@mapcreator/api 3.3.7 → 5.0.0-alpha.101

package/src/oauth/DummyFlow.js

@@ -1,63 +0,0 @@
-/*
- * BSD 3-Clause License
- *
- * Copyright (c) 2020, Mapcreator
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- *  Redistributions of source code must retain the above copyright notice, this
- *   list of conditions and the following disclaimer.
- *
- *  Redistributions in binary form must reproduce the above copyright notice,
- *   this list of conditions and the following disclaimer in the documentation
- *   and/or other materials provided with the distribution.
- *
- *  Neither the name of the copyright holder nor the names of its
- *   contributors may be used to endorse or promote products derived from
- *   this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
- * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import OAuthError from '../errors/OAuthError';
-import OAuth from './OAuth';
-
-/**
- * Dummy flow for when the token should be available in the
- * cache and no attempt at authentication should be made.
- */
-export default class DummyFlow extends OAuth {
-  /**
-   * @param {String} [clientId=] - OAuth client id
-   * @param {Array<String>} scopes - A list of required scopes
-   */
-  constructor (clientId = '', scopes = ['*']) {
-    super(clientId, scopes);
-  }
-
-  /**
-   * Authenticate
-   * @returns {Promise<OAuthToken>} - token
-   * @throws {OAuthError}
-   */
-  authenticate () {
-    return new Promise((resolve, reject) => {
-      if (this.authenticated) {
-        resolve(this.token);
-      } else {
-        reject(new OAuthError('dummy_error', 'Attempted authentication using a dummy authenticator'));
-      }
-    });
-  }
-}

package/src/oauth/ImplicitFlow.js

@@ -1,226 +0,0 @@
-/*
- * BSD 3-Clause License
- *
- * Copyright (c) 2020, Mapcreator
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- *  Redistributions of source code must retain the above copyright notice, this
- *   list of conditions and the following disclaimer.
- *
- *  Redistributions in binary form must reproduce the above copyright notice,
- *   this list of conditions and the following disclaimer in the documentation
- *   and/or other materials provided with the distribution.
- *
- *  Neither the name of the copyright holder nor the names of its
- *   contributors may be used to endorse or promote products derived from
- *   this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
- * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import OAuth from './OAuth';
-import OAuthToken from './OAuthToken';
-import StateContainer from './StateContainer';
-import { encodeQueryString } from '../utils/requests';
-import OAuthError from '../errors/OAuthError';
-import { isNode } from '../utils/node';
-import { title as titleCase } from 'case';
-
-/**
- * Implicit OAuth flow using redirection
- */
-export default class ImplicitFlow extends OAuth {
-
-  /**
-   * Implicit authentication flow
-   * @param {String} clientId - OAuth client id
-   * @param {String} callbackUrl - callbackUrl for obtaining the token. This should be a
-   *                               page with this script on it. If left empty the current
-   *                               url will be used.
-   * @param {Array<String>} scopes - A list of required scopes
-   * @param {Boolean} useState - use state verification
-   */
-  constructor (clientId, callbackUrl = '', scopes = ['*'], useState = true) {
-    super(clientId, scopes);
-
-    if (isNode()) {
-      throw new Error(`${this.constructor.name} can't be used under nodejs`);
-    }
-
-    this.path = '/oauth/authorize';
-
-    this.callbackUrl = callbackUrl;
-    this.useState = useState;
-
-    if (!this.callbackUrl) {
-      // Drop the anchor (if any)
-      this.callbackUrl = window.location.toString().split('#')[0];
-    }
-
-    this._anchorParams = [
-      'access_token', 'token_type', 'expires_in',
-    ];
-
-    if (this.useState) {
-      this._anchorParams.push('state');
-    }
-
-    if (this._anchorContainsOAuthResponse()) {
-      const anchorParams = this._getOAuthAnchorParams();
-
-      this._cleanAnchorParams();
-
-      if (this.useState && !StateContainer.validate(anchorParams.state)) {
-        throw Error('Invalid state in url');
-      } else {
-        this.token = OAuthToken.fromResponseObject(anchorParams);
-      }
-    }
-  }
-
-  /**
-   * @inheritDoc
-   */
-  authenticate () {
-    return new Promise((resolve, reject) => {
-      if (this.authenticated) {
-        resolve(this.token);
-      } else if (this._anchorContainsError()) {
-        const err = this._getError();
-
-        this._cleanAnchorParams();
-
-        reject(err);
-      } else {
-        window.location = this._buildRedirectUrl();
-      }
-    });
-  }
-
-  /**
-   * Builds the url for redirection
-   * @returns {String} - Redirect url
-   * @protected
-   */
-  _buildRedirectUrl () {
-    const queryParams = {
-      'client_id': this.clientId,
-      'redirect_uri': this.callbackUrl,
-      'response_type': 'token',
-      'scope': this.scopes.join(' '),
-    };
-
-    if (this.useState) {
-      queryParams.state = StateContainer.generate();
-    }
-
-    return `${this.host + this.path}?${encodeQueryString(queryParams)}`;
-  }
-
-  /**
-   * Builds an object containing all the anchor parameters
-   * @param {String} query - Url hash
-   * @returns {Object<String, String>} - Anchor parameters
-   * @protected
-   */
-  _getAnchorParams (query = window.location.hash) {
-    const out = {};
-
-    query = query.replace(/^#\/?/g, '');
-
-    for (const raw of query.split('&')) {
-      const pair = raw.split('=').map(decodeURIComponent);
-
-      out[pair[0]] = pair[1];
-    }
-
-    return out;
-  }
-
-  /**
-   * Fetch OAuth anchor params
-   * @param {Object<String, String>} query - Optional override for the query to analyse, defaults to {@link ImplicitFlow#_getAnchorParams}
-   * @returns {Object<String, String>} - List of OAuth anchor parameters
-   * @protected
-   */
-  _getOAuthAnchorParams (query = this._getAnchorParams()) {
-    return Object.keys(query)
-      .filter(key => this._anchorParams.includes(key))
-      .reduce((obj, key) => {
-        obj[key] = query[key];
-
-        return obj;
-      }, {});
-  }
-
-  /**
-   * Remove OAuth related anchor parameters
-   * @protected
-   */
-  _cleanAnchorParams () {
-    const anchorParams = this._getAnchorParams();
-    const targets = this._anchorParams;
-
-    // Just in case
-    targets.push('state', 'error');
-
-    for (const key of targets) {
-      // Should silently fail when key doesn't exist
-      delete anchorParams[key];
-    }
-
-    window.location.hash = encodeQueryString(anchorParams);
-  }
-
-  /**
-   * Test if the anchor contains an OAuth response
-   * @returns {Boolean} - If anchor tested positive for containing an OAuth response
-   * @protected
-   */
-  _anchorContainsOAuthResponse () {
-    const queryKeys = Object.keys(this._getOAuthAnchorParams());
-
-    // Check if all the params are in the anchor
-    return this._anchorParams.reduce((output, key) => output && queryKeys.includes(key), true);
-  }
-
-  /**
-   * Test if the anchor contains an OAuth error
-   * @returns {Boolean} - If anchor tested positive for containing an OAuth error
-   * @protected
-   */
-  _anchorContainsError () {
-    return Boolean(this._getAnchorParams().error);
-  }
-
-  /**
-   * Get and return the error in the anchor
-   * @returns {OAuthError} - OAuthError object
-   * @protected
-   */
-  _getError () {
-    if (!this._anchorContainsError()) {
-      throw Error('No OAuthError found in anchor');
-    }
-
-    const params = this._getAnchorParams();
-
-    if (params.message) {
-      return new OAuthError(params.error, params.message);
-    }
-
-    return new OAuthError(params.error, titleCase(params.error));
-  }
-}

package/src/oauth/ImplicitFlowPopup.js

@@ -1,124 +0,0 @@
-/*
- * BSD 3-Clause License
- *
- * Copyright (c) 2020, Mapcreator
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- *  Redistributions of source code must retain the above copyright notice, this
- *   list of conditions and the following disclaimer.
- *
- *  Redistributions in binary form must reproduce the above copyright notice,
- *   this list of conditions and the following disclaimer in the documentation
- *   and/or other materials provided with the distribution.
- *
- *  Neither the name of the copyright holder nor the names of its
- *   contributors may be used to endorse or promote products derived from
- *   this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
- * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import StorageManager from '../storage/StorageManager';
-import OAuthError from '../errors/OAuthError';
-import ImplicitFlow from './ImplicitFlow';
-import OAuthToken from './OAuthToken';
-
-/**
- * Implicit OAuth flow using a pop-up.
- */
-export default class ImplicitFlowPopup extends ImplicitFlow {
-  /**
-   * Implicit pop-up authentication flow
-   * @param {String} clientId - OAuth client id
-   * @param {String} callbackUrl - callbackUrl for obtaining the token. This should be a
-   *                               page with this script on it. If left empty the current
-   *                               url will be used.
-   * @param {Array<String>} scopes - A list of required scopes
-   * @param {Boolean} useState - use state verification
-   * @param {String} windowOptions - optional window options for the pop-up window
-   */
-  constructor (clientId, callbackUrl = '', scopes = ['*'], useState = false, windowOptions = process.env.WINDOW_OPTIONS) {
-    super(clientId, callbackUrl, scopes, useState);
-
-    this.windowOptions = windowOptions;
-
-    if (window.name === ImplicitFlowPopup.popupWindowName) {
-      throw new Error('We\'re a flow popup');
-    }
-  }
-
-  /**
-   * Popup window name
-   * @returns {String} - window.name of the created pop-up
-   * @constant
-   */
-  static get popupWindowName () {
-    return 'm4n_api_auth';
-  }
-
-  /**
-   * @inheritDoc
-   */
-  authenticate () {
-    if (window.name === ImplicitFlowPopup.popupWindowName) {
-      return new Promise(() => {
-      });
-    }
-
-    // Should be super.super.authenticate() :/
-    if (this.authenticated) {
-      return new Promise(resolve => {
-        resolve(this.token);
-      });
-    }
-
-    return new Promise((resolve, reject) => {
-      const localStorage = StorageManager.localStorage;
-      const storageName = 'api_auth';
-
-      localStorage.remove(storageName);
-
-      const popup = window.open(
-        this._buildRedirectUrl(),
-        ImplicitFlowPopup.popupWindowName,
-        this.windowOptions,
-      );
-
-      const ticker = setInterval(() => {
-        const locationHash = localStorage.get(storageName);
-
-        if (locationHash) {
-          clearInterval(ticker);
-
-          const data = this._getAnchorParams(locationHash);
-
-          localStorage.remove(storageName);
-
-          try {
-            popup.close();
-          } catch (e) {
-            // cloudflare intercepted or closed manually
-          }
-
-          if (data.error) {
-            reject(new OAuthError(data.error, data.message));
-          } else {
-            resolve(this.token = OAuthToken.fromResponseObject(data));
-          }
-        }
-      }, 250);
-    });
-  }
-}

package/src/oauth/OAuth.js

@@ -1,131 +0,0 @@
-/*
- * BSD 3-Clause License
- *
- * Copyright (c) 2020, Mapcreator
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- *  Redistributions of source code must retain the above copyright notice, this
- *   list of conditions and the following disclaimer.
- *
- *  Redistributions in binary form must reproduce the above copyright notice,
- *   this list of conditions and the following disclaimer in the documentation
- *   and/or other materials provided with the distribution.
- *
- *  Neither the name of the copyright holder nor the names of its
- *   contributors may be used to endorse or promote products derived from
- *   this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
- * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import ky from 'ky-universal';
-import { AbstractClassError, AbstractMethodError } from '../errors/AbstractError';
-import StorageManager from '../storage/StorageManager';
-import OAuthToken from './OAuthToken';
-import StateContainer from './StateContainer';
-import { makeCancelable } from '../utils/helpers';
-
-/**
- * OAuth base class
- * @abstract
- */
-export default class OAuth {
-  token = null;
-  path = '/';
-  host = process.env.HOST;
-
-  /**
-   * @param {String} clientId - OAuth client id
-   * @param {Array<String>} scopes - A list of required scopes
-   */
-  constructor (clientId, scopes = ['*']) {
-    if (this.constructor === OAuth) {
-      throw new AbstractClassError();
-    }
-
-    this.clientId = String(clientId);
-    this.scopes = scopes;
-
-    if (this.clientId) {
-      this.token = OAuthToken.recover();
-    }
-  }
-
-  /**
-   * If the current instance has a valid token
-   * @returns {Boolean} - If a valid token is available
-   */
-  get authenticated () {
-    return this.token !== null && !this.token.expired;
-  }
-
-  /**
-   * Authenticate
-   * @returns {Promise<OAuthToken>} - Authentication token
-   * @throws {OAuthError}
-   * @abstract
-   */
-  authenticate () {
-    throw new AbstractMethodError();
-  }
-
-  /**
-   * Forget the current session
-   * Empty the session token store and forget the api token
-   */
-  forget () {
-    StateContainer.clean();
-    StorageManager.secure.remove(OAuthToken.storageName);
-
-    this.token = null;
-  }
-
-  /**
-   * Invalidates the session token
-   * @throws {OAuthError} - If de-authentication fails
-   * @throws {ApiError} - If the api returns errors
-   * @returns {CancelablePromise}
-   */
-  logout () {
-    if (!this.token) {
-      return makeCancelable(() => {});
-    }
-
-    const url = `${this.host}/oauth/logout`;
-
-    return makeCancelable(async signal => {
-      await ky.post(url, {
-        headers: {
-          Accept: 'application/json',
-          Authorization: this.token.toString(),
-        },
-        signal,
-      });
-
-      this.forget();
-    });
-  }
-
-  /**
-   * Manually import OAuthToken, usefull for debugging
-   * @param {String} token - OAuth token
-   * @param {String} [type=Bearer] - token type
-   * @param {Date|Number} [expires=5 days] - expire time in seconds or Date
-   * @param {Array<string>} [scopes=[]] - Any scopes
-   */
-  importToken (token, type = 'Bearer', expires = 432000, scopes = []) {
-    this.token = new OAuthToken(token, type, expires, scopes);
-  }
-}