solve typescript warnings

This commit is contained in:
Kagami Sascha Rosylight 2023-06-16 22:24:03 +02:00
parent b81e6eeff9
commit 260ac0ecfc
2 changed files with 43 additions and 18 deletions

View file

@ -1,10 +1,11 @@
import dns from 'node:dns/promises';
import { fileURLToPath } from 'node:url';
import { ServerResponse } from 'node:http';
import { Inject, Injectable } from '@nestjs/common';
import { JSDOM } from 'jsdom';
import httpLinkHeader from 'http-link-header';
import ipaddr from 'ipaddr.js';
import oauth2orize, { type OAuth2, AuthorizationError, ValidateFunctionArity2, OAuth2Req } from 'oauth2orize';
import oauth2orize, { type OAuth2, AuthorizationError, ValidateFunctionArity2, OAuth2Req, MiddlewareRequest } from 'oauth2orize';
import oauth2Pkce from 'oauth2orize-pkce';
import fastifyView from '@fastify/view';
import pug from 'pug';
@ -116,11 +117,23 @@ type OmitFirstElement<T extends unknown[]> = T extends [unknown, ...(infer R)]
? R
: [];
interface OAuthRequest extends OAuth2Req {
interface OAuthParsedRequest extends OAuth2Req {
codeChallenge: string;
codeChallengeMethod: string;
}
interface OAuthHttpResponse extends ServerResponse {
redirect(location: string): void;
}
interface OAuth2DecisionRequest extends MiddlewareRequest {
body: {
transaction_id: string;
cancel: boolean;
login_token: string;
}
}
function getQueryMode(issuerUrl: string): oauth2orize.grant.Options['modes'] {
return {
query: (txn, res, params): void => {
@ -135,7 +148,7 @@ function getQueryMode(issuerUrl: string): oauth2orize.grant.Options['modes'] {
parsed.searchParams.append(key, value as string);
}
return (res as any).redirect(parsed.toString());
return (res as OAuthHttpResponse).redirect(parsed.toString());
},
};
}
@ -143,7 +156,7 @@ function getQueryMode(issuerUrl: string): oauth2orize.grant.Options['modes'] {
class OAuth2Store {
#cache = new MemoryKVCache<OAuth2>(1000 * 60 * 5); // 5min
load(req: any, cb: (err: Error | null, txn?: OAuth2) => void): void {
load(req: OAuth2DecisionRequest, cb: (err: Error | null, txn?: OAuth2) => void): void {
const { transaction_id } = req.body;
if (!transaction_id) {
cb(new AuthorizationError('Missing transaction ID', 'invalid_request'));
@ -157,13 +170,13 @@ class OAuth2Store {
cb(null, loaded);
}
store(req: unknown, oauth2: OAuth2, cb: (err: Error | null, transactionID?: string) => void): void {
store(req: OAuth2DecisionRequest, oauth2: OAuth2, cb: (err: Error | null, transactionID?: string) => void): void {
const transactionId = secureRndstr(128, true);
this.#cache.set(transactionId, oauth2);
cb(null, transactionId);
}
remove(req: unknown, tid: string, cb: () => void): void {
remove(req: OAuth2DecisionRequest, tid: string, cb: () => void): void {
this.#cache.delete(tid);
cb();
}
@ -222,7 +235,7 @@ export class OAuth2ProviderService {
clientId: client.id,
userId: user.id,
redirectUri,
codeChallenge: (areq as OAuthRequest).codeChallenge,
codeChallenge: (areq as OAuthParsedRequest).codeChallenge,
scopes: areq.scope,
});
return [code];
@ -285,7 +298,11 @@ export class OAuth2ProviderService {
// For now only allow the basic OAuth endpoints, to start small and evaluate
// this feature for some time, given that this is security related.
fastify.get('/oauth/authorize', async (request, reply) => {
const oauth2 = (request.raw as any).oauth2 as OAuth2;
const oauth2 = (request.raw as MiddlewareRequest).oauth2;
if (!oauth2) {
throw new Error('Unexpected lack of authorization information');
}
this.#logger.info(`Rendering authorization page for "${oauth2.client.name}"`);
reply.header('Cache-Control', 'no-store');
@ -313,7 +330,7 @@ export class OAuth2ProviderService {
// This should return client/redirectURI AND the error, or
// the handler can't send error to the redirection URI
const { codeChallenge, codeChallengeMethod, clientID, redirectURI, scope, type } = areq as OAuthRequest;
const { codeChallenge, codeChallengeMethod, clientID, redirectURI, scope, type } = areq as OAuthParsedRequest;
this.#logger.info(`Validating authorization parameters, with client_id: ${clientID}, redirect_uri: ${redirectURI}, scope: ${scope}`);
@ -367,8 +384,9 @@ export class OAuth2ProviderService {
fastify.use('/oauth/decision', bodyParser.urlencoded({ extended: false }));
fastify.use('/oauth/decision', this.#server.decision((req, done) => {
this.#logger.info(`Received the decision. Cancel: ${!!(req as any).body.cancel}`);
req.user = (req as any).body.login_token;
const { body } = req as OAuth2DecisionRequest;
this.#logger.info(`Received the decision. Cancel: ${!!body.cancel}`);
req.user = body.login_token;
done(null, undefined);
}));
fastify.use('/oauth/decision', this.#server.errorHandler());

View file

@ -224,7 +224,7 @@ describe('OAuth', () => {
});
assert.strictEqual(createResponse.status, 200);
const createResponseBody: any = await createResponse.json();
const createResponseBody = await createResponse.json() as { createdNote: Note };
assert.strictEqual(createResponseBody.createdNote.text, 'test');
});
@ -258,20 +258,27 @@ describe('OAuth', () => {
const decisionResponseBob = await fetchDecisionFromResponse(responseBob, bob);
assert.strictEqual(decisionResponseBob.status, 302);
const locationAlice = new URL(decisionResponseAlice.headers.get('location')!);
assert.ok(locationAlice.searchParams.has('code'));
const locationHeaderAlice = decisionResponseAlice.headers.get('location');
assert.ok(locationHeaderAlice);
const locationAlice = new URL(locationHeaderAlice);
const locationBob = new URL(decisionResponseBob.headers.get('location')!);
assert.ok(locationBob.searchParams.has('code'));
const locationHeaderBob = decisionResponseBob.headers.get('location');
assert.ok(locationHeaderBob);
const locationBob = new URL(locationHeaderBob);
const codeAlice = locationAlice.searchParams.get('code');
assert.ok(codeAlice);
const codeBob = locationBob.searchParams.get('code');
assert.ok(codeBob);
const tokenAlice = await client.getToken({
code: locationAlice.searchParams.get('code')!,
code: codeAlice,
redirect_uri,
code_verifier: pkceAlice.code_verifier,
} as AuthorizationTokenConfigExtended);
const tokenBob = await client.getToken({
code: locationBob.searchParams.get('code')!,
code: codeBob,
redirect_uri,
code_verifier: pkceBob.code_verifier,
} as AuthorizationTokenConfigExtended);