Mise à jour de dépendances mineures

backend/controllers/moncomptepro.ts

@@ -1,10 +1,11 @@
 import jwt from "jsonwebtoken"
 import config from "../config/index.js"
-import { Issuer } from "openid-client"
+import * as client from "openid-client"
 import Sentry from "@sentry/node"
 
 const JWT_EXPIRATION_DELAY = 15552000 // 6 * 30 * 24 * 60 * 60 = 6 months
 const MCP_TOKEN = "mcp_token"
+const MCP_CODE_VERIFER = "mcp_vrfer"
 
 const accompagnement = config.accompagnement
 
@@ -20,31 +21,25 @@ const {
 const { sessionSecret } = config
 const baseUrl = config.baseURL
 
-const getMcpClient = async () => {
-  const mcpIssuer = await Issuer.discover(provider)
-
-  return new mcpIssuer.Client({
-    client_id,
-    client_secret,
-    redirect_uris: [redirect_uri],
-    response_types: ["code"],
-  })
+const getMcpClient = async (): Promise<client.Configuration> => {
+  return await client.discovery(new URL(provider), client_id, client_secret)
 }
 
 const login = async (req, res) => {
-  const client = await getMcpClient()
-  const redirectUrl = client.authorizationUrl({
+  const mcpIssuer = await getMcpClient()
+  const parameters: Record<string, string> = {
+    redirect_uri,
     scope,
-  })
-  res.redirect(redirectUrl)
+  }
+  const redirectUrl: URL = client.buildAuthorizationUrl(mcpIssuer, parameters)
+  return res.redirect(redirectUrl.href)
 }
 
 const retrieveMcpAccessToken = async (req) => {
   try {
-    const client = await getMcpClient()
-    const params = client.callbackParams(req)
-    const tokenSet = await client.callback(redirect_uri, params)
-    return tokenSet.access_token
+    const mcpIssuer = await getMcpClient()
+    const currentUrl = new URL(config.baseURL + req.originalUrl)
+    return await client.authorizationCodeGrant(mcpIssuer, currentUrl, {})
   } catch (error) {
     console.error("Error in retrieveMcpAccessToken: ", error)
     throw error
@@ -58,12 +53,16 @@ const access = async (req, res, next) => {
     const mcpCode = req.query.code
 
     if (mcpCode) {
-      const mcpAccessToken = await retrieveMcpAccessToken(req)
-      const client = await getMcpClient()
-      if (!mcpAccessToken) {
+      const tokens = await retrieveMcpAccessToken(req)
+      const mcpIssuer = await getMcpClient()
+      if (!tokens) {
         throw new Error("No mcpAccessToken")
       }
-      const userInfo = await client.userinfo(mcpAccessToken)
+
+      const { access_token } = tokens
+      const claims = tokens.claims()!
+      const { sub } = claims
+      const userInfo = await client.fetchUserInfo(mcpIssuer, access_token, sub)
       if (!userInfo.email) {
         throw new Error("No userInfo email")
       }
@@ -75,7 +74,7 @@ const access = async (req, res, next) => {
         })
         res.cookie(MCP_TOKEN, mcpToken)
       } else {
-        res.clearCookie(MCP_TOKEN)
+        clearCookie(res)
         return res.redirect(accompagnement.unauthorizedPath)
       }
     }
@@ -87,15 +86,15 @@ const access = async (req, res, next) => {
       if (isAuthorized) {
         return next()
       } else {
-        res.clearCookie(MCP_TOKEN)
+        clearCookie(res)
         return res.redirect(accompagnement.unauthorizedPath)
       }
     }
 
     return login(req, res)
   } catch (error) {
     Sentry.captureException(error)
-    res.clearCookie(MCP_TOKEN)
+    clearCookie(res)
     return res.redirect(accompagnement.errorPath)
   }
 }
@@ -108,13 +107,18 @@ const loginCallbackRedirect = (req, res) => {
   }
 }
 
+const clearCookie = (res) => {
+  res.clearCookie(MCP_TOKEN)
+  res.clearCookie(MCP_CODE_VERIFER)
+}
+
 const logout = async (req, res, next) => {
   try {
-    res.clearCookie(MCP_TOKEN)
-    const client = await getMcpClient()
-    const redirectUrl = client.endSessionUrl({
+    clearCookie(res)
+    const mcpIssuer = await getMcpClient()
+    const redirectUrl = client.buildEndSessionUrl(mcpIssuer, {
       post_logout_redirect_uri: `${baseUrl}${accompagnement.path}`,
-    })
+    }).href
     res.redirect(redirectUrl)
   } catch (e) {
     next(e)

backend/routes/moncomptepro.ts

@@ -1,9 +1,18 @@
 import cookieParser from "cookie-parser"
 import moncompteproController from "../controllers/moncomptepro.js"
 import { Express } from "express"
+import rateLimit from "express-rate-limit"
 
 const moncompteproRoutes = function (api: Express) {
-  api.get("/login", moncompteproController.login)
+  const loginRateLimiter = rateLimit({
+    windowMs: 900000, // 15 minutes
+  })
+  api.get(
+    "/login",
+    cookieParser(),
+    loginRateLimiter,
+    moncompteproController.login
+  )
   api.get(
     "/auth/redirect",
     cookieParser(),