Use MemoryKVCache
This commit is contained in:
parent
c0f63234d7
commit
150a6f80d0
|
@ -1,6 +1,5 @@
|
||||||
import dns from 'node:dns/promises';
|
import dns from 'node:dns/promises';
|
||||||
import { fileURLToPath } from 'node:url';
|
import { fileURLToPath } from 'node:url';
|
||||||
import crypto from 'node:crypto';
|
|
||||||
import { Inject, Injectable } from '@nestjs/common';
|
import { Inject, Injectable } from '@nestjs/common';
|
||||||
import { JSDOM } from 'jsdom';
|
import { JSDOM } from 'jsdom';
|
||||||
import httpLinkHeader from 'http-link-header';
|
import httpLinkHeader from 'http-link-header';
|
||||||
|
@ -24,6 +23,7 @@ import type { AccessTokensRepository, UsersRepository } from '@/models/index.js'
|
||||||
import { IdService } from '@/core/IdService.js';
|
import { IdService } from '@/core/IdService.js';
|
||||||
import { CacheService } from '@/core/CacheService.js';
|
import { CacheService } from '@/core/CacheService.js';
|
||||||
import type { LocalUser } from '@/models/entities/User.js';
|
import type { LocalUser } from '@/models/entities/User.js';
|
||||||
|
import { MemoryKVCache } from '@/misc/cache.js';
|
||||||
import type * as Redis from 'ioredis';
|
import type * as Redis from 'ioredis';
|
||||||
import type { FastifyInstance } from 'fastify';
|
import type { FastifyInstance } from 'fastify';
|
||||||
|
|
||||||
|
@ -304,14 +304,14 @@ export class OAuth2ProviderService {
|
||||||
// },
|
// },
|
||||||
// });
|
// });
|
||||||
|
|
||||||
// TODO: store this in Redis
|
// XXX: But MemoryKVCache just grows forever without being cleared...
|
||||||
const TEMP_GRANT_CODES: Record<string, {
|
const grantCodeCache = new MemoryKVCache<{
|
||||||
clientId: string,
|
clientId: string,
|
||||||
userId: string,
|
userId: string,
|
||||||
redirectUri: string,
|
redirectUri: string,
|
||||||
codeChallenge: string,
|
codeChallenge: string,
|
||||||
scopes: string[],
|
scopes: string[],
|
||||||
}> = {};
|
}>(1000 * 60 * 5); // 5m
|
||||||
|
|
||||||
this.#server.grant(oauth2Pkce.extensions());
|
this.#server.grant(oauth2Pkce.extensions());
|
||||||
this.#server.grant(oauth2orize.grant.code({
|
this.#server.grant(oauth2orize.grant.code({
|
||||||
|
@ -339,25 +339,24 @@ export class OAuth2ProviderService {
|
||||||
throw new AuthorizationError('No such user', 'invalid_request');
|
throw new AuthorizationError('No such user', 'invalid_request');
|
||||||
}
|
}
|
||||||
|
|
||||||
TEMP_GRANT_CODES[code] = {
|
grantCodeCache.set(code, {
|
||||||
clientId: client.id,
|
clientId: client.id,
|
||||||
userId: user.id,
|
userId: user.id,
|
||||||
redirectUri,
|
redirectUri,
|
||||||
codeChallenge: (areq as OAuthRequest).codeChallenge,
|
codeChallenge: (areq as OAuthRequest).codeChallenge,
|
||||||
scopes: areq.scope,
|
scopes: areq.scope,
|
||||||
};
|
});
|
||||||
return [code];
|
return [code];
|
||||||
})().then(args => done(null, ...args), err => done(err));
|
})().then(args => done(null, ...args), err => done(err));
|
||||||
}));
|
}));
|
||||||
this.#server.exchange(oauth2orize.exchange.authorizationCode((client, code, redirectUri, body, authInfo, done) => {
|
this.#server.exchange(oauth2orize.exchange.authorizationCode((client, code, redirectUri, body, authInfo, done) => {
|
||||||
(async (): Promise<OmitFirstElement<Parameters<typeof done>>> => {
|
(async (): Promise<OmitFirstElement<Parameters<typeof done>>> => {
|
||||||
const granted = TEMP_GRANT_CODES[code];
|
const granted = grantCodeCache.get(code);
|
||||||
console.log(granted, body, code, redirectUri);
|
console.log(granted, body, code, redirectUri);
|
||||||
if (!granted) {
|
if (!granted) {
|
||||||
// TODO: throw TokenError?
|
|
||||||
return [false];
|
return [false];
|
||||||
}
|
}
|
||||||
delete TEMP_GRANT_CODES[code];
|
grantCodeCache.delete(code);
|
||||||
if (body.client_id !== granted.clientId) return [false];
|
if (body.client_id !== granted.clientId) return [false];
|
||||||
if (redirectUri !== granted.redirectUri) return [false];
|
if (redirectUri !== granted.redirectUri) return [false];
|
||||||
if (!body.code_verifier) return [false];
|
if (!body.code_verifier) return [false];
|
||||||
|
|
Loading…
Reference in a new issue