Commit 4a6b5a3b authored by Pedro Eduardo Trujillo's avatar Pedro Eduardo Trujillo
Browse files

Mueve definición de ID de cliente OAuth al server 

En lugar de recibir el valor de ID de cliente OAuth desde web en la
petición de obtener token, se define este valor ya en el lado del
server. Realmente es la API NodeJS (quien hace proxy de OAuth) el
cliente que conecta, por lo que no tiene sentido dejar esto en la web.
parent 65650058

app/exposure.js

+2 −3
Original line number Diff line number Diff line
@@ -7,6 +7,7 @@ let express = require('express'), 


let logger, params, version, robotsContent, sitemapContent, sitemapLastUpdated,

	oauthUrl = process.env.OAUTH_URL,

	oauthClientId = process.env.OAUTH_CLIENT_ID,

	oauthClientSecret = process.env.OAUTH_CLIENT_SECRET,

	production = !!parseInt(process.env.PRODUCTION, 10),

	apiUrl = process.env.API_URL,
@@ -177,13 +178,11 @@ function onOauthTokenRequest(req, res) { 
	res.set('Content-Type', 'application/json');



	let body = req.body,



		clientId = body.clientid,

		password = body.password,

		username = body.username,



		getTokenUrl = oauthUrl + '/token',

		clientCredentials = clientId + ':' + oauthClientSecret,

		clientCredentials = oauthClientId + ':' + oauthClientSecret,

		base64ClientCredentials = Buffer.from(clientCredentials).toString('base64'),



		reqLibrary = getTokenUrl.indexOf('https') === -1 ? http : https;

deploy/.env

+2 −0
Original line number Diff line number Diff line 
NODE_IMAGE_TAG=18.1.0-alpine3.15



OAUTH_URL=https://api.domain/oauth

OAUTH_CLIENT_ID=app

OAUTH_CLIENT_SECRET=secret

API_URL=https://api.domain

SITEMAP_URL=https://s3.eu-west-1.amazonaws.com/mediastorage.redmic/public/sitemap.xml



PUBLIC_HOSTNAME=change.me

TRAEFIK_ENTRYPOINT=http

deploy/docker-compose.tmpl.yml

+1 −0
Original line number Diff line number Diff line
@@ -10,6 +10,7 @@ services: 
        NODE_IMAGE_TAG:

    environment:

      OAUTH_URL:

      OAUTH_CLIENT_ID:

      OAUTH_CLIENT_SECRET:

      API_URL:

      SITEMAP_URL:

public/javascript/app/redmicConfig.js

+0 −1
Original line number Diff line number Diff line
@@ -6,7 +6,6 @@ define([], function() { 
		'numMaxView': 10,

		'apiVersion': 1,

		'pathSeparator': '/',

		'oauthClientId': 'app',

		'siteKeyReCaptcha': '6LfA6_0SAAAAACT3i8poH1NqztZCtIW1OahT0cXs',

		'siteKeyForDebugReCaptcha': '6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI',

		'googleAnalyticsId': 'G-J753HC86F0'

public/javascript/app/user/views/LoginView.js

+2 −3
Original line number Diff line number Diff line
@@ -141,10 +141,9 @@ define([ 
			//		values private: credenciales para obtener el token

			//



			var clientId = redmicConfig.oauthClientId,

				username = values.email,

			var username = values.email,

				password = values.password,

				data = 'clientid=' + clientId + '&username=' + username + '&password=' + password;

				data = 'username=' + username + '&password=' + password;



			this._emitEvt('REQUEST', {

				method: 'POST',