147 lines
3.5 KiB
JavaScript
Executable File
147 lines
3.5 KiB
JavaScript
Executable File
const express = require("express");
|
|
const session = require("express-session");
|
|
const { Issuer } = require("openid-client");
|
|
const { createTemplateRenderer } = require("./utils/templates.js");
|
|
const { Client } = require("pg");
|
|
const { generateOtp } = require("mobilepass");
|
|
|
|
require("dotenv").config();
|
|
|
|
const PORT = process.env.PORT || 3000;
|
|
|
|
const app = express();
|
|
app.use(express.json());
|
|
app.use(
|
|
session({
|
|
secret: process.env.COOKIE_SECRET,
|
|
saveUninitialized: false,
|
|
cookie: { maxAge: 10 * 60 * 1000 },
|
|
})
|
|
);
|
|
|
|
const renderHtml = createTemplateRenderer({
|
|
useCache: process.env.NODE_ENV === "production",
|
|
});
|
|
|
|
(async () => {
|
|
const issuer = await Issuer.discover(process.env.OIDC_WELL_KNOWN_URL);
|
|
const client = new issuer.Client({
|
|
client_id: process.env.CLIENT_ID,
|
|
client_secret: process.env.CLIENT_SECRET,
|
|
response_types: ["code"],
|
|
});
|
|
|
|
const pg = new Client();
|
|
await pg.connect();
|
|
|
|
await pg.query(`
|
|
CREATE TABLE IF NOT EXISTS counters (
|
|
id SERIAL PRIMARY KEY,
|
|
counter INTEGER NOT NULL
|
|
)
|
|
`);
|
|
|
|
app.get("/", async (req, res) => {
|
|
if (req.session.user) {
|
|
const counter = await pg.query(
|
|
"SELECT counter FROM counters WHERE id = 1"
|
|
).then((result) => {
|
|
if (result.rows.length > 0) {
|
|
return result.rows[0].counter;
|
|
} else {
|
|
return 0;
|
|
}
|
|
});
|
|
|
|
res.send(
|
|
renderHtml("index.html", {
|
|
USERNAME: req.session.user.sub,
|
|
OTP: await generateOtp(process.env.ACTIVATION_CODE, counter),
|
|
COUNTER: counter,
|
|
})
|
|
);
|
|
} else {
|
|
res.send(renderHtml("login.html"));
|
|
}
|
|
});
|
|
|
|
const stateMap = {};
|
|
|
|
app.post("/authorize", (req, res) => {
|
|
const { redirectUri } = req.body;
|
|
if (!redirectUri) {
|
|
return res.send(
|
|
renderHtml("login-fail.html", {
|
|
ERROR: "redirectUri missing or invalid",
|
|
})
|
|
);
|
|
}
|
|
|
|
const state = Math.random().toString(36).substring(2);
|
|
stateMap[state] = { redirectUri };
|
|
|
|
const url = client.authorizationUrl({
|
|
scope: "openid profile",
|
|
redirect_uri: redirectUri,
|
|
state,
|
|
});
|
|
|
|
// 回傳 JSON 給前端,讓前端負責導向
|
|
res.json({ redirect: url });
|
|
});
|
|
|
|
app.get("/callback", async (req, res) => {
|
|
try {
|
|
const state = req.query.state;
|
|
const { redirectUri } = stateMap[state];
|
|
|
|
const params = client.callbackParams(req);
|
|
const tokenSet = await client.callback(redirectUri, params, { state });
|
|
const userinfo = await client.userinfo(tokenSet.access_token);
|
|
|
|
req.session.user = userinfo;
|
|
res.redirect("/");
|
|
} catch (error) {
|
|
res.send(renderHtml("login-fail.html", { ERROR: error }));
|
|
}
|
|
});
|
|
|
|
app.put("/counter", (req, res) => {
|
|
if (req.session.user) {
|
|
const { counter } = req.body;
|
|
try {
|
|
pg.query(
|
|
`
|
|
INSERT INTO counters (id, counter)
|
|
VALUES (1, $1)
|
|
ON CONFLICT (id) DO UPDATE SET counter = $1
|
|
`,
|
|
[counter]
|
|
);
|
|
res.json({ success: true });
|
|
}
|
|
catch (error) {
|
|
res.status(500).json({ success: false, error: error.message });
|
|
}
|
|
} else {
|
|
res.status(401).json({ success: false, error: "Unauthorized" });
|
|
}
|
|
});
|
|
|
|
app.post("/logout", (req, res) => {
|
|
req.session.destroy(() => {
|
|
res.redirect("/");
|
|
});
|
|
});
|
|
|
|
process.on("SIGINT", async () => {
|
|
await pg.end();
|
|
console.log("Database connection closed.");
|
|
process.exit(0);
|
|
});
|
|
|
|
app.listen(PORT, () => {
|
|
console.log(`listening at http://localhost:${PORT}`);
|
|
});
|
|
})();
|