feat: Add a CORS-enabled endpoint for refresh token in Hydra plugin

reactioncommerce · Oct 16, 2018 · d01e62f · d01e62f
1 parent aaa6a06
commit d01e62f
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 2 deletions.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -26,7 +26,9 @@ services:
       MONGO_OPLOG_URL: "mongodb://mongo:27017/local"
       ROOT_URL: "http://localhost:3000"
       HYDRA_ADMIN_URL: "http://hydra:4445"
+      HYDRA_TOKEN_URL: "http://hydra:4444/oauth2/token"
       HYDRA_OAUTH2_INTROSPECT_URL: "http://hydra:4445/oauth2/introspect"
+      OAUTH2_CLIENT_DOMAIN: "http://localhost:4000"
     networks:
       default:
       api:

diff --git a/imports/plugins/core/hydra-oauth/server/oauthEndpoints.js b/imports/plugins/core/hydra-oauth/server/oauthEndpoints.js
@@ -68,6 +68,19 @@ WebApp.connectHandlers.use("/consent", (req, res) => {
     .catch((errorMessage) => errorHandler(errorMessage, res));
 });
 
+WebApp.connectHandlers.use("/token/refresh", (req, res) => {
+  res.setHeader("Access-Control-Allow-Origin", process.env.OAUTH2_CLIENT_DOMAIN);
+
+  hydra
+    .refreshAuthToken(req.query)
+    .then((apiRes) => {
+      Logger.debug(`Refresh auth token call successful: ${apiRes.statusCode}`);
+      res.writeHead(200, { "Content-Type": "application/json" });
+      return res.end(JSON.stringify(apiRes));
+    })
+    .catch((errorMessage) => errorHandler(errorMessage, res));
+});
+
 WebApp.connectHandlers.use("/logout", (req, res) => {
   hydra
     .deleteUserSession(req.query.userId)

diff --git a/imports/plugins/core/hydra-oauth/server/util/hydra.js b/imports/plugins/core/hydra-oauth/server/util/hydra.js
@@ -1,7 +1,7 @@
 import Logger from "@reactioncommerce/logger";
 import fetch from "node-fetch";
 
-const { HYDRA_ADMIN_URL } = process.env;
+const { HYDRA_ADMIN_URL, HYDRA_TOKEN_URL } = process.env;
 let mockTlsTermination = {};
 
 if (process.env.MOCK_TLS_TERMINATION) {
@@ -78,12 +78,36 @@ function deleteUserSession(id) {
     });
 }
 
+/**
+ * @name refreshAuthToken
+ * @method
+ * @private
+ * @param  {String} options options
+ * @return {Object|String} API res
+ */
+function refreshAuthToken({ refreshToken, clientId, clientSecret }) {
+  return fetch(`${HYDRA_TOKEN_URL}`, {
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    method: "POST",
+    body: `grant_type=refresh_token&refresh_token=${refreshToken}&response_type=token&client_id=${clientId}&client_secret=${clientSecret}`
+  })
+    .then(async (res) => {
+      if (res.status < 200 || res.status > 302) {
+        const json = await res.json();
+        Logger.error("An error occurred while calling refresh API", json.error_description);
+        return Promise.reject(new Error(json.error_description));
+      }
+      return res.json();
+    });
+}
+
 export default {
   getLoginRequest: (challenge) => get("login", challenge),
   acceptLoginRequest: (challenge, body) => put("login", "accept", challenge, body),
   rejectLoginRequest: (challenge) => put("login", "reject", challenge),
   getConsentRequest: (challenge) => get("consent", challenge),
   acceptConsentRequest: (challenge, body) => put("consent", "accept", challenge, body),
   rejectConsentRequest: (challenge, body) => put("consent", "reject", challenge, body),
-  deleteUserSession: (id) => deleteUserSession(id)
+  deleteUserSession: (id) => deleteUserSession(id),
+  refreshAuthToken: (options) => refreshAuthToken(options)
 };