typescript source code of abstract_authorized.grant

Project: ts-oauth2-server (GitHub Link)

ts-oauth2-server-master
- .github
  - stale.yml
  - workflows
    - build-and-test.yml
    - build-docs.yml
- src
  - utils
    - token.ts
    - date_interval.ts
    - jwt.ts
    - time.ts
    - base64.ts
    - array.ts
  - code_verifiers
    - S256.verifier.ts
    - plain.verifier.ts
    - verifier.ts
  - index.ts
  - repositories
    - client.repository.ts
    - user.repository.ts
    - access_token.repository.ts
    - auth_code.repository.ts
    - scope.repository.ts
  - responses
    - bearer_token.response.ts
    - response.ts
    - redirect.response.ts
  - exceptions
    - oauth.exception.ts
  - authorization_server.ts
  - entities
    - user.entity.ts
    - token.entity.ts
    - auth_code.entity.ts
    - client.entity.ts
    - scope.entity.ts
  - grants
    - abstract
      - grant.interface.ts
      - abstract_authorized.grant.ts
      - abstract.grant.ts
    - client_credentials.grant.ts
    - refresh_token.grant.ts
    - implicit.grant.ts
    - auth_code.grant.ts
    - password.grant.ts
  - adapters
    - express.ts
    - fastify.ts
  - requests
    - authorization.request.ts
    - request.ts
- jest.config.js
- examples
  - prisma_express
    - src
      - repositories
        client_repository.ts
        scope_repository.ts
        token_repository.ts
        user_repository.ts
        auth_code_repository.ts
      - main.ts
      - entities
        scope.ts
        token.ts
        user.ts
        client.ts
        auth_code.ts
    - prisma
      - schema.prisma
    - package.json
    - tsconfig.json
    - .gitignore
    - docker-compose.yml
  - typeorm_express
    - src
      - repositories
        client_repository.ts
        scope_repository.ts
        token_repository.ts
        user_repository.ts
        auth_code_repository.ts
      - main.ts
      - entities
        scope.ts
        token.ts
        user.ts
        client.ts
        auth_code.ts
    - ormconfig.js
    - package.json
    - tsconfig.json
    - .gitignore
    - docker-compose.yml
  - in_memory
    - repository.ts
    - oauth_authorization_server.ts
    - main.ts
    - database.ts
  - README.md
  - prisma_fastify
    - src
      - repositories
        client_repository.ts
        scope_repository.ts
        token_repository.ts
        user_repository.ts
        auth_code_repository.ts
      - main.ts
      - entities
        scope.ts
        token.ts
        user.ts
        client.ts
        auth_code.ts
    - prisma
      - schema.prisma
    - README.md
    - package.json
    - tsconfig.json
    - .gitignore
    - docker-compose.yml
- .tool-versions
- LICENSE
- test
  - jest_setup.ts
  - unit
    - utils
      - time.spec.ts
    - authorization_server.spec.ts
    - index.spec.ts
    - grants
      - refresh_token.grant.spec.ts
      - client_credentials.grant.spec.ts
      - password.grant.spec.ts
      - auth_code.grant.spec.ts
      - implicit.grant.spec.ts
- pnpm-workspace.yaml
- SECURITY.md
- tsconfig.build.json
- README.md
- package.json
- deploy.sh
- .idea
  - codeStyles
    - codeStyleConfig.xml
    - Project.xml
  - compiler.xml
  - modules.xml
  - typescript-oauth2-server.iml
  - vcs.xml
- .eslintrc.js
- tsconfig.json
- .gitignore
- docs
  - utils
    - README.md
  - getting_started
    - README.md
  - sources
    - README.md
  - glossary
    - README.md
  - repositories
    - README.md
  - .vuepress
    - config.js
  - README.md
  - entities
    - README.md
  - grants
    - client_credentials.md
    - password.md
    - authorization_code.md
    - README.md
    - refresh_token.md
    - implicit.md
  - adapters
    - README.md

import querystring, { ParsedUrlQueryInput } from "querystring";
import { parse } from "uri-js";

import { OAuthClient } from "../../entities/client.entity";
import { OAuthException } from "../../exceptions/oauth.exception";
import { RequestInterface } from "../../requests/request";
import { AbstractGrant } from "./abstract.grant";

export abstract class AbstractAuthorizedGrant extends AbstractGrant {
  protected makeRedirectUrl(uri: string, params: ParsedUrlQueryInput, queryDelimiter = "?") {
    const split = uri.includes(queryDelimiter) ? "&" : queryDelimiter;
    return uri + split + querystring.stringify(params);
  }

  protected getRedirectUri(request: RequestInterface, client: OAuthClient): string | undefined {
    let redirectUri = this.getQueryStringParameter("redirect_uri", request);

    if (!redirectUri) {
      return;
    }

    if (Array.isArray(redirectUri) && redirectUri.length === 1) {
      redirectUri = redirectUri[0];
    }

    this.validateRedirectUri(redirectUri, client);

    return redirectUri;
  }

  private validateRedirectUri(redirectUri: any, client: OAuthClient) {
    if (typeof redirectUri !== "string" || redirectUri === "") {
      throw OAuthException.invalidRequest("redirect_uri");
    }

    const parsed = parse(redirectUri);

    if (!parsed.scheme) {
      throw OAuthException.invalidRequest("redirect_uri");
    }

    if (!!parsed.fragment) {
      throw OAuthException.invalidRequest(
        "redirect_uri",
        "Redirection endpoint must not contain url fragment based on RFC6749, section 3.1.2",
      );
    }

    const redirectUriWithoutQuery = redirectUri.split("?")[0];
    if (!client.redirectUris.includes(redirectUriWithoutQuery)) {
      throw OAuthException.invalidClient("Invalid redirect_uri");
    }

    return redirectUri;
  }
}