UNPKG

@digicms/cms

Version:

An open source headless CMS solution to create and manage your own API. It provides a powerful dashboard and features to make your life easier. Databases supported: MySQL, MariaDB, PostgreSQL, SQLite

strapi.io

strapi/strapi

110 lines (80 loc) 2.69 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
'use strict'; const { strict: assert } = require('assert'); const { has, prop } = require('lodash/fp'); const { UnauthorizedError } = require('@strapi/utils').errors; const INVALID_STRATEGY_MSG = 'Invalid auth strategy. Expecting an object with properties {name: string, authenticate: function, verify: function}'; const validStrategy = (strategy) => { assert(has('authenticate', strategy), INVALID_STRATEGY_MSG); assert(typeof strategy.authenticate === 'function', INVALID_STRATEGY_MSG); if (has('verify', strategy)) { assert(typeof strategy.verify === 'function', INVALID_STRATEGY_MSG); } }; const createAuthentication = () => { const strategies = {}; return { register(type, strategy) { validStrategy(strategy); if (!strategies[type]) { strategies[type] = []; } strategies[type].push(strategy); return this; }, async authenticate(ctx, next) { const { route } = ctx.state; // use route strategy const config = prop('config.auth', route); if (config === false) { return next(); } const routeStrategies = strategies[route.info.type]; const configStrategies = config?.strategies ?? routeStrategies ?? []; const strategiesToUse = configStrategies.reduce((acc, strategy) => { // Resolve by strategy name if (typeof strategy === 'string') { const routeStrategy = routeStrategies.find((rs) => rs.name === strategy); if (routeStrategy) { acc.push(routeStrategy); } } // Use the given strategy as is else if (typeof strategy === 'object') { validStrategy(strategy); acc.push(strategy); } return acc; }, []); for (const strategy of strategiesToUse) { const result = await strategy.authenticate(ctx); const { authenticated = false, credentials, ability = null, error = null } = result || {}; if (error !== null) { return ctx.unauthorized(error); } if (authenticated) { ctx.state.isAuthenticated = true; ctx.state.auth = { strategy, credentials, ability, }; return next(); } } return ctx.unauthorized('Missing or invalid credentials'); }, async verify(auth, config = {}) { if (config === false) { return; } if (!auth) { throw new UnauthorizedError(); } if (typeof auth.strategy.verify === 'function') { return auth.strategy.verify(auth, config); } }, }; }; module.exports = createAuthentication;