@getanthill/datastore/dist/api/middleware/authenticate.js

Event-Sourced Datastore

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.authenticate = exports.isAuthorized = exports.getAuthorizationToken = exports.getTokensByRole = void 0;
function getTokensByRole(config, role) {
    const levels = ['read', 'decrypt', 'write', 'admin'];
    while (levels.length > 0) {
        if (role === levels[0]) {
            return config.filter((access) => levels.includes(access.level));
            // .map((access) => access.token);
        }
        levels.shift();
    }
    return [];
}
exports.getTokensByRole = getTokensByRole;
function getAuthorizationToken(req) {
    return (req.cookies?.token ??
        req.header('Authorization') ??
        req.query.token);
}
exports.getAuthorizationToken = getAuthorizationToken;
function isAuthorized(tokens, token) {
    return tokens.find((t) => t.token === token);
}
exports.isAuthorized = isAuthorized;
function authenticate(tokens) {
    return (req, res, next) => {
        // @ts-ignore
        if (res.body) {
            return next();
        }
        const token = getAuthorizationToken(req);
        if (token === req.query.token) {
            delete req.query.token;
        }
        if (!token) {
            return next({
                status: 401,
                message: 'Unauthenticated',
            });
        }
        const access = isAuthorized(tokens, token);
        if (access) {
            res.locals.id = access.id;
            res.locals.level = access.level;
            return next();
        }
        return next({
            status: 403,
            message: 'Unauthorized',
        });
    };
}
exports.authenticate = authenticate;
//# sourceMappingURL=authenticate.js.map