begin scaffolding for lerna
This commit is contained in:
7007
packages/netlify-cms-lib-auth/package-lock.json
generated
Normal file
7007
packages/netlify-cms-lib-auth/package-lock.json
generated
Normal file
File diff suppressed because it is too large
Load Diff
27
packages/netlify-cms-lib-auth/package.json
Normal file
27
packages/netlify-cms-lib-auth/package.json
Normal file
@ -0,0 +1,27 @@
|
||||
{
|
||||
"name": "netlify-cms-lib-auth",
|
||||
"description": "Shared authentication functionality for Netlify CMS.",
|
||||
"version": "2.0.0-alpha.0",
|
||||
"license": "MIT",
|
||||
"main": "src/index.js",
|
||||
"files": [
|
||||
"src/",
|
||||
"dist/"
|
||||
],
|
||||
"keywords": [
|
||||
"netlify-cms"
|
||||
],
|
||||
"scripts": {
|
||||
"build": "parcel build src --out-dir ."
|
||||
},
|
||||
"dependencies": {
|
||||
"immutable": "^3.7.6",
|
||||
"lodash": "^4.13.1",
|
||||
"uuid": "^3.1.0"
|
||||
},
|
||||
"devDependencies": {
|
||||
"babel-cli": "^6.26.0",
|
||||
"babel-core": "^6.26.3",
|
||||
"parcel-bundler": "^1.9.4"
|
||||
}
|
||||
}
|
75
packages/netlify-cms-lib-auth/src/implicit-oauth.js
Normal file
75
packages/netlify-cms-lib-auth/src/implicit-oauth.js
Normal file
@ -0,0 +1,75 @@
|
||||
import { Map } from 'immutable';
|
||||
import trim from 'lodash/trim';
|
||||
import trimEnd from 'lodash/trimEnd';
|
||||
import uuid from 'uuid/v4';
|
||||
|
||||
function createNonce() {
|
||||
const nonce = uuid();
|
||||
window.sessionStorage.setItem("netlify-cms-auth", JSON.stringify({ nonce }));
|
||||
return nonce;
|
||||
}
|
||||
|
||||
function validateNonce(check) {
|
||||
const auth = window.sessionStorage.getItem("netlify-cms-auth");
|
||||
const valid = auth && JSON.parse(auth).nonce;
|
||||
window.localStorage.removeItem("netlify-cms-auth");
|
||||
return (check === valid);
|
||||
}
|
||||
|
||||
export default class ImplicitAuthenticator {
|
||||
constructor(config = {}) {
|
||||
const baseURL = trimEnd(config.base_url, '/');
|
||||
const authEndpoint = trim(config.auth_endpoint, '/');
|
||||
this.auth_url = `${ baseURL }/${ authEndpoint }`;
|
||||
this.appID = config.app_id;
|
||||
this.clearHash = config.clearHash;
|
||||
}
|
||||
|
||||
authenticate(options, cb) {
|
||||
if (
|
||||
document.location.protocol !== "https:"
|
||||
// TODO: Is insecure localhost a bad idea as well? I don't think it is, since you are not actually
|
||||
// sending the token over the internet in this case, assuming the auth URL is secure.
|
||||
&& (document.location.hostname !== "localhost" && document.location.hostname !== "127.0.0.1")
|
||||
) {
|
||||
return cb(new Error("Cannot authenticate over insecure protocol!"));
|
||||
}
|
||||
|
||||
const authURL = new URL(this.auth_url);
|
||||
authURL.searchParams.set('client_id', this.appID);
|
||||
authURL.searchParams.set('redirect_uri', document.location.origin + document.location.pathname);
|
||||
authURL.searchParams.set('response_type', 'token');
|
||||
authURL.searchParams.set('scope', options.scope);
|
||||
authURL.searchParams.set('state', createNonce());
|
||||
|
||||
document.location.assign(authURL.href);
|
||||
}
|
||||
|
||||
/**
|
||||
* Complete authentication if we were redirected back to from the provider.
|
||||
*/
|
||||
completeAuth(cb) {
|
||||
const hashParams = new URLSearchParams(document.location.hash.replace(/^#?\/?/, ''));
|
||||
if (!hashParams.has("access_token") && !hashParams.has("error")) {
|
||||
return;
|
||||
}
|
||||
// Remove tokens from hash so that token does not remain in browser history.
|
||||
this.clearHash();
|
||||
|
||||
const params = Map(hashParams.entries());
|
||||
|
||||
const validNonce = validateNonce(params.get('state'));
|
||||
if (!validNonce) {
|
||||
return cb(new Error("Invalid nonce"));
|
||||
}
|
||||
|
||||
if (params.has('error')) {
|
||||
return cb(new Error(`${ params.get('error') }: ${ params.get('error_description') }`));
|
||||
}
|
||||
|
||||
if (params.has('access_token')) {
|
||||
const { access_token: token, ...data } = params.toJS();
|
||||
cb(null, { token, ...data });
|
||||
}
|
||||
}
|
||||
}
|
4
packages/netlify-cms-lib-auth/src/index.js
Normal file
4
packages/netlify-cms-lib-auth/src/index.js
Normal file
@ -0,0 +1,4 @@
|
||||
import implicitOauth from './implicit-oauth';
|
||||
import netlifyAuth from './netlify-auth';
|
||||
|
||||
export { implicitOauth, netlifyAuth };
|
151
packages/netlify-cms-lib-auth/src/netlify-auth.js
Normal file
151
packages/netlify-cms-lib-auth/src/netlify-auth.js
Normal file
@ -0,0 +1,151 @@
|
||||
import trim from 'lodash/trim';
|
||||
import trimEnd from 'lodash/trim';
|
||||
|
||||
const NETLIFY_API = 'https://api.netlify.com';
|
||||
const AUTH_ENDPOINT = 'auth';
|
||||
|
||||
class NetlifyError {
|
||||
constructor(err) {
|
||||
this.err = err;
|
||||
}
|
||||
toString() {
|
||||
return this.err && this.err.message;
|
||||
}
|
||||
}
|
||||
|
||||
const PROVIDERS = {
|
||||
github: {
|
||||
width: 960,
|
||||
height: 600
|
||||
},
|
||||
gitlab: {
|
||||
width: 960,
|
||||
height: 600
|
||||
},
|
||||
bitbucket: {
|
||||
width: 960,
|
||||
height: 500
|
||||
},
|
||||
email: {
|
||||
width: 500,
|
||||
height: 400
|
||||
}
|
||||
};
|
||||
|
||||
class Authenticator {
|
||||
constructor(config = {}) {
|
||||
this.site_id = config.site_id || null;
|
||||
this.base_url = trimEnd(config.base_url, '/') || NETLIFY_API;
|
||||
this.auth_endpoint = trim(config.auth_endpoint, '/') || AUTH_ENDPOINT;
|
||||
}
|
||||
|
||||
handshakeCallback(options, cb) {
|
||||
const fn = (e) => {
|
||||
if (e.data === ('authorizing:' + options.provider) && e.origin === this.base_url) {
|
||||
window.removeEventListener('message', fn, false);
|
||||
window.addEventListener('message', this.authorizeCallback(options, cb), false);
|
||||
return this.authWindow.postMessage(e.data, e.origin);
|
||||
}
|
||||
};
|
||||
return fn;
|
||||
}
|
||||
|
||||
authorizeCallback(options, cb) {
|
||||
const fn = (e) => {
|
||||
if (e.origin !== this.base_url) { return; }
|
||||
|
||||
if (e.data.indexOf('authorization:' + options.provider + ':success:') === 0) {
|
||||
const data = JSON.parse(e.data.match(new RegExp('^authorization:' + options.provider + ':success:(.+)$'))[1]);
|
||||
window.removeEventListener('message', fn, false);
|
||||
this.authWindow.close();
|
||||
cb(null, data);
|
||||
}
|
||||
if (e.data.indexOf('authorization:' + options.provider + ':error:') === 0) {
|
||||
console.log('Got authorization error');
|
||||
const err = JSON.parse(e.data.match(new RegExp('^authorization:' + options.provider + ':error:(.+)$'))[1]);
|
||||
window.removeEventListener('message', fn, false);
|
||||
this.authWindow.close();
|
||||
cb(new NetlifyError(err));
|
||||
}
|
||||
};
|
||||
return fn;
|
||||
}
|
||||
|
||||
getSiteID() {
|
||||
if (this.site_id) {
|
||||
return this.site_id;
|
||||
}
|
||||
const host = document.location.host.split(':')[0];
|
||||
return host === 'localhost' ? 'cms.netlify.com' : host;
|
||||
}
|
||||
|
||||
authenticate(options, cb) {
|
||||
const { provider } = options;
|
||||
const siteID = this.getSiteID();
|
||||
|
||||
if (!provider) {
|
||||
return cb(new NetlifyError({
|
||||
message: 'You must specify a provider when calling netlify.authenticate',
|
||||
}));
|
||||
}
|
||||
if (!siteID) {
|
||||
return cb(new NetlifyError({
|
||||
message: 'You must set a site_id with netlify.configure({site_id: \'your-site-id\'}) to make authentication work from localhost',
|
||||
}));
|
||||
}
|
||||
|
||||
const conf = PROVIDERS[provider] || PROVIDERS.github;
|
||||
const left = (screen.width / 2) - (conf.width / 2);
|
||||
const top = (screen.height / 2) - (conf.height / 2);
|
||||
window.addEventListener('message', this.handshakeCallback(options, cb), false);
|
||||
let url = `${ this.base_url }/${ this.auth_endpoint }?provider=${ options.provider }&site_id=${ siteID }`;
|
||||
if (options.scope) {
|
||||
url += '&scope=' + options.scope;
|
||||
}
|
||||
if (options.login === true) {
|
||||
url += '&login=true';
|
||||
}
|
||||
if (options.beta_invite) {
|
||||
url += '&beta_invite=' + options.beta_invite;
|
||||
}
|
||||
if (options.invite_code) {
|
||||
url += '&invite_code=' + options.invite_code;
|
||||
}
|
||||
this.authWindow = window.open(
|
||||
url,
|
||||
'Netlify Authorization',
|
||||
'toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=no, copyhistory=no, ' +
|
||||
('width=' + conf.width + ', height=' + conf.height + ', top=' + top + ', left=' + left + ');')
|
||||
);
|
||||
this.authWindow.focus();
|
||||
}
|
||||
|
||||
refresh(options, cb) {
|
||||
const { provider, refresh_token } = options;
|
||||
const siteID = this.getSiteID();
|
||||
const onError = cb || Promise.reject.bind(Promise);
|
||||
|
||||
if (!provider || !refresh_token) {
|
||||
return onError(new NetlifyError({
|
||||
message: 'You must specify a provider and refresh token when calling netlify.refresh',
|
||||
}));
|
||||
}
|
||||
if (!siteID) {
|
||||
return onError(new NetlifyError({
|
||||
message: 'You must set a site_id with netlify.configure({site_id: \'your-site-id\'}) to make token refresh work from localhost',
|
||||
}));
|
||||
}
|
||||
const url = `${ this.base_url }/${ this.auth_endpoint }/refresh?provider=${ provider }&site_id=${ siteID }&refresh_token=${ refresh_token }`;
|
||||
const refreshPromise = fetch(url, { method: "POST", body: "" }).then(res => res.json());
|
||||
|
||||
// Return a promise if a callback wasn't provided
|
||||
if (!cb) {
|
||||
return refreshPromise;
|
||||
}
|
||||
|
||||
// Otherwise, use the provided callback.
|
||||
refreshPromise.then(data => cb(null, data)).catch(cb);
|
||||
}
|
||||
}
|
||||
|
||||
export default Authenticator;
|
Reference in New Issue
Block a user