oauth-function-template/oauth-config.js at master · dronedeploy/oauth-function-template · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
const convict = require('convict');
const stringFormat = require('string-format');
const _ = require('lodash');

// Define a schema
const SCHEMA = function(isClientCredentialsConfig) {
  return {
    callbackUrl: {
      doc: "Callback url to be used during the OAuth flow",
      format: String,
      default: undefined
    },
    credentials: {
      client: {
        id: {
          doc: "Client ID value obtained from auth provider for use with APIs",
          format: String,
          sensitive: true,
          default: undefined // We can pull from ENV variables if possible
        },
        secret: {
          doc: "Client Secret value obtained from auth provider for use with APIs",
          format: String,
          sensitive: true,
          default: undefined // We can pull from ENV variables if possible
        }
      },
      auth: getAuthSchema(isClientCredentialsConfig),
      options: {
        authorizationMethod: {
          doc: "Indicates the method used to send client ID and Secret. Valid options are header or body. Defaults to header.",
          format: String,
          default: undefined
        }
      }
    },
    authorizeUrl: {
      redirect_uri: {
        doc: "Fully qualified url for redirect following successful OAuth authorization",
        format: String,
        default: undefined
      },
      scope: {
        doc: "Authorization scope being requested from the OAuth provider",
        format: String,
        default: undefined
      }
    },
    innerAuthorization: {
      url: {
        doc: "Fully qualified url for inner authorization request made during refresh",
        format: String,
        default: undefined
      },
      removeCredentials: {
        doc: "Whether or not tokens should be removed in case of inner authorization failure",
        format: "Boolean",
        default: undefined
      },
      headers: {
        doc: "Optional headers used to request innerAuthorization.url",
        format: Object,
        default: undefined
      },
      method: {
        doc: "Optional http method used to request innerAuthorization.url",
        format: String,
        default: undefined
      },
    },
    tokenConfig: {
      scope: {
        doc: "Authorization scope being requested from the OAuth provider",
        format: String,
        default: undefined
      }
    },
    credentialKeys: {
      clientId: {
        doc: "Client ID key to match from ENV variables",
        format: String,
        default: undefined
      },
      clientSecret: {
        doc: "Client Secret key to match from ENV variables",
        format: String,
        default: undefined
      },
    }
  }
};

function getAuthSchema(isClientCredentialsConfig) {
  const authorizationProperties = {
    authorizeHost: {
      doc: "Base host url for OAuth2 authorization",
      format: String,
      default: undefined
    },
    authorizePath: {
      doc: "Path on base authorizeHost domain for authorization",
      format: String,
      default: undefined
    },
  }
  return {
    ...(isClientCredentialsConfig ? {} : authorizationProperties),
    tokenHost: {
      doc: "Base host url for getting OAuth2 access tokens",
      format: String,
      default: undefined
    },
    tokenPath: {
      doc: "Path on base tokenHost domain for retrieving access tokens",
      format: String,
      default: undefined
    }
  }
}

module.exports.createConfig = (configuration, isClientCredentialsConfig) => {
  const config = convict(SCHEMA(isClientCredentialsConfig));
  config.load(configuration);
  let clientIdKey = config.has('credentialKeys.clientId') ? config.get('credentialKeys.clientId') : 'CLIENT_ID';
  if (!(_.get(process.env, clientIdKey))) {
    throw new Error(`${clientIdKey} environment variable not set`);
  }
  let clientSecretKey = config.has('credentialKeys.clientSecret') ? config.get('credentialKeys.clientSecret') : 'CLIENT_SECRET';
  if (!(_.get(process.env, clientSecretKey))) {
    throw new Error(`${clientSecretKey} environment variable not set`);
  }

  config.set('credentials.client.id', _.get(process.env, clientIdKey));
  config.set('credentials.client.secret', _.get(process.env, clientSecretKey));

  if (config.get('callbackUrl')) {
    // This formats the callback url dynamically based on the deployed function
    // name. For example the function name of fn-123456789 would be inserted into
    // the templated spot in the callback url https://dronedeployfunctions.com/{}/route
    config.set('callbackUrl', stringFormat(config.get('callbackUrl'), process.env.FUNCTION_NAME));
    config.set('authorizeUrl.redirect_uri', config.get('callbackUrl'));
  }

  return config;
};