UNPKG

@greenpress/auth

Version:

Express Passport authentication service

github.com/greenpress/grenpress

greenpress/grenpress

84 lines (83 loc) 3.94 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
"use strict"; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; Object.defineProperty(exports, "__esModule", { value: true }); const tokens_1 = require("../services/tokens"); const users_1 = require("../services/users"); const config_1 = require("../../config"); const cache_manager_1 = require("../utils/cache-manager"); function oAuthVerify(req, _res, next) { // get the last part from a authorization header string like "bearer token-value" const token = req.headers.authorization.split(' ')[1]; const tenant = (req.headers.tenant = req.headers.tenant || '0'); return (0, tokens_1.verifyToken)(token, tenant) .then((payload) => setUserPayload(payload, req, next)) .catch(() => { next(); }); } function cookieVerify(req, res, next) { var _a; return __awaiter(this, void 0, void 0, function* () { // get the last part from a authorization header string like "bearer token-value" const token = req.signedCookies.token || req.cookies.token; const tenant = (req.headers.tenant = req.headers.tenant || '0'); try { const payload = yield (0, tokens_1.verifyToken)(token, tenant); const created = Number((_a = payload.tokenIdentifier) === null || _a === void 0 ? void 0 : _a.split(':')[0]); if ((Date.now() - created < config_1.cookieTokenVerificationTime) || (yield isCookieProcessed(payload.tokenIdentifier))) { setUserPayload(payload, req, next); return; } const newCookieIdentifier = (0, tokens_1.getUniqueId)(); const [user] = yield Promise.all([ (0, users_1.getUserIfTokenExists)(payload.tenant, payload.sub, payload.tokenIdentifier), setCookieAsProcessed(payload.tokenIdentifier) ]); yield (0, users_1.updateToken)(user, 'cookie', payload.tokenIdentifier, newCookieIdentifier); const { token: newToken, payload: newPayload } = (0, tokens_1.getSignedToken)(user, newCookieIdentifier, String(config_1.cookieTokenExpiration / 1000)); (0, tokens_1.setCookie)(res, newToken); setUserPayload(newPayload, req, next); } catch (e) { next(); } }); } function setCookieAsProcessed(tokenIdentifier) { return __awaiter(this, void 0, void 0, function* () { yield cache_manager_1.cacheManager.setItem(tokenIdentifier, 'tokenIdentifier', { ttl: config_1.processedCookieExpiration }); }); } function isCookieProcessed(tokenIdentifier) { return __awaiter(this, void 0, void 0, function* () { const res = yield cache_manager_1.cacheManager.getItem(tokenIdentifier); return res !== undefined ? true : false; }); } function setUserPayload(payload, req, next) { req.userPayload = payload; req.userPayload.isPrivileged = payload.roles.some((role) => config_1.privilegedRoles.includes(role)); next(); } /** * The Auth Checker middleware function. */ exports.default = (function verifyUser(req, res, next) { if (req.cookies.token || req.signedCookies.token) { cookieVerify(req, res, next).catch(next); } else if (req.headers.authorization) { oAuthVerify(req, res, next).catch(next); } else { next(); } });