ホーム エクスプローラ ヘルプ
サインイン
biheng
/
uppy
1
0
フォーク 0
ファイル 課題 0 プルリクエスト 0 Wiki
ツリー: c6fbae5a9d
ブランチ タグ
uppy
/
packages
/
@uppy
/
companion
/
src
/
server
/
controllers
/
send-token.js

send-token.js 2.3 KB
履歴 Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 
  1. /**
    2. 

  2.  *
    3. 

  3.  * sends auth token to uppy client
    4. 

  4.  */
    5. 

  5. const tokenService = require('../helpers/jwt')
    6. 

  6. const parseUrl = require('url').parse // eslint-disable-line node/no-deprecated-api
    7. 

  7. const { hasMatch, sanitizeHtml } = require('../helpers/utils')
    8. 

  8. const oAuthState = require('../helpers/oauth-state')
    9. 

  9. const versionCmp = require('../helpers/version')
    10. 

  10. 

  11. /**
    12. 

  12.  *
    13. 

  13.  * @param {object} req
    14. 

  14.  * @param {object} res
    15. 

  15.  * @param {function} next
    16. 

  16.  */
    17. 

  17. module.exports = function sendToken (req, res, next) {
    18. 

  18.   const uppyAuthToken = req.companion.authToken
    19. 

  19.   // add the token to cookies for thumbnail/image requests
    20. 

  20.   if (req.companion.provider.authProvider !== 'microsoft') {
    21. 

  21.     tokenService.addToCookies(res, uppyAuthToken, req.companion.options, req.companion.provider.authProvider)
    22. 

  22.   }
    23. 

  23. 

  24.   const state = (req.session.grant || {}).state
    25. 

  25.   if (state) {
    26. 

  26.     const origin = oAuthState.getFromState(state, 'origin', req.companion.options.secret)
    27. 

  27.     const clientVersion = oAuthState.getFromState(
    28. 

  28.       state,
    29. 

  29.       'clientVersion',
    30. 

  30.       req.companion.options.secret
    31. 

  31.     )
    32. 

  32.     const allowedClients = req.companion.options.clients
    33. 

  33.     // if no preset clients then allow any client
    34. 

  34.     if (!allowedClients || hasMatch(origin, allowedClients) || hasMatch(parseUrl(origin).host, allowedClients)) {
    35. 

  35.       const allowsStringMessage = versionCmp.gte(clientVersion, '1.0.2')
    36. 

  36.       return res.send(allowsStringMessage ? htmlContent(uppyAuthToken, origin) : oldHtmlContent(uppyAuthToken, origin))
    37. 

  37.     }
    38. 

  38.   }
    39. 

  39.   next()
    40. 

  40. }
    41. 

  41. 

  42. /**
    43. 

  43.  *
    44. 

  44.  * @param {string} token uppy auth token
    45. 

  45.  * @param {string} origin url string
    46. 

  46.  */
    47. 

  47. const htmlContent = (token, origin) => {
    48. 

  48.   return `
    49. 

  49.     <!DOCTYPE html>
    50. 

  50.     <html>
    51. 

  51.     <head>
    52. 

  52.         <meta charset="utf-8" />
    53. 

  53.         <script>
    54. 

  54.           window.opener.postMessage(JSON.stringify({token: "${token}"}), "${sanitizeHtml(origin)}")
    55. 

  55.           window.close()
    56. 

  56.         </script>
    57. 

  57.     </head>
    58. 

  58.     <body></body>
    59. 

  59.     </html>`
    60. 

  60. }
    61. 

  61. 

  62. /**
    63. 

  63.  * @todo remove this function in next major release
    64. 

  64.  * @param {string} token uppy auth token
    65. 

  65.  * @param {string} origin url string
    66. 

  66.  */
    67. 

  67. const oldHtmlContent = (token, origin) => {
    68. 

  68.   return `
    69. 

  69.     <!DOCTYPE html>
    70. 

  70.     <html>
    71. 

  71.     <head>
    72. 

  72.         <meta charset="utf-8" />
    73. 

  73.         <script>
    74. 

  74.           window.opener.postMessage({token: "${token}"}, "${sanitizeHtml(origin)}")
    75. 

  75.           window.close()
    76. 

  76.         </script>
    77. 

  77.     </head>
    78. 

  78.     <body></body>
    79. 

  79.     </html>`
    80. 

  80. }
    81.