UNPKG

@actonate/mirkwood

Version:

GraphQL based Rapid Server-side Development framework

github.com/Actonate/mirkwood

Actonate/mirkwood

156 lines (123 loc) 4.88 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
'use strict'; Object.defineProperty(exports, "__esModule", { value: true }); var _createClass = function () { function defineProperties(target, props) { for (var i = 0; i < props.length; i++) { var descriptor = props[i]; descriptor.enumerable = descriptor.enumerable || false; descriptor.configurable = true; if ("value" in descriptor) descriptor.writable = true; Object.defineProperty(target, descriptor.key, descriptor); } } return function (Constructor, protoProps, staticProps) { if (protoProps) defineProperties(Constructor.prototype, protoProps); if (staticProps) defineProperties(Constructor, staticProps); return Constructor; }; }(); var _jsonwebtoken = require('jsonwebtoken'); var _jsonwebtoken2 = _interopRequireDefault(_jsonwebtoken); var _types = require('./types'); var _types2 = _interopRequireDefault(_types); var _errors = require('../errors'); function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; } function _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError("Cannot call a class as a function"); } } var Authenticator = function () { function Authenticator() { _classCallCheck(this, Authenticator); } _createClass(Authenticator, null, [{ key: 'init', value: function init(_ref) { var config = _ref.config; this.config = config; } }, { key: 'authenticate', value: function authenticate(_ref2, request) { var role = _ref2.role, user = _ref2.user, _ref2$permissions = _ref2.permissions, permissions = _ref2$permissions === undefined ? [] : _ref2$permissions; request.session.auth = { role: role, user: user, permissions: permissions }; } }, { key: 'token', value: function token(_ref3) { var role = _ref3.role, user = _ref3.user, _ref3$permissions = _ref3.permissions, permissions = _ref3$permissions === undefined ? [] : _ref3$permissions; var tokenConfig = this.config.token || {}; if (!tokenConfig.secret) { throw 'Secret for signing JWT not specified in Auth config (auth.js)'; } var token = _jsonwebtoken2.default.sign({ role: role, user: user, permissions: permissions }, tokenConfig.secret, tokenConfig.options); return token; } }, { key: 'user', value: function user(request) { var tokenConfig = this.config.token || {}; var authorization = request.headers['authorization']; // default to session auth var userAuth = request.session.auth || {}; if (authorization && authorization.split(' ')[0] === 'Bearer') { var token = authorization ? authorization.split(' ')[1] : false; if (!token) { userAuth = {}; } try { userAuth = _jsonwebtoken2.default.verify(token, tokenConfig.secret); } catch (err) { if (err && err.name === 'TokenExpiredError') { // expired throw new _errors.AuthenticationTokenExpiredError(); } // return invalid error throw new _errors.AuthenticationTokenInvalidError(); } } return userAuth; } // Deprecated, use user instead }, { key: 'session', value: function session(request) { if (request.session.auth) { return request.session.auth; } return false; } }, { key: 'unauthenticate', value: function unauthenticate(_ref4, request) { var role = _ref4.role; if (request.session.auth) { request.session.auth = false; } } }, { key: 'checkAuthentication', value: function checkAuthentication(_ref5, request) { var _this = this; var modelName = _ref5.modelName, resolverName = _ref5.resolverName; var tokenConfig = this.config.token || {}; var authorization = request.headers['authorization']; var userAuth = this.user(request); return new Promise(function (resolve, reject) { var userRole = userAuth.role || 'anonymous'; var fullResolverName = [modelName, resolverName].join('.'); if (!modelName) { // if no modelname present, this can happen with _meta and other possible internal types fullResolverName = resolverName; } var roleAcl = _this.config.acl[userRole]; if (roleAcl && (roleAcl.includes(fullResolverName) || roleAcl.includes('*') || roleAcl.includes([modelName, '*'].join('.')))) { resolve(); } else { if (userRole === 'anonymous') { reject(new _errors.AuthenticationRequiredError()); } else { reject(new _errors.ForbiddenError()); } } }); } }]); return Authenticator; }(); exports.default = Authenticator;