Browse Source

refactor: Fetches OIDC endpoints once during users module initialization

Owen Diffey 2 months ago
parent
commit
3e66c04c43
2 changed files with 13 additions and 19 deletions
  1. 2 13
      backend/logic/app.js
  2. 11 6
      backend/logic/users.js

+ 2 - 13
backend/logic/app.js

@@ -4,7 +4,6 @@ import cookieParser from "cookie-parser";
 import bodyParser from "body-parser";
 import express from "express";
 import http from "http";
-import axios from "axios";
 
 import CoreClass from "../core";
 
@@ -145,16 +144,6 @@ class _AppModule extends CoreClass {
 		}
 
 		if (config.get("apis.oidc.enabled")) {
-			const redirectUri =
-				config.get("apis.oidc.redirect_uri").length > 0
-					? config.get("apis.oidc.redirect_uri")
-					: `${appUrl}/backend/auth/oidc/authorize/callback`;
-
-			// TODO don't fetch the openid configuration twice (app module and user module)
-			const openidConfigurationResponse = await axios.get(config.get("apis.oidc.openid_configuration_url"));
-
-			const { authorization_endpoint: authorizationEndpoint } = openidConfigurationResponse.data;
-
 			app.get("/auth/oidc/authorize", async (req, res) => {
 				if (this.getStatus() !== "READY") {
 					this.log(
@@ -167,11 +156,11 @@ class _AppModule extends CoreClass {
 
 				const params = [
 					`client_id=${config.get("apis.oidc.client_id")}`,
-					`redirect_uri=${redirectUri}`,
+					`redirect_uri=${UsersModule.oidcRedirectUri}`,
 					`scope=basic openid`, // TODO check if openid is necessary for us
 					`response_type=code`
 				].join("&");
-				return res.redirect(`${authorizationEndpoint}?${params}`);
+				return res.redirect(`${UsersModule.oidcAuthorizationEndpoint}?${params}`);
 			});
 
 			app.get("/auth/oidc/authorize/callback", async (req, res) => {

+ 11 - 6
backend/logic/users.js

@@ -59,10 +59,6 @@ class _UsersModule extends CoreClass {
 			config.get("apis.github.redirect_uri").length > 0
 				? config.get("apis.github.redirect_uri")
 				: `${this.appUrl}/backend/auth/github/authorize/callback`;
-		this.oidcRedirectUri =
-			config.get("apis.oidc.redirect_uri").length > 0
-				? config.get("apis.oidc.redirect_uri")
-				: `${this.appUrl}/backend/auth/oidc/authorize/callback`;
 
 		this.oauth2 = new OAuth2(
 			config.get("apis.github.client"),
@@ -85,11 +81,20 @@ class _UsersModule extends CoreClass {
 		if (config.get("apis.oidc.enabled")) {
 			const openidConfigurationResponse = await axios.get(config.get("apis.oidc.openid_configuration_url"));
 
-			const { token_endpoint: tokenEndpoint, userinfo_endpoint: userinfoEndpoint } =
-				openidConfigurationResponse.data;
+			const {
+				authorization_endpoint: authorizationEndpoint,
+				token_endpoint: tokenEndpoint,
+				userinfo_endpoint: userinfoEndpoint
+			} = openidConfigurationResponse.data;
 
 			// TODO somehow make this endpoint immutable, if possible in some way
+			this.oidcAuthorizationEndpoint = authorizationEndpoint;
+			this.oidcTokenEndpoint = userinfoEndpoint;
 			this.oidcUserinfoEndpoint = userinfoEndpoint;
+			this.oidcRedirectUri =
+				config.get("apis.oidc.redirect_uri").length > 0
+					? config.get("apis.oidc.redirect_uri")
+					: `${this.appUrl}/backend/auth/oidc/authorize/callback`;
 
 			//
 			const clientId = config.get("apis.oidc.client_id");