@jvhaile/loopback4-helper/src/auth/services/authentication.service.js

Helper components and tools for loopback 4.

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.AuthenticationService = void 0;
const tslib_1 = require("tslib");
const core_1 = require("@loopback/core");
const jwt_service_1 = require("./jwt.service");
const rest_1 = require("@loopback/rest");
const repository_1 = require("@loopback/repository");
const __1 = require("..");
const __2 = require("..");
const __3 = require("..");
const firebase_service_1 = require("./firebase.service");
const keys_1 = require("../keys");
const _ = require('lodash');
let AuthenticationService = class AuthenticationService {
    constructor(firebaseService, jwtService, userRepository, sessionRepository) {
        this.firebaseService = firebaseService;
        this.jwtService = jwtService;
        this.userRepository = userRepository;
        this.sessionRepository = sessionRepository;
    }
    async signInWithIdToken(firebaseCredential, userExtra, source, allowCreateFromFirebase = false, allowedRoles) {
        var _a;
        let newUser = false;
        const firebaseUser = await this.firebaseService.verifyIdTokenAndGetFirebaseUser(firebaseCredential.firebaseIdToken);
        let user = await this.userRepository.findOne({
            where: new repository_1.WhereBuilder().or([
                new repository_1.WhereBuilder().eq('firebaseUserId', firebaseUser.uid).build(),
                ...(firebaseUser.email ? [new repository_1.WhereBuilder().and([
                        new repository_1.WhereBuilder().eq('email', firebaseUser.email).build(),
                        new repository_1.WhereBuilder().eq('emailVerified', true).build(),
                        new repository_1.WhereBuilder().eq('role', "admin").build(),
                    ]).build()] : []),
            ]).build()
        });
        if (user == null) {
            newUser = true;
            if ((userExtra && userExtra.displayName) || (allowCreateFromFirebase && firebaseUser.displayName)) {
                const u = this.buildUser(firebaseUser, userExtra);
                user = await this.userRepository.create(u);
            }
            else {
                throw new rest_1.HttpErrors.NotFound("User not found, Please register first!");
            }
        }
        else {
            const u = this.buildUser(firebaseUser, user);
            await this.userRepository.updateById(user.id, u);
        }
        if (allowedRoles && allowedRoles.length && !allowedRoles.includes((_a = user.role) !== null && _a !== void 0 ? _a : '')) {
            throw new rest_1.HttpErrors.Forbidden("Access denied, account is not authorized for login!");
        }
        const session = await this.sessionRepository.create(new __3.BaseSession({
            userId: user.id,
            clientId: source.clientId,
            fcmToken: firebaseCredential.fcmToken,
            userAgent: source.userAgent,
            loginMethod: firebaseCredential.loginMethod,
        }));
        const token = await this.jwtService.generateToken(session.toObject());
        return {
            token,
            newUser,
            instance: await this.userRepository.findById(user.id),
        };
    }
    buildUser(firebaseUser, user) {
        const empty = {};
        return {
            ...(user !== null && user !== void 0 ? user : empty),
            firebaseUserId: firebaseUser.uid,
            displayName: (user === null || user === void 0 ? void 0 : user.displayName) || firebaseUser.displayName,
            email: (user === null || user === void 0 ? void 0 : user.email) || firebaseUser.email,
            emailVerified: (user === null || user === void 0 ? void 0 : user.emailVerified) || firebaseUser.emailVerified,
            phone: (user === null || user === void 0 ? void 0 : user.phone) || firebaseUser.phoneNumber,
            profilePhotoUrl: (user === null || user === void 0 ? void 0 : user.profilePhotoUrl) || firebaseUser.photoURL,
        };
    }
    async validateTokenAndGetSession(token, client, userAgent) {
        const decodedToken = await this.jwtService.verifyToken(token);
        const session = new __3.BaseSession(decodedToken);
        if (!session.active)
            throw new rest_1.HttpErrors.Unauthorized(`Session is deactivated.`);
        if (session.clientId != client.id || !this.userAgentMatches(session.userAgent, userAgent)) {
            throw new rest_1.HttpErrors.Unauthorized(`Session source mismatch.`);
        }
        return session;
    }
    userAgentMatches(userAgentA, userAgentB) {
        return (userAgentA === null || userAgentA === void 0 ? void 0 : userAgentA.platform) == (userAgentB === null || userAgentB === void 0 ? void 0 : userAgentB.platform);
    }
};
AuthenticationService = tslib_1.__decorate([
    core_1.injectable({ scope: core_1.BindingScope.SINGLETON }),
    tslib_1.__param(0, core_1.service(firebase_service_1.FirebaseService)),
    tslib_1.__param(1, core_1.service(jwt_service_1.JWTService)),
    tslib_1.__param(2, core_1.inject(keys_1.RepositoryBindings.USER_REPOSITORY)),
    tslib_1.__param(3, core_1.inject(keys_1.RepositoryBindings.SESSION_REPOSITORY)),
    tslib_1.__metadata("design:paramtypes", [firebase_service_1.FirebaseService,
        jwt_service_1.JWTService,
        __1.BaseUserRepository,
        __2.BaseSessionRepository])
], AuthenticationService);
exports.AuthenticationService = AuthenticationService;
//# sourceMappingURL=authentication.service.js.map