UNPKG

@loopback/authentication

Version:

A LoopBack component for authentication support.

loopbackio/loopback-next

158 lines (144 loc) 4.7 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
// Copyright IBM Corp. and LoopBack contributors 2018,2020. All Rights Reserved. // Node module: @loopback/authentication // This file is licensed under the MIT License. // License text available at https://opensource.org/licenses/MIT import { addExtension, Binding, BindingTemplate, Constructor, Context, extensionFor, } from '@loopback/core'; import {RedirectRoute, Request} from '@loopback/rest'; import {UserProfile} from '@loopback/security'; import {AuthenticationBindings} from './keys'; /** * Authentication metadata stored via Reflection API */ export interface AuthenticationMetadata { /** * Name of the authentication strategy */ strategy: string; /** * Options for the authentication strategy */ // eslint-disable-next-line @typescript-eslint/no-explicit-any options?: {[name: string]: any}; /** * A flag to skip authentication */ skip?: boolean; } /** * interface definition of a factory function which * accepts a user definition and returns the user profile */ export interface UserProfileFactory<U> { (user: U): UserProfile; } /** * interface definition of a function which accepts a request * and returns an authenticated user */ export interface AuthenticateFn { (request: Request): Promise<UserProfile | undefined>; } /** * Options for authentication component */ export interface AuthenticationOptions { /** * Default authentication metadata if a method or class is not decorated with * `@authenticate`. If not set, no default authentication will be enforced for * those methods without authentication metadata. */ defaultMetadata?: AuthenticationMetadata[]; /** * This flag allows an authentication strategy to abort the authentication by * throwing an error if `failOnError` is set to `true`. By default, the * authentication process continues to the next one even when a strategy * throws an error. If one of other strategies succeed, the error will be * discarded. */ failOnError?: boolean; } /** * An interface that describes the common authentication strategy. * * An authentication strategy is a class with an * 'authenticate' method that verifies a user's credentials and * returns the corresponding user profile. * */ export interface AuthenticationStrategy { /** * The 'name' property is a unique identifier for the * authentication strategy ( for example : 'basic', 'jwt', etc) */ name: string; /** * The 'authenticate' method takes in a given request and returns a user profile * which is an instance of 'UserProfile'. * (A user profile is a minimal subset of a user object) * If the user credentials are valid, this method should return a 'UserProfile' instance. * If the user credentials are invalid, this method should throw an error * If the user credentials are missing, this method should throw an error, or return 'undefined' * and let the authentication action deal with it. * * @param request - Express request object */ authenticate( request: Request, ): Promise<UserProfile | RedirectRoute | undefined>; } export const AUTHENTICATION_STRATEGY_NOT_FOUND = 'AUTHENTICATION_STRATEGY_NOT_FOUND'; export const USER_PROFILE_NOT_FOUND = 'USER_PROFILE_NOT_FOUND'; /** * Registers an authentication strategy as an extension of the * AuthenticationBindings.AUTHENTICATION_STRATEGY_EXTENSION_POINT_NAME extension * point. * * @param context - Context object * @param strategyClass - Class for the authentication strategy */ export function registerAuthenticationStrategy( context: Context, strategyClass: Constructor<AuthenticationStrategy>, ): Binding<unknown> { return addExtension( context, AuthenticationBindings.AUTHENTICATION_STRATEGY_EXTENSION_POINT_NAME, strategyClass, { namespace: AuthenticationBindings.AUTHENTICATION_STRATEGY_EXTENSION_POINT_NAME, }, ); } /** * A binding template for auth strategy contributor extensions */ export const asAuthStrategy: BindingTemplate = binding => { extensionFor( AuthenticationBindings.AUTHENTICATION_STRATEGY_EXTENSION_POINT_NAME, )(binding); binding.tag({ namespace: AuthenticationBindings.AUTHENTICATION_STRATEGY_EXTENSION_POINT_NAME, }); }; /** * Get the authentication metadata object for the specified strategy. * * @param metadata - Array of authentication metadata objects * @param strategyName - Name of the authentication strategy */ export function getAuthenticationMetadataForStrategy( metadata: AuthenticationMetadata[], strategyName: string, ): AuthenticationMetadata | undefined { return metadata.find(data => data.strategy === strategyName); }