import type { NextFunction, Request, Response } from "express"; import openIDEncryption from "./encryption/open_id_encryption.js"; import sqlInit from "./sql_init.js"; import options from "./options.js"; import type { Session } from "express-openid-connect"; import sql from "./sql.js"; import config from "./config.js"; function checkOpenIDConfig() { const missingVars: string[] = [] if (config.MultiFactorAuthentication.oauthBaseUrl === "") { missingVars.push("oauthBaseUrl"); } if (config.MultiFactorAuthentication.oauthClientId === "") { missingVars.push("oauthClientId"); } if (config.MultiFactorAuthentication.oauthClientSecret === "") { missingVars.push("oauthClientSecret"); } return missingVars; } function isOpenIDEnabled() { return !(checkOpenIDConfig().length > 0) && options.getOptionOrNull('mfaMethod') === 'oauth'; } function isUserSaved() { const data = sql.getValue("SELECT isSetup FROM user_data;"); return data === "true" ? true : false; } function getUsername() { const username = sql.getValue("SELECT username FROM user_data;"); return username; } function getUserEmail() { const email = sql.getValue("SELECT email FROM user_data;"); return email; } function clearSavedUser() { sql.execute("DELETE FROM user_data"); options.setOption("userSubjectIdentifierSaved", false); return { success: true, message: "Account data removed." }; } function getOAuthStatus() { return { success: true, name: getUsername(), email: getUserEmail(), enabled: isOpenIDEnabled(), missingVars: checkOpenIDConfig() }; } function isTokenValid(req: Request, res: Response, next: NextFunction) { const userStatus = openIDEncryption.isSubjectIdentifierSaved(); if (req.oidc !== undefined) { const result = req.oidc .fetchUserInfo() .then((result) => { return { success: true, message: "Token is valid", user: userStatus, }; }) .catch((result) => { return { success: false, message: "Token is not valid", user: userStatus, }; }); return result; } else { return { success: false, message: "Token not set up", user: userStatus, }; } } function getSSOIssuerName() { return config.MultiFactorAuthentication.oauthIssuerName; } function getSSOIssuerIcon() { return config.MultiFactorAuthentication.oauthIssuerIcon; } function generateOAuthConfig() { const authRoutes = { callback: "/callback", login: "/authenticate", postLogoutRedirect: "/login", logout: "/logout", }; const logoutParams = { }; const authConfig = { authRequired: false, auth0Logout: false, baseURL: config.MultiFactorAuthentication.oauthBaseUrl, clientID: config.MultiFactorAuthentication.oauthClientId, issuerBaseURL: config.MultiFactorAuthentication.oauthIssuerBaseUrl, secret: config.MultiFactorAuthentication.oauthClientSecret, clientSecret: config.MultiFactorAuthentication.oauthClientSecret, authorizationParams: { response_type: "code", scope: "openid profile email", access_type: "offline", prompt: "consent", state: "random_state_" + Math.random().toString(36).substring(2) }, routes: authRoutes, idpLogout: true, logoutParams: logoutParams, afterCallback: async (req: Request, res: Response, session: Session) => { if (!sqlInit.isDbInitialized()) return session; if (!req.oidc.user) { console.log("user invalid!"); return session; } openIDEncryption.saveUser( req.oidc.user.sub.toString(), req.oidc.user.name.toString(), req.oidc.user.email.toString() ); req.session.loggedIn = true; req.session.lastAuthState = { totpEnabled: false, ssoEnabled: true }; return session; }, }; return authConfig; } export default { generateOAuthConfig, getOAuthStatus, getSSOIssuerName, getSSOIssuerIcon, isOpenIDEnabled, clearSavedUser, isTokenValid, isUserSaved, };