UNPKG

@paroicms/server

Version:

The ParoiCMS server

gitlab.com/paroi/opensource/paroicms

71 lines 2.31 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
import { isObj } from "@paroicms/public-anywhere-lib"; import { ApiError } from "@paroicms/public-server-lib"; import passport from "passport"; import { jwtExpiresIn, jwtSecret, platformJwtSecret } from "../../context.js"; const { sign, verify } = (await import("jsonwebtoken")).default; export function authGuard(httpContext) { const { req } = httpContext; const authorization = req.headers.authorization; if (!authorization || !authorization.startsWith("Bearer ")) { throw new ApiError("Unauthorized", 401); } const token = authorization.substring(7); let payload; try { payload = verify(token, jwtSecret); } catch { throw new ApiError("Unauthorized", 401); } if (payload.fqdn !== req.hostname) { throw new ApiError("Not the right token", 403); } return payload; } export function googleAuthGuard(req, res) { return new Promise((resolve, reject) => { passport.authenticate("google", { session: false }, (err, user, _info) => { if (err || !user || !isGoogleUser(user)) { reject(new ApiError("Unauthorized", 401)); return; } resolve(user); })(req, res); }); } function isGoogleUser(user) { return isObj(user) && typeof user.email === "string"; } export function verifyAccessToken(token) { try { return verify(token, jwtSecret); } catch { throw new ApiError("Invalid token", 401); } } export function verifyPlatformToken(platformToken) { if (!platformJwtSecret) { throw new ApiError("Platform token not set", 401); } try { const payload = verify(platformToken, platformJwtSecret); if (!payload?.email) { throw new ApiError("email not found in token payload", 500); } return payload; } catch { throw new ApiError("Invalid platform token", 401); } } export function generateAccessToken(payload) { return sign(payload, jwtSecret, { expiresIn: jwtExpiresIn }); } export function generatePlatformToken(payload) { if (!platformJwtSecret) { throw new ApiError("Platform token not set", 401); } return sign(payload, platformJwtSecret, { expiresIn: "7d" }); } //# sourceMappingURL=auth.helper.js.map