liquid_feedback_frontend: app/main/oauth2/validate.lua annotate

liquid_feedback_frontend

annotate app/main/oauth2/validate.lua @ 1771:c55c5dd5be5c

Fixed syntax error

author	bsw
date	Mon Oct 18 16:04:13 2021 +0200 (2021-10-18)
parents	020fd82c6cb4
children

rev	line source
bsw/jbe@1309	1 if not request.is_post() then
bsw/jbe@1309	2 return execute.view { module = "index", view = "405" }
bsw/jbe@1309	3 end
bsw/jbe@1309	4
bsw/jbe@1309	5 slot.set_layout(nil, "application/json")
bsw/jbe@1309	6
bsw/jbe@1309	7 local function error_result(error_code, description)
bsw/jbe@1309	8 local r = json.object()
bsw/jbe@1309	9 r.error = error_code
bsw/jbe@1309	10 r.error_description = description
bsw/jbe@1309	11 slot.put_into("data", json.export(r))
bsw/jbe@1309	12 request.set_status("400 Bad Request")
bsw/jbe@1309	13 end
bsw/jbe@1309	14
bsw/jbe@1309	15 local access_token, access_token_err = util.get_access_token()
bsw/jbe@1309	16
bsw/jbe@1309	17 if access_token_err then
bsw/jbe@1309	18 if access_token_err == "header_and_param" then
bsw/jbe@1309	19 return error_result("invalid_request", "Access token passed both via header and param")
bsw/jbe@1309	20 end
bsw/jbe@1309	21 error("Error in util.get_access_token")
bsw/jbe@1309	22 end
bsw/jbe@1309	23
bsw/jbe@1309	24 if not access_token then
bsw/jbe@1309	25 return error_result("invalid_token", "No access token supplied")
bsw/jbe@1309	26 end
bsw/jbe@1309	27
bsw/jbe@1309	28 local token = Token:by_token_type_and_token("access", access_token)
bsw/jbe@1309	29
bsw/jbe@1309	30 if not token then
bsw/jbe@1309	31 return error_result("invalid_token", "Access token invalid")
bsw/jbe@1309	32 end
bsw/jbe@1309	33
bsw/jbe@1309	34 local scopes = {}
bsw/jbe@1309	35 for scope in string.gmatch(token.scope, "[^ ]+") do
bsw/jbe@1309	36 local match = string.match(scope, "(.+)_detached$")
bsw/jbe@1309	37 scopes[match or scope] = true
bsw/jbe@1309	38 end
bsw/jbe@1309	39 local scope_list = {}
bsw/jbe@1309	40 for scope in pairs(scopes) do
bsw/jbe@1309	41 scope_list[#scope_list+1] = scope
bsw/jbe@1309	42 end
bsw/jbe@1309	43 table.sort(scope_list)
bsw/jbe@1309	44 local scope = table.concat(scope_list, " ")
bsw/jbe@1309	45
bsw/jbe@1309	46 local r = json.object()
bsw/jbe@1309	47 r.scope = scope
bsw@1515	48
bsw@1515	49 local expiry = db:query({ "SELECT FLOOR(EXTRACT(EPOCH FROM ? - now())) AS access_time_left", token.expiry }, "object")
bsw@1515	50 r.expires_in = expiry.access_time_left
bsw@1515	51
bsw/jbe@1309	52 r.member_id = token.member_id
bsw/jbe@1309	53 if token.member.role then
bsw/jbe@1309	54 r.member_is_role = true
bsw/jbe@1309	55 end
bsw/jbe@1309	56 if token.session then
bsw/jbe@1309	57 r.real_member_id = token.session.real_member_id
bsw/jbe@1309	58 end
bsw/jbe@1309	59
bsw@1584	60 if scopes.identification or scopes.authentication then
bsw@1584	61 if param.get("include_member", atom.boolean) then
bsw/jbe@1309	62 local member = token.member
bsw/jbe@1309	63 r.member = json.object{
bsw/jbe@1309	64 id = member.id,
bsw/jbe@1309	65 name = member.name,
bsw/jbe@1309	66 }
bsw/jbe@1309	67 if token.session and token.session.real_member then
bsw/jbe@1309	68 r.real_member = json.object{
bsw/jbe@1309	69 id = token.session.real_member.id,
bsw/jbe@1309	70 name = token.session.real_member.name,
bsw/jbe@1309	71 }
bsw/jbe@1309	72 end
bsw/jbe@1309	73 if scopes.identification then
bsw/jbe@1309	74 r.member.identification = member.identification
bsw/jbe@1309	75 if token.session and token.session.real_member then
bsw/jbe@1309	76 r.real_member.identification = token.session.real_member.identification
bsw/jbe@1309	77 end
bsw/jbe@1309	78 end
bsw/jbe@1309	79 if param.get("include_member_notify_email", atom.boolean) then
bsw/jbe@1309	80 r.member.notify_email = member.notify_email
bsw/jbe@1309	81 end
bsw@1585	82 if param.get("include_roles", atom.boolean) then
bsw@1584	83 for i, unit in ipairs(member.units) do
bsw@1584	84 if unit.attr.role then
bsw@1584	85 r.roles = json.object()
bsw@1584	86 if not unit.attr.only_visible_for_role
bsw@1584	87 or member:has_role(unit.attr.only_visible_for_role)
bsw@1584	88 then
bsw@1584	89 r.roles[unit.attr.role] = true
bsw@1584	90 end
bsw@1584	91 end
bsw@1584	92 end
bsw@1584	93 end
bsw/jbe@1309	94 end
bsw/jbe@1309	95 end
bsw/jbe@1309	96
bsw/jbe@1309	97 r.logged_in = token.session_id and true or false
bsw/jbe@1309	98 slot.put_into("data", json.export(r))
bsw/jbe@1309	99
bsw/jbe@1309	100
bsw/jbe@1309	101