@altostra/core
Version:
Core library for shared types and logic
1 lines • 2 kB
JavaScript
;Object.defineProperty(exports,"__esModule",{value:!0}),exports.authenticator=exports.ALTO_TEAM_AUTH_HEADER=void 0;const Logging_1=require("../common/Logging"),Organization_1=require("../common/Models/Organization"),fn_1=require("../deployments/fn"),type_validations_1=require("@altostra/type-validations"),JwtValidator_1=require("./JwtValidator"),_1=require(".");function authenticator(i,t,e=(0,Logging_1.consoleLogger)()){var o,a;const{AUTH0_AUDIENCE:r}=(0,fn_1.getFromEnvironment)(["AUTH0_AUDIENCE"]),n=getPublicKeys(),s=new JwtValidator_1.JwtValidator({audience:[r],publicKeys:n}).validate(i);if("result-success"!==s.type)return void e.info("Failed to fullfil request: "+s.error.message,{validationResult:s});let l=null===(o=s.value.claims.altostra)||void 0===o?void 0:o["https://altostra.com/organization"];const c=null===(a=s.value.claims.altostra)||void 0===a?void 0:a["https://altostra.com/member_of"];if((0,Organization_1.isOrganizationId)(l)){if(void 0===c||isOrganizationIdsArray(c)){if(void 0!==t&&t!==l){if(!(t===s.value.user||c&&c.includes(t)))return void e.warn("The user is not a member of the requested team.",{selectedOrganization:t,organizations:null!=c?c:null});l=t}return{altostraAccountId:l,jwtValidationResult:s.value,permissions:s.value.claims.permissions,claims:s.value.claims,organizations:null!=c?c:[]}}e.error("JWT contains invalid Altostra member of claims",c)}else e.error("JWT contains invalid Altostra organization claims",l)}exports.ALTO_TEAM_AUTH_HEADER="x-alto-account",exports.authenticator=authenticator;const isOrganizationIdsArray=(0,type_validations_1.arrayOf)(Organization_1.isOrganizationId);function convertBase64ToAscii(i){return Buffer.from(i,"base64").toString("ascii")}function getPublicKeys(){const i=[],t=process.env.AUTH0_PUBLIC_KEY_BASE64?convertBase64ToAscii(process.env.AUTH0_PUBLIC_KEY_BASE64):_1.altostraPublicKey;return i.push(t),process.env.KMS_PUBLIC_KEY_BASE64&&i.push(convertBase64ToAscii(process.env.KMS_PUBLIC_KEY_BASE64)),i}