UNPKG

@greenpress/auth

Version:

Express Passport authentication service

github.com/greenpress/grenpress

greenpress/grenpress

67 lines (66 loc) 2.53 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.getSignedToken = exports.setCookie = exports.getUniqueId = exports.verifyRefreshToken = exports.verifyToken = void 0; const jsonwebtoken_1 = __importDefault(require("jsonwebtoken")); const config_1 = require("../../config"); function verifyToken(token, tenant) { if (!token.trim()) { return Promise.reject(); } return verify(token, tenant, config_1.jwtSecret); } exports.verifyToken = verifyToken; function verifyRefreshToken(refreshToken, tenant) { return verify(refreshToken, tenant, config_1.refreshTokenSecret); } exports.verifyRefreshToken = verifyRefreshToken; function verify(token, tenant, secret) { return new Promise((resolve, reject) => { jsonwebtoken_1.default.verify(token, secret, (err, decoded) => { if (err || !decoded || decoded.tenant !== tenant) { // the 401 code is for unauthorized status return reject(err || { message: 'token is empty' }); } return resolve(decoded); }); }); } function getUniqueId(creationTime = Date.now().toString()) { return creationTime + ':' + Buffer.from(Math.random().toString()).toString('base64'); } exports.getUniqueId = getUniqueId; function getCookieParameters(cookieId, maxAge) { let cookieParams = { maxAge, httpOnly: true }; if (config_1.cookieBaseDomain) { cookieParams.domain = config_1.cookieBaseDomain; cookieParams.sameSite = 'None'; cookieParams.secure = true; } return ['token', cookieId, cookieParams]; } function setCookie(res, cookieId, maxAge = config_1.cookieTokenExpiration) { const [type, id, parameters] = getCookieParameters(cookieId, maxAge.toString()); res.cookie(type, id, parameters); return res; } exports.setCookie = setCookie; function getSignedToken(user, tokenIdentifier, expiresIn = config_1.tokenExpiration) { const secretParams = { sub: user._id, tenant: user.tenant, email: user.email, name: user.name, roles: user.roles }; if (tokenIdentifier) { secretParams.tokenIdentifier = tokenIdentifier; } return { payload: secretParams, token: jsonwebtoken_1.default.sign(secretParams, config_1.jwtSecret, { expiresIn }) }; } exports.getSignedToken = getSignedToken;