UNPKG

@qelos/auth

Version:

Express Passport authentication service

133 lines (132 loc) 5.74 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
"use strict"; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); const tokens_1 = require("../services/tokens"); const users_1 = require("../services/users"); const config_1 = require("../../config"); const cache_manager_1 = require("../services/cache-manager"); const req_host_1 = require("../services/req-host"); const logger_1 = __importDefault(require("../services/logger")); function oAuthVerify(req, res, next) { // get the last part from an authorization header string like "bearer token-value" const tokenHeader = req.headers.authorization || req.headers.Authorization; const token = tokenHeader.split(' ')[1]; const tenant = (req.headers.tenant = req.headers.tenant || '0'); return (0, tokens_1.verifyToken)(token, tenant) .then((payload) => setUserPayload(payload, req, next)) .catch(() => { if (token && tenant) { res.status(401).json({ message: 'authorization token is not valid.' }).end(); return; } next(); }); } function cookieVerify(req, res, next) { var _a; return __awaiter(this, void 0, void 0, function* () { // get the last part from an authorization header string like "bearer token-value" const tenant = (req.headers.tenant = req.headers.tenant || '0'); const token = (0, users_1.getCookieTokenValue)(req); if (!tenant && config_1.showLogs) { logger_1.default.log('CookieVerify requires a tenant', { url: req.url, tenanthost: req.headers.tenanthost, }); } try { const payload = yield (0, tokens_1.verifyToken)(token, tenant); const created = Number((_a = payload.tokenIdentifier) === null || _a === void 0 ? void 0 : _a.split(':')[0]); if ((Date.now() - created < config_1.cookieTokenVerificationTime) || (yield isCookieProcessed(payload.tokenIdentifier))) { setUserPayload(payload, req, next); return; } const newCookieIdentifier = (0, tokens_1.getUniqueId)(); let user; try { user = yield (0, users_1.getUserIfTokenExists)(payload.tenant, payload.sub, payload.tokenIdentifier); } catch (e) { if (yield isCookieProcessed(payload.tokenIdentifier)) { setUserPayload(payload, req, next); return; } else { throw e; } } setCookieAsProcessed(payload.tokenIdentifier).catch(logger_1.default.log); try { yield (0, users_1.updateToken)(user, 'cookie', payload, newCookieIdentifier); const { token: newToken, payload: newPayload } = (0, tokens_1.getSignedToken)(user, payload.workspace, newCookieIdentifier, String(config_1.cookieTokenExpiration / 1000)); (0, tokens_1.setCookie)(res, (0, users_1.getCookieTokenName)(req.headers.tenant), newToken, null, (0, req_host_1.getRequestHost)(req)); setUserPayload(newPayload, req, next); } catch (e) { if (yield isCookieProcessed(payload.tokenIdentifier)) { setUserPayload(payload, req, next); return; } else { throw e; } } } catch (e) { logger_1.default.log('failed to handle cookie verification', e); next(); } }); } function setCookieAsProcessed(tokenIdentifier) { return __awaiter(this, void 0, void 0, function* () { yield cache_manager_1.cacheManager.setItem(tokenIdentifier, 'tokenIdentifier', { ttl: config_1.processedCookieExpiration }); }); } function isCookieProcessed(tokenIdentifier) { return __awaiter(this, void 0, void 0, function* () { try { const res = yield cache_manager_1.cacheManager.getItem(tokenIdentifier); return !!res; } catch (err) { logger_1.default.log('failed to check isCookieProcessed', err); return false; } }); } function setUserPayload(payload, req, next) { req.userPayload = payload; req.userPayload.isPrivileged = payload.roles.some((role) => { return config_1.privilegedRoles.includes(role); }); req.activeWorkspace = payload.workspace; next(); } /** * The Auth Checker middleware function. */ exports.default = (function verifyUser(req, res, next) { const cookie = (0, users_1.getCookieTokenValue)(req); const token = req.headers.authorization || req.headers.Authorization; if (cookie) { return cookieVerify(req, res, next).catch(next); } else if (token) { return oAuthVerify(req, res, next).catch(next); } else { next(); } });