feature: support async model and handlers by OAuth2Server v5.next

Author: jankapunkt

lib/oauth.js

@@ -63,7 +63,10 @@ export class OAuth2Server {
    */
   constructor ({ serverOptions = {}, model, routes, debug } = {}) {
     check(serverOptions, OptionsSchema.serverOptions)
-
+    if (debug) {
+      console.debug('[OAuth2Server]: create new instance')
+      console.debug('[OAuth2Server]: serveroptions', serverOptions)
+    }
     this.instanceId = Random.id()
     this.config = {
       serverOptions: Object.assign({}, OAuth2ServerDefaults.serverOptions, serverOptions),
@@ -120,9 +123,8 @@ export class OAuth2Server {
    * @param secret
    * @returns {}
    */
-  registerClient ({ title, homepage, description, privacyLink, redirectUris, grants, clientId, secret }) {
-    const self = this
-    return Promise.await(self.model.createClient({
+  async registerClient ({ title, homepage, description, privacyLink, redirectUris, grants, clientId, secret }) {
+    return this.model.createClient({
       title,
       homepage,
       description,
@@ -131,45 +133,44 @@ export class OAuth2Server {
       grants,
       clientId,
       secret
-    }))
+    })
   }
 
   authorizeHandler (options) {
     const self = this
-    return function (req, res, next) {
+    return async function (req, res, next) {
       const request = new Request(req)
       const response = new Response(res)
-      return self.oauth.authorize(request, response, options)
-        .then(function (code) {
-          res.locals.oauth = { code: code }
-          next()
-        })
-        .catch(function (err) {
-          // handle error condition
-          res.writeHead(500)
-          res.end(err)
-        })
+
+      try {
+        const code = await self.oauth.authorize(request, response, options)
+        res.locals.oauth = { code: code }
+        next()
+      } catch (err) {
+        res.writeHead(500)
+        res.end(err)
+      }
     }
   }
 
   authenticateHandler (options) {
     const self = this
-    return function (req, res, next) {
+    return async function (req, res, next) {
       const request = new Request(req)
       const response = new Response(res)
-      return self.oauth.authenticate(request, response, options)
-        .then(function (token) {
-          req.data = Object.assign({}, req.data, token)
-          next()
-        })
-        .catch(function (err) {
-          return errorHandler(res, {
-            status: err.status,
-            error: err.name,
-            description: err.message,
-            debug: self.debug
-          })
+
+      try {
+        const token = await self.oauth.authenticate(request, response, options)
+        req.data = Object.assign({}, req.data, token)
+        next()
+      } catch (err) {
+        return errorHandler(res, {
+          status: err.status,
+          error: err.name,
+          description: err.message,
+          debug: self.debug
         })
+      }
     }
   }
 
@@ -214,10 +215,11 @@ const initRoutes = (self, { accessTokenUrl = '/oauth/token', authorizeUrl = '/oa
     return true
   }
 
-  const getValidatedClient = (req, res) => {
+  const getValidatedClient = async (req, res) => {
     const clientId = req.method.toLowerCase() === 'get' ? req.query.client_id : req.body.client_id
     const secret = req.method.toLowerCase() === 'get' ? req.query.client_secret : req.body.client_secret
-    const client = Promise.await(self.model.getClient(clientId, secret))
+    const client = await self.model.getClient(clientId, secret)
+
     if (!client) {
       // unauthorized_client - The client is not authorized to request an authorization code using this method.
       return errorHandler(res, {
@@ -228,6 +230,7 @@ const initRoutes = (self, { accessTokenUrl = '/oauth/token', authorizeUrl = '/oa
         debug: self.debug
       })
     }
+
     return client
   }
 
@@ -279,7 +282,7 @@ const initRoutes = (self, { accessTokenUrl = '/oauth/token', authorizeUrl = '/oa
   // If there is something wrong with the syntax of the request, such as the redirect_uri or client_id is invalid,
   // then it’s important not to redirect the user and instead you should show the error message directly.
   // This is to avoid letting your authorization server be used as an open redirector.
-  route('get', authorizeUrl, function (req, res, next) {
+  route('get', authorizeUrl, async function (req, res, next) {
     if (!validateParams(req.query, requiredAuthorizeGetParams, self.debug)) {
       return errorHandler(res, {
         status: 400,
@@ -293,7 +296,7 @@ const initRoutes = (self, { accessTokenUrl = '/oauth/token', authorizeUrl = '/oa
     const validResponseType = validateResponseType(req, res)
     if (!validResponseType) return
 
-    const client = getValidatedClient(req, res)
+    const client = await getValidatedClient(req, res)
     if (!client) return
 
     const redirectUri = getValidatedRedirectUri(req, res, client)
@@ -305,7 +308,7 @@ const initRoutes = (self, { accessTokenUrl = '/oauth/token', authorizeUrl = '/oa
   // STEP 2: ADD USER TO THE REQUEST
   // validate all inputs again, since all inputs
   // could have been manipulated within form
-  route('post', authorizeUrl, function (req, res, next) {
+  route('post', authorizeUrl, async function (req, res, next) {
     if (!validateParams(req.body, requiredAuthorizePostParams, self.debug)) {
       return errorHandler(res, {
         error: 'invalid_request',
@@ -316,7 +319,7 @@ const initRoutes = (self, { accessTokenUrl = '/oauth/token', authorizeUrl = '/oa
       })
     }
 
-    const client = getValidatedClient(req, res)
+    const client = await getValidatedClient(req, res)
     if (!client) return
 
     const validRedirectUri = getValidatedRedirectUri(req, res, client)
@@ -366,7 +369,7 @@ const initRoutes = (self, { accessTokenUrl = '/oauth/token', authorizeUrl = '/oa
   // - on allow, assign the client_id to the user's authorized clients
   // - on deny, ...?
   // - construct the redirect query and redirect to the redirect_uri
-  route('post', authorizeUrl, function (req, res /*, next */) {
+  route('post', authorizeUrl, async function (req, res /*, next */) {
     const request = new Request(req)
     const response = new Response(res)
     const authorizeOptions = {
@@ -377,37 +380,36 @@ const initRoutes = (self, { accessTokenUrl = '/oauth/token', authorizeUrl = '/oa
       }
     }
 
-    return self.oauth.authorize(request, response, authorizeOptions)
-      .then(bind(function (code) {
-        const query = new URLSearchParams({
-          code: code.authorizationCode,
-          user: req.user.id,
-          state: req.body.state
-        })
-
-        const finalRedirectUri = `${req.body.redirect_uri}?${query}`
+    try {
+      const code = await self.oauth.authorize(request, response, authorizeOptions)
+      const query = new URLSearchParams({
+        code: code.authorizationCode,
+        user: req.user.id,
+        state: req.body.state
+      })
 
-        res.statusCode = 302
-        res.setHeader('Location', finalRedirectUri)
-        res.end()
-      }))
-      .catch(function (err) {
-        errorHandler(res, {
-          originalError: err,
-          error: err.name,
-          description: err.message,
-          status: err.statusCode,
-          state: req.body.state,
-          debug: self.debug
-        })
+      const finalRedirectUri = `${req.body.redirect_uri}?${query}`
+
+      res.statusCode = 302
+      res.setHeader('Location', finalRedirectUri)
+      res.end()
+    } catch (err) {
+      errorHandler(res, {
+        originalError: err,
+        error: err.name,
+        description: err.message,
+        status: err.statusCode,
+        state: req.body.state,
+        debug: self.debug
       })
+    }
   })
 
   // STEP 4: GENERATE ACCESS TOKEN RESPONSE
   // - validate params
   // - validate authorization code
   // - issue accessToken and refreshToken
-  route('post', accessTokenUrl, function (req, res, next) {
+  route('post', accessTokenUrl, async function (req, res, /* next */) {
     if (!validateParams(req.body, requiredAccessTokenPostParams, self.debug)) {
       return errorHandler(res, {
         status: 400,
@@ -421,30 +423,29 @@ const initRoutes = (self, { accessTokenUrl = '/oauth/token', authorizeUrl = '/oa
     const request = new Request(req)
     const response = new Response(res)
 
-    return self.oauth.token(request, response)
-      .then(function (token) {
-        res.writeHead(200, {
-          'Content-Type': 'application/json',
-          'Cache-Control': 'no-store',
-          Pragma: 'no-cache'
-        })
-        const body = JSON.stringify({
-          access_token: token.accessToken,
-          token_type: 'bearer',
-          expires_in: token.accessTokenExpiresAt,
-          refresh_token: token.refreshToken
-        })
-        res.end(body)
+    try {
+      const token = await self.oauth.token(request, response)
+      res.writeHead(200, {
+        'Content-Type': 'application/json',
+        'Cache-Control': 'no-store',
+        Pragma: 'no-cache'
       })
-      .catch(function (err) {
-        return errorHandler(res, {
-          error: 'unauthorized_client',
-          description: err.message,
-          state: req.body.state,
-          debug: self.debug,
-          status: err.statusCode
-        })
+      const body = JSON.stringify({
+        access_token: token.accessToken,
+        token_type: 'bearer',
+        expires_in: token.accessTokenExpiresAt,
+        refresh_token: token.refreshToken
+      })
+      res.end(body)
+    } catch (err) {
+      return errorHandler(res, {
+        error: 'unauthorized_client',
+        description: err.message,
+        state: req.body.state,
+        debug: self.debug,
+        status: err.statusCode
       })
+    }
   })
 
   route('use', fallbackUrl, function (req, res, next) {

package.js

@@ -1,7 +1,7 @@
 /* eslint-env meteor */
 Package.describe({
   name: 'leaonline:oauth2-server',
-  version: '4.2.1',
+  version: '5.0.0',
   summary: 'Node OAuth2 Server (v4) with Meteor bindings',
   git: 'https://github.com/leaonline/oauth2-server.git'
 })
@@ -13,7 +13,7 @@ Package.onUse(function (api) {
 })
 
 Npm.depends({
-  '@node-oauth/oauth2-server': '4.2.0',
+  '@node-oauth/oauth2-server': '5.0.0-rc.1',
   'body-parser': '1.20.0'
 })