fix: moved getAuthCode from api to web routes

2026-01-04 21:30:05 +00:00 · 2022-05-11 21:01:00 +05:00
parent 45a2a01532
commit b40de8fa6a
7 changed files with 219 additions and 242 deletions
--- a/api/src/controllers/web.ts
+++ b/api/src/controllers/web.ts
@@ -1,10 +1,13 @@
 import path from 'path'
 import express from 'express'
-import { Request, Route, Tags, Post, Body, Get } from 'tsoa'
+import { Request, Route, Tags, Post, Body, Get, Example } from 'tsoa'
 import { readFile } from '@sasjs/utils'

 import User from '../model/User'
-import { getWebBuildFolderPath } from '../utils'
+import Client from '../model/Client'
+import { getWebBuildFolderPath, generateAuthCode } from '../utils'
+import { InfoJWT } from '../types'
+import { AuthController } from './auth'

@Route('/')
@Tags('Web')
@@ -22,7 +25,7 @@ export class WebController {
   * @summary Accept a valid username/password
   *
   */
-  @Post('/login')
+  @Post('/SASLogon/login')
  public async login(
    @Request() req: express.Request,
    @Body() body: LoginPayload
@@ -30,6 +33,21 @@ export class WebController {
    return login(req, body)
  }

+  /**
+   * @summary Accept a valid username/password, plus a CLIENT_ID, and return an AUTH_CODE
+   *
+   */
+  @Example<AuthorizeResponse>({
+    code: 'someRandomCryptoString'
+  })
+  @Post('/SASLogon/authorize')
+  public async authorize(
+    @Request() req: express.Request,
+    @Body() body: AuthorizePayload
+  ): Promise<AuthorizeResponse> {
+    return authorize(req, body.clientId)
+  }
+
  /**
   * @summary Accept a valid username/password
   *
@@ -84,6 +102,26 @@ const login = async (
  }
 }

+const authorize = async (
+  req: express.Request,
+  clientId: string
+): Promise<AuthorizeResponse> => {
+  const userId = req.session.user?.userId
+  if (!userId) throw new Error('Invalid userId.')
+  // generate authorization code against clientId
+  const userInfo: InfoJWT = {
+    clientId,
+    userId
+  }
+  const code = AuthController.saveCode(
+    userId,
+    clientId,
+    generateAuthCode(userInfo)
+  )
+
+  return { code }
+}
+
 interface LoginPayload {
  /**
   * Username for user
@@ -96,3 +134,19 @@ interface LoginPayload {
   */
  password: string
 }
+
+interface AuthorizePayload {
+  /**
+   * Client ID
+   * @example "clientID1"
+   */
+  clientId: string
+}
+
+interface AuthorizeResponse {
+  /**
+   * Authorization code
+   * @example "someRandomCryptoString"
+   */
+  code: string
+}