UNPKG

@adonisjs/auth

Version:

Official authentication provider for Adonis framework

github.com/adonisjs/auth

adonisjs/auth

338 lines (337 loc) 9.02 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
import { n as E_UNAUTHORIZED_ACCESS } from "../../errors-eDV8ejO0.js"; import "../../symbols-C5QEqFvJ.js"; import { RuntimeException } from "@adonisjs/core/exceptions"; import { base64 } from "@adonisjs/core/helpers"; import auth from "basic-auth"; //#region modules/basic_auth_guard/guard.ts /** * BasicAuth guard implements the HTTP Authentication protocol * * @template UserProvider - The user provider contract * * @example * const guard = new BasicAuthGuard( * 'basic', * ctx, * emitter, * userProvider * ) * * const user = await guard.authenticate() * console.log('Authenticated user:', user.email) */ var BasicAuthGuard = class { /** * A unique name for the guard. */ #name; /** * Reference to the current HTTP context */ #ctx; /** * Provider to lookup user details */ #userProvider; /** * Emitter to emit events */ #emitter; /** * Driver name of the guard */ driverName = "basic_auth"; /** * Whether or not the authentication has been attempted * during the current request. */ authenticationAttempted = false; /** * A boolean to know if the current request has * been authenticated */ isAuthenticated = false; /** * Reference to an instance of the authenticated user. * The value only exists after calling one of the * following methods. * * - authenticate * - check * * You can use the "getUserOrFail" method to throw an exception if * the request is not authenticated. */ user; /** * Creates a new BasicAuthGuard instance * * @param name - Unique name for the guard instance * @param ctx - HTTP context for the current request * @param emitter - Event emitter for guard events * @param userProvider - User provider for credential verification * * @example * const guard = new BasicAuthGuard( * 'basic', * ctx, * emitter, * new BasicAuthLucidUserProvider() * ) */ constructor(name, ctx, emitter, userProvider) { this.#name = name; this.#ctx = ctx; this.#emitter = emitter; this.#userProvider = userProvider; } /** * Emits authentication failure, updates the local state, * and returns an exception to end the authentication * cycle. */ #authenticationFailed() { this.isAuthenticated = false; this.user = void 0; const error = new E_UNAUTHORIZED_ACCESS("Invalid basic auth credentials", { guardDriverName: this.driverName }); this.#emitter.emit("basic_auth:authentication_failed", { ctx: this.#ctx, guardName: this.#name, error }); return error; } /** * Emits the authentication succeeded event and updates * the local state to reflect successful authentication */ #authenticationSucceeded(user) { this.isAuthenticated = true; this.user = user; this.#emitter.emit("basic_auth:authentication_succeeded", { ctx: this.#ctx, guardName: this.#name, user }); } /** * Returns an instance of the authenticated user. Or throws * an exception if the request is not authenticated. * * @throws {E_UNAUTHORIZED_ACCESS} When user is not authenticated * * @example * const user = guard.getUserOrFail() * console.log('User:', user.email) */ getUserOrFail() { if (!this.user) throw new E_UNAUTHORIZED_ACCESS("Invalid basic auth credentials", { guardDriverName: this.driverName }); return this.user; } /** * Authenticates the incoming HTTP request by looking for BasicAuth * credentials inside the request authorization header. * * @throws {E_UNAUTHORIZED_ACCESS} When authentication fails * * @example * try { * const user = await guard.authenticate() * console.log('Authenticated as:', user.email) * } catch (error) { * console.log('Authentication failed') * } */ async authenticate() { /** * Avoid re-authenticating when already authenticated */ if (this.authenticationAttempted) return this.getUserOrFail(); /** * Beginning authentication attempt */ this.authenticationAttempted = true; this.#emitter.emit("basic_auth:authentication_attempted", { ctx: this.#ctx, guardName: this.#name }); /** * Fetch credentials from the header or fail */ const credentials = auth(this.#ctx.request.request); if (!credentials) throw this.#authenticationFailed(); /** * Verify user credentials or fail */ const user = await this.#userProvider.verifyCredentials(credentials.name, credentials.pass); if (!user) throw this.#authenticationFailed(); /** * Mark user as authenticated */ this.#authenticationSucceeded(user.getOriginal()); return this.getUserOrFail(); } /** * Silently attempt to authenticate the user. * * The method returns a boolean indicating if the authentication * succeeded or failed. * * @example * const isAuthenticated = await guard.check() * if (isAuthenticated) { * console.log('User is authenticated:', guard.user.email) * } */ async check() { try { await this.authenticate(); return true; } catch (error) { if (error instanceof E_UNAUTHORIZED_ACCESS) return false; throw error; } } /** * Returns the Authorization header clients can use to authenticate * the request using basic auth. * * @param uid - The username or user identifier * @param password - The user's password * * @example * const clientAuth = await guard.authenticateAsClient('user@example.com', 'secret') * // Use clientAuth.headers.authorization in API tests */ async authenticateAsClient(uid, password) { return { headers: { authorization: `Basic ${base64.encode(`${uid}:${password}`)}` } }; } }; //#endregion //#region modules/basic_auth_guard/user_providers/lucid.ts /** * Uses a Lucid model to verify access tokens and find a user during * authentication * * @template UserModel - The Lucid model representing the user * * @example * const userProvider = new BasicAuthLucidUserProvider({ * model: () => import('#models/user') * }) */ var BasicAuthLucidUserProvider = class { /** * Reference to the lazily imported model */ model; /** * Creates a new BasicAuthLucidUserProvider instance * * @param options - Configuration options for the user provider * * @example * const provider = new BasicAuthLucidUserProvider({ * model: () => import('#models/user') * }) */ constructor(options) { this.options = options; } /** * Imports the model from the provider, returns and caches it * for further operations. * * @example * const UserModel = await provider.getModel() * const user = await UserModel.find(1) */ async getModel() { if (this.model && !("hot" in import.meta)) return this.model; this.model = (await this.options.model()).default; return this.model; } /** * Creates an adapter user for the guard * * @param user - The user model instance * * @example * const guardUser = await provider.createUserForGuard(user) * console.log('User ID:', guardUser.getId()) */ async createUserForGuard(user) { const model = await this.getModel(); if (user instanceof model === false) throw new RuntimeException(`Invalid user object. It must be an instance of the "${model.name}" model`); return { getId() { /** * Ensure user has a primary key */ if (!user.$primaryKeyValue) throw new RuntimeException(`Cannot use "${model.name}" model for authentication. The value of column "${model.primaryKey}" is undefined or null`); return user.$primaryKeyValue; }, getOriginal() { return user; } }; } /** * Verifies credentials using the underlying model * * @param uid - The username or user identifier * @param password - The password to verify * * @example * const guardUser = await provider.verifyCredentials('user@example.com', 'secret') * if (guardUser) { * console.log('Valid credentials') * } */ async verifyCredentials(uid, password) { const model = await this.getModel(); try { const user = await model.verifyCredentials(uid, password); return this.createUserForGuard(user); } catch { return null; } } }; //#endregion //#region modules/basic_auth_guard/define_config.ts /** * Configures basic auth guard for authentication using HTTP Basic Authentication * * @param config - Configuration object containing the user provider * * @example * const guard = basicAuthGuard({ * provider: basicAuthUserProvider({ * model: () => import('#models/user') * }) * }) */ function basicAuthGuard(config) { return { async resolver(name, app) { const emitter = await app.container.make("emitter"); const provider = "resolver" in config.provider ? await config.provider.resolver(app) : config.provider; return (ctx) => new BasicAuthGuard(name, ctx, emitter, provider); } }; } /** * Configures user provider that uses Lucid models to authenticate * users using basic auth credentials * * @param config - Configuration options for the Lucid user provider * * @example * const userProvider = basicAuthUserProvider({ * model: () => import('#models/user') * }) */ function basicAuthUserProvider(config) { return new BasicAuthLucidUserProvider(config); } //#endregion export { BasicAuthGuard, BasicAuthLucidUserProvider, basicAuthGuard, basicAuthUserProvider };