@greenpress/auth
Version:
Express Passport authentication service
70 lines (59 loc) • 1.93 kB
text/typescript
import { Response } from 'express'
import jwt, { Secret } from 'jsonwebtoken'
import {
jwtSecret, refreshTokenSecret, tokenExpiration,
cookieTokenExpiration, cookieBaseDomain
} from '../../config';
export function verifyToken(token:string, tenant:string) {
if (!token.trim()) {
return Promise.reject()
}
return verify(token, tenant, jwtSecret)
}
export function verifyRefreshToken(refreshToken:string, tenant:string) {
return verify(refreshToken, tenant, refreshTokenSecret)
}
function verify(token:string, tenant:string, secret:Secret) {
return new Promise((resolve, reject) => {
jwt.verify(token, secret, (err, decoded) => {
if (err || !decoded || (decoded as any).tenant !== tenant) {
// the 401 code is for unauthorized status
return reject(err || { message: 'token is empty' })
}
return resolve(decoded)
})
})
}
export function getUniqueId(creationTime = Date.now().toString()) {
return creationTime + ':' + Buffer.from(Math.random().toString()).toString('base64')
}
function getCookieParameters(cookieId:string, maxAge:string) {
let cookieParams:any = { maxAge, httpOnly: true }
if (cookieBaseDomain) {
cookieParams.domain = cookieBaseDomain
cookieParams.sameSite = 'None'
cookieParams.secure = true
}
return ['token', cookieId, cookieParams]
}
export function setCookie(res:Response, cookieId:string, maxAge = cookieTokenExpiration) {
const [type, id, parameters] = getCookieParameters(cookieId, maxAge.toString())
res.cookie(type, id, parameters)
return res
}
export function getSignedToken(user:any, tokenIdentifier:string, expiresIn = tokenExpiration) {
const secretParams = {
sub: user._id,
tenant: user.tenant,
email: user.email,
name: user.name,
roles: user.roles
}
if (tokenIdentifier) {
(secretParams as any).tokenIdentifier = tokenIdentifier
}
return {
payload: secretParams,
token: jwt.sign(secretParams, jwtSecret, { expiresIn })
}
}