UNPKG

@es-labs/node

Version:

Reusable CJS code

github.com/es-labs/jscommon

es-labs/jscommon

100 lines (91 loc) 3.25 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
'use strict' // own authentication const jwt = require('jsonwebtoken') const bcrypt = require('bcryptjs') const otplib = require('otplib') const { getSecret, createToken, setTokensToHeader, authFns } = require('../../../auth') const { COOKIE_HTTPONLY, AUTH_USER_FIELD_LOGIN, AUTH_USER_FIELD_PASSWORD, AUTH_USER_FIELD_GAKEY, AUTH_USER_FIELD_ID_FOR_JWT, JWT_REFRESH_STORE, USE_OTP, JWT_ALG } = process.env const logout = async (req, res) => { let id = null try { let access_token = null let tmp = req.cookies?.Authorization || req.header('Authorization') || req.query?.Authorization access_token = tmp.split(' ')[1] const result = jwt.decode(access_token) id = result.id jwt.verify(access_token, getSecret('verify', 'access'), { algorithm: [JWT_ALG] }) // throw if expired or invalid } catch (e) { if (e.name !== 'TokenExpiredError') id = null } try { if (id) { await authFns.revokeRefreshToken(id) // clear if (COOKIE_HTTPONLY) { res.clearCookie('refresh_token') res.clearCookie('Authorization') } return res.status(200).json({ message: 'Logged Out' }) } } catch (e) { } return res.status(500).json() } const refresh = async (req, res) => { // refresh logic all done in authUser return res.status(401).json({ message: 'Error token revoked' }) } const login = async (req, res) => { try { const user = await authFns.findUser({ [AUTH_USER_FIELD_LOGIN]: req.body[AUTH_USER_FIELD_LOGIN] }) const password = req.body[AUTH_USER_FIELD_PASSWORD] if (!user) return res.status(401).json({ message: 'Incorrect credentials...' }) if (!bcrypt.compareSync(password, user[AUTH_USER_FIELD_PASSWORD])) return res.status(401).json({ message: 'Incorrect credentials' }) if (user.revoked) return res.status(401).json({ message: 'Revoked credentials' }) const id = user[AUTH_USER_FIELD_ID_FOR_JWT] if (!id) return res.status(401).json({ message: 'Authorization Format Error' }) if (USE_OTP) { // Currently supports only Google Authenticator // Fido2 can be added in future return res.status(200).json({ otp: id }) } const tokens = await createToken(user) // 5 minute expire for login setTokensToHeader(res, tokens) return res.status(200).json(tokens) } catch (e) { console.log('login err', e.toString()) } return res.status(500).json() } const otp = async (req, res) => { // need to be authentication, body { id: '', pin: '123456' } try { const { id, pin } = req.body const user = await authFns.findUser({ id }) if (user) { const gaKey = user[AUTH_USER_FIELD_GAKEY] if (USE_OTP !== 'TEST' ? otplib.authenticator.check(pin, gaKey) : String(pin) === '111111') { // NOTE: expiry will be determined by authenticator itself const tokens = await createToken(user) setTokensToHeader(res, tokens) return res.status(200).json(tokens) } else { return res.status(401).json({ message: 'Error token wrong pin' }) } } } catch (e) { console.log('otp err', e.toString()) } return res.status(401).json({ message: 'Error token revoked' }) } module.exports = { logout, refresh, login, otp, }