@jvhaile/loopback4-helper/src/auth/auth-strategy.js

Helper components and tools for loopback 4.

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.AuthStrategy = void 0;
const tslib_1 = require("tslib");
const authentication_1 = require("@loopback/authentication");
const core_1 = require("@loopback/core");
const rest_1 = require("@loopback/rest");
const security_1 = require("@loopback/security");
const core_2 = require("@loopback/core");
const authentication_service_1 = require("./services/authentication.service");
const keys_1 = require("./keys");
const base_user_repository_1 = require("./repositories/base.user.repository");
const base_session_repository_1 = require("./repositories/base.session.repository");
const base_client_repository_1 = require("./repositories/base.client.repository");
let AuthStrategy = class AuthStrategy {
    constructor(authenticationService, getMetaData, userRepository, clientRepository, sessionRepository) {
        this.authenticationService = authenticationService;
        this.getMetaData = getMetaData;
        this.userRepository = userRepository;
        this.clientRepository = clientRepository;
        this.sessionRepository = sessionRepository;
        this.name = 'remit';
    }
    async getMeta() {
        const meta = await this.getMetaData();
        if (meta) {
            if (meta.forEach) {
                return meta.length ? meta[0] : null;
            }
            return meta;
        }
        return null;
    }
    async authenticate(request) {
        var _a, _b, _c, _d;
        const apiKey = request.header('apiKey');
        // @ts-ignore
        const userAgent = request.headers['parsed-user-agent'];
        const client = await this.validateClient(apiKey);
        const meta = await this.getMeta();
        if ((_a = meta === null || meta === void 0 ? void 0 : meta.options) === null || _a === void 0 ? void 0 : _a.passUserAuth)
            return {
                [security_1.securityId]: '',
                client: client
            };
        const token = this.extractTokenFromHeader(request);
        const session = await this.authenticationService.validateTokenAndGetSession(token, client, userAgent);
        const user = await this.userRepository.findById(session.userId);
        const allowedRoles = (_c = (_b = meta === null || meta === void 0 ? void 0 : meta.options) === null || _b === void 0 ? void 0 : _b.allowedRoles) !== null && _c !== void 0 ? _c : [];
        if (allowedRoles && allowedRoles.length && !allowedRoles.includes((_d = user.role) !== null && _d !== void 0 ? _d : '')) {
            throw new rest_1.HttpErrors.Forbidden("Access denied, account is not authorized for this action!");
        }
        return {
            [security_1.securityId]: session.id,
            client,
            session,
            user
        };
    }
    async validateClient(apiKey) {
        //todo client platform verification
        if (!apiKey)
            throw new rest_1.HttpErrors.Unauthorized(`API Key required.`);
        if (typeof apiKey != "string")
            throw new rest_1.HttpErrors.Unauthorized(`Invalid API Key format.`);
        const client = await this.clientRepository.findOne({ where: { apiKey } });
        if (!client)
            throw new rest_1.HttpErrors.Unauthorized(`Invalid API Key.`);
        if (!client.active)
            throw new rest_1.HttpErrors.Unauthorized(`API Key is disabled.`);
        return client;
    }
    extractTokenFromHeader(request) {
        if (!request.headers.authorization) {
            throw new rest_1.HttpErrors.Unauthorized(`Authorization header not found.`);
        }
        const authHeaderValue = request.headers.authorization;
        if (!authHeaderValue.startsWith('Bearer')) {
            throw new rest_1.HttpErrors.Unauthorized(`Authorization header is not of type 'Bearer'.`);
        }
        //split the string into 2 parts : 'Bearer ' and the `xxx.yyy.zzz`
        const parts = authHeaderValue.split(' ');
        if (parts.length !== 2)
            throw new rest_1.HttpErrors.Unauthorized(`Authorization header value has too many parts. It must follow the pattern: 'Bearer xx.yy.zz' where xx.yy.zz is a valid JWT token.`);
        return parts[1];
    }
};
AuthStrategy = tslib_1.__decorate([
    tslib_1.__param(0, core_1.service(authentication_service_1.AuthenticationService)),
    tslib_1.__param(1, core_2.inject.getter(authentication_1.AuthenticationBindings.METADATA)),
    tslib_1.__param(2, core_2.inject(keys_1.RepositoryBindings.USER_REPOSITORY)),
    tslib_1.__param(3, core_2.inject(keys_1.RepositoryBindings.CLIENT_REPOSITORY)),
    tslib_1.__param(4, core_2.inject(keys_1.RepositoryBindings.SESSION_REPOSITORY)),
    tslib_1.__metadata("design:paramtypes", [authentication_service_1.AuthenticationService, Function, base_user_repository_1.BaseUserRepository,
        base_client_repository_1.BaseClientRepository,
        base_session_repository_1.BaseSessionRepository])
], AuthStrategy);
exports.AuthStrategy = AuthStrategy;
//# sourceMappingURL=auth-strategy.js.map