(30 seconds)(tor.refresh(_ => funit))
   scheduler.effect(TorRefreshDelay, "Refresh Tor exit nodes")(tor.refresh(firewall.unblockIps))
 
-  lazy val api = new SecurityApi(storeColl, firewall, geoIP, authenticator, emailAddressValidator)
+  private lazy val oAuthServer = new OAuthServer(
+    tokenColl = db(oauth.CollectionAccessToken),
+    clientColl = db(oauth.CollectionClient)
+  )
+
+  lazy val api = new SecurityApi(storeColl, firewall, geoIP, authenticator, emailAddressValidator, oAuthServer)
 
   lazy val csrfRequestHandler = new CSRFRequestHandler(NetDomain)
 

diff --git a/modules/security/src/main/OAuthServer.scala b/modules/security/src/main/OAuthServer.scala
@@ -0,0 +1,35 @@
+package lila.security
+
+import org.joda.time.DateTime
+import play.api.mvc.RequestHeader
+
+import lila.common.Iso
+import lila.db.dsl._
+import lila.user.{ User, UserRepo }
+
+object OAuth {
+  case class AccessTokenId(value: String) extends AnyVal
+}
+
+private final class OAuthServer(
+    tokenColl: Coll,
+    clientColl: Coll
+) {
+
+  import OAuth._
+
+  private implicit val tokenIdHandler = stringAnyValHandler[AccessTokenId](_.value, AccessTokenId.apply)
+
+  def activeUser(req: RequestHeader): Fu[Option[User]] = {
+    req.headers get "Authorization" map (_.split(" ", 2))
+  } ?? {
+    case Array("Bearer", accessToken) => activeUser(AccessTokenId(accessToken))
+    case _ => fuccess(none)
+  }
+
+  def activeUser(token: AccessTokenId): Fu[Option[User]] =
+    tokenColl.primitiveOne[User.ID]($doc(
+      "access_token_id" -> token,
+      "expireDate" $gt DateTime.now
+    ), "user_id") flatMap { _ ?? UserRepo.byId }
+}
diff --git a/modules/security/src/main/SecurityApi.scala b/modules/security/src/main/SecurityApi.scala
@@ -19,7 +19,8 @@ final class SecurityApi(
     firewall: Firewall,
     geoIP: GeoIP,
     authenticator: lila.user.Authenticator,
-    emailValidator: EmailAddressValidator
+    emailValidator: EmailAddressValidator,
+    oAuth: OAuthServer
 ) {
 
   val AccessUri = "access_uri"
@@ -76,7 +77,7 @@ final class SecurityApi(
             }
           }
         }
-      }
+      } orElse oAuth.activeUser(req).map2 { (u: User) => FingerprintedUser(u, false) }
     }
 
   def locatedOpenSessions(userId: User.ID, nb: Int): Fu[List[LocatedSession]] =