@mvx/identity
Version:
identity is oidc for mvc, type-mvc is base on koa. Decorator, Ioc, AOP mvc framework on server.
260 lines (258 loc) • 11 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.JwtRequest = exports.JwtStrategy = void 0;
var tslib_1 = require("tslib");
var ioc_1 = require("@tsdi/ioc");
var components_1 = require("@tsdi/components");
var Strategy_1 = require("./Strategy");
var results_1 = require("./results");
var url = require("url");
var jwt = require("jsonwebtoken");
/**
* Jwt authenticate strategy
*/
var JwtStrategy = /** @class */ (function (_super) {
tslib_1.__extends(JwtStrategy, _super);
function JwtStrategy() {
return _super !== null && _super.apply(this, arguments) || this;
}
JwtStrategy.prototype.onAfterInit = function () {
return tslib_1.__awaiter(this, void 0, void 0, function () {
var _this = this;
return tslib_1.__generator(this, function (_a) {
if (!this.name) {
this.name = 'jwt';
}
if (this.secretOrKey) {
if (this.secretOrKeyProvider) {
throw new TypeError('JwtStrategy has been given both a secretOrKey and a secretOrKeyProvider');
}
this.secretOrKeyProvider = function (request, rawJwtToken) { return tslib_1.__awaiter(_this, void 0, void 0, function () {
return tslib_1.__generator(this, function (_a) {
return [2 /*return*/, this.secretOrKey];
});
}); };
}
if (!this.secretOrKeyProvider) {
throw new TypeError('JwtStrategy requires a secret or key');
}
if (!this.verify) {
throw new TypeError('JwtStrategy requires a verify');
}
if (!this.jwtFromRequest) {
throw new TypeError('JwtStrategy requires a function to retrieve jwt from requests (see option jwtFromRequest)');
}
return [2 /*return*/];
});
});
};
JwtStrategy.prototype.authenticate = function (ctx, options) {
return tslib_1.__awaiter(this, void 0, void 0, function () {
var token, secretOrKey, _a, payload, _b, user, info;
var _this = this;
return tslib_1.__generator(this, function (_c) {
switch (_c.label) {
case 0:
token = this.jwtFromRequest(ctx.request);
if (!token) {
return [2 /*return*/, new results_1.FailResult('No auth token', 401)];
}
_a = this;
return [4 /*yield*/, this.secretOrKeyProvider(ctx.request, token)];
case 1:
secretOrKey = _a.secretOrKey = _c.sent();
return [4 /*yield*/, new Promise(function (r, j) {
jwt.verify(token, secretOrKey, {
audience: _this.audience,
issuer: _this.issuer,
algorithms: _this.algorithms,
ignoreExpiration: _this.ignoreExpiration
}, function (err, decoded) {
if (err) {
j(err);
}
else {
r(decoded);
}
});
})];
case 2:
payload = _c.sent();
return [4 /*yield*/, this.verify(payload, ctx)];
case 3:
_b = _c.sent(), user = _b.user, info = _b.info;
if (!user) {
// TODO, not sure 401 is the correct meaning
return [2 /*return*/, new results_1.FailResult(info, 401)];
}
return [2 /*return*/, new results_1.SuccessResult(options, user, info)];
}
});
});
};
JwtStrategy.prototype.sign = function (payload, secretOrKey, options) {
var defer = ioc_1.PromiseUtil.defer();
jwt.sign(payload, secretOrKey || this.secretOrKey, tslib_1.__assign({ audience: this.audience, issuer: this.issuer }, (options || {})
// ignoreExpiration: this.ignoreExpiration
), function (err, decoded) {
if (err) {
defer.reject(err);
}
else {
defer.resolve(decoded);
}
});
return defer.promise;
};
JwtStrategy.ρAnn = function () {
return { "name": "JwtStrategy", "params": { "authenticate": ["ctx", "options"], "sign": ["payload", "secretOrKey", "options"] } };
};
tslib_1.__decorate([
components_1.Input(),
tslib_1.__metadata("design:type", Function)
], JwtStrategy.prototype, "verify", void 0);
tslib_1.__decorate([
components_1.Input(),
tslib_1.__metadata("design:type", String)
], JwtStrategy.prototype, "issuer", void 0);
tslib_1.__decorate([
components_1.Input(),
tslib_1.__metadata("design:type", Object)
], JwtStrategy.prototype, "audience", void 0);
tslib_1.__decorate([
components_1.Input(),
tslib_1.__metadata("design:type", Array)
], JwtStrategy.prototype, "algorithms", void 0);
tslib_1.__decorate([
components_1.Input(),
tslib_1.__metadata("design:type", Boolean)
], JwtStrategy.prototype, "ignoreExpiration", void 0);
tslib_1.__decorate([
components_1.Input(),
tslib_1.__metadata("design:type", Object)
], JwtStrategy.prototype, "secretOrKey", void 0);
tslib_1.__decorate([
components_1.Input(),
tslib_1.__metadata("design:type", Function)
], JwtStrategy.prototype, "secretOrKeyProvider", void 0);
tslib_1.__decorate([
components_1.Input(),
tslib_1.__metadata("design:type", Function)
], JwtStrategy.prototype, "jwtFromRequest", void 0);
JwtStrategy = tslib_1.__decorate([
components_1.Component({
selector: 'jwt'
})
], JwtStrategy);
return JwtStrategy;
}(Strategy_1.Strategy));
exports.JwtStrategy = JwtStrategy;
var matcExp = /(\S+)\s+(\S+)/;
function parseAuthHeader(hdrValue) {
if (typeof hdrValue !== 'string') {
return null;
}
var matches = hdrValue.match(matcExp);
return matches && { scheme: matches[1], value: matches[2] };
}
// Note: express http converts all headers
// to lower case.
var AUTH_HEADER = 'authorization', LEGACY_AUTH_SCHEME = 'JWT', BEARER_AUTH_SCHEME = 'bearer';
var JwtRequest;
(function (JwtRequest) {
function fromHeader(headerName) {
return function (request) {
var token = null;
if (request.headers[headerName]) {
token = request.headers[headerName];
}
return token;
};
}
JwtRequest.fromHeader = fromHeader;
function fromBodyField(fieldName) {
return function (request) {
var token = null;
if (request.body && Object.prototype.hasOwnProperty.call(request.body, fieldName)) {
token = request.body[fieldName];
}
return token;
};
}
JwtRequest.fromBodyField = fromBodyField;
function fromUrlQueryParameter(paramName) {
return function (request) {
var token = null, parsedUrl = url.parse(request.url, true);
if (parsedUrl.query && Object.prototype.hasOwnProperty.call(parsedUrl.query, paramName)) {
token = parsedUrl.query[paramName];
}
return token;
};
}
JwtRequest.fromUrlQueryParameter = fromUrlQueryParameter;
function fromAuthHeaderWithScheme(authScheme) {
var authSchemeLower = authScheme.toLowerCase();
return function (request) {
var token = null;
if (request.headers[AUTH_HEADER]) {
var authParams = parseAuthHeader(request.headers[AUTH_HEADER]);
if (authParams && authSchemeLower === authParams.scheme.toLowerCase()) {
token = authParams.value;
}
}
return token;
};
}
JwtRequest.fromAuthHeaderWithScheme = fromAuthHeaderWithScheme;
function fromAuthHeaderAsBearerToken() {
return fromAuthHeaderWithScheme(BEARER_AUTH_SCHEME);
}
JwtRequest.fromAuthHeaderAsBearerToken = fromAuthHeaderAsBearerToken;
function fromExtractors(extractors) {
if (!Array.isArray(extractors)) {
throw new TypeError('export function fromExtractors expects an array');
}
return function (request) {
var token = null;
var index = 0;
while (!token && index < length) {
token = extractors[index].call(this, request);
index++;
}
return token;
};
}
JwtRequest.fromExtractors = fromExtractors;
/**
* This extractor mimics the behavior of the v1.*.* extraction logic.
*
* This extractor exists only to provide an easy transition from the v1.*.* API to the v2.0.0
* API.
*
* This extractor first checks the auth header, if it doesn't find a token there then it checks the
* specified body field and finally the url query parameters.
*
* @param options
* authScheme: Expected scheme when JWT can be found in HTTP Authorize header. Default is JWT.
* tokenBodyField: Field in request body containing token. Default is auth_token.
* tokenQueryParameterName: Query parameter name containing the token. Default is auth_token.
*/
function versionOneCompatibility(options) {
var authScheme = options.authScheme || LEGACY_AUTH_SCHEME, bodyField = options.tokenBodyField || 'auth_token', queryParam = options.tokenQueryParameterName || 'auth_token';
return function (request) {
var authHeaderExtractor = fromAuthHeaderWithScheme(authScheme);
var token = authHeaderExtractor(request);
if (!token) {
var bodyExtractor = fromBodyField(bodyField);
token = bodyExtractor(request);
}
if (!token) {
var queryExtractor = fromUrlQueryParameter(queryParam);
token = queryExtractor(request);
}
return token;
};
}
JwtRequest.versionOneCompatibility = versionOneCompatibility;
})(JwtRequest = exports.JwtRequest || (exports.JwtRequest = {}));
//# sourceMappingURL=../sourcemaps/passports/JwtStrategy.js.map