UNPKG

@greenpress/auth

Version:

Express Passport authentication service

github.com/greenpress/grenpress

greenpress/grenpress

94 lines (84 loc) 3.13 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
import { verifyToken, getUniqueId, setCookie, getSignedToken, } from '../services/tokens'; import { getUserIfTokenExists, updateToken } from '../services/users'; import { cookieTokenExpiration, privilegedRoles, cookieTokenVerificationTime, processedCookieExpiration } from '../../config'; import { NextFunction, RequestHandler, Response } from 'express'; import { AuthRequest } from '../../types'; import { cacheManager } from "../utils/cache-manager"; function oAuthVerify(req: AuthRequest, _res: Response, next: NextFunction): Promise<void> { // get the last part from a authorization header string like "bearer token-value" const token = req.headers.authorization!.split(' ')[1]; const tenant = (req.headers.tenant = req.headers.tenant as string || '0'); return verifyToken(token, tenant) .then((payload) => setUserPayload(payload, req, next)) .catch(() => { next(); }); } async function cookieVerify(req: AuthRequest, res: Response, next: NextFunction): Promise<void> { // get the last part from a authorization header string like "bearer token-value" const token = req.signedCookies.token || req.cookies.token; const tenant = (req.headers.tenant = req.headers.tenant as string || '0'); try { const payload: any = await verifyToken(token, tenant); const created = Number(payload.tokenIdentifier?.split(':')[0]); if ((Date.now() - created < cookieTokenVerificationTime) || await isCookieProcessed(payload.tokenIdentifier)) { setUserPayload(payload, req, next); return; } const newCookieIdentifier = getUniqueId(); const [user] = await Promise.all([ getUserIfTokenExists( payload.tenant, payload.sub, payload.tokenIdentifier ), setCookieAsProcessed(payload.tokenIdentifier) ]); await updateToken( user, 'cookie', payload.tokenIdentifier, newCookieIdentifier ); const { token: newToken, payload: newPayload } = getSignedToken( user, newCookieIdentifier, String(cookieTokenExpiration / 1000) ); setCookie(res, newToken); setUserPayload(newPayload, req, next); } catch (e) { next(); } } async function setCookieAsProcessed(tokenIdentifier: string) { await cacheManager.setItem(tokenIdentifier, 'tokenIdentifier', {ttl: processedCookieExpiration}); } async function isCookieProcessed(tokenIdentifier: string) { const res = await cacheManager.getItem(tokenIdentifier); return res !== undefined ? true : false; } function setUserPayload(payload: any, req: AuthRequest, next: NextFunction) { req.userPayload = payload; req.userPayload.isPrivileged = payload.roles.some((role: string) => privilegedRoles.includes(role) ); next(); } /** * The Auth Checker middleware function. */ export default <RequestHandler>function verifyUser(req: AuthRequest, res: Response, next: NextFunction) { if (req.cookies.token || req.signedCookies.token) { cookieVerify(req, res, next).catch(next); } else if (req.headers.authorization) { oAuthVerify(req, res, next).catch(next); } else { next(); } };