UNPKG

@qelos/auth

Version:

Express Passport authentication service

76 lines (75 loc) 3.11 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.getSignedToken = exports.setCookie = exports.getUniqueId = exports.verifyRefreshToken = exports.verifyToken = void 0; const jsonwebtoken_1 = __importDefault(require("jsonwebtoken")); const config_1 = require("../../config"); function verifyToken(token, tenant) { if (!token.trim()) { return Promise.reject(); } return verify(token, tenant, config_1.jwtSecret); } exports.verifyToken = verifyToken; function verifyRefreshToken(refreshToken, tenant) { return verify(refreshToken, tenant, config_1.refreshTokenSecret); } exports.verifyRefreshToken = verifyRefreshToken; function verify(token, tenant, secret) { return new Promise((resolve, reject) => { jsonwebtoken_1.default.verify(token, secret, (err, decoded) => { if (err || !decoded || decoded.tenant !== tenant) { // the 401 code is for unauthorized status return reject(err || { message: 'token is empty' }); } return resolve(decoded); }); }); } function getUniqueId(creationTime = Date.now().toString()) { return creationTime + ':' + Buffer.from(Math.random().toString()).toString('base64'); } exports.getUniqueId = getUniqueId; function getCookieParameters(cookieId, maxAge, domain) { let cookieParams = { maxAge, httpOnly: true, path: '/api' }; if (domain || config_1.cookieBaseDomain) { cookieParams.domain = domain || config_1.cookieBaseDomain; cookieParams.sameSite = 'None'; cookieParams.secure = true; } return [cookieId, cookieParams]; } function setCookie(res, cookieName, cookieId, maxAge, domain) { const [id, parameters] = getCookieParameters(cookieId, (maxAge || config_1.cookieTokenExpiration).toString(), domain); res.cookie(cookieName, id, parameters); return res; } exports.setCookie = setCookie; function getSignedToken(user, workspace, tokenIdentifier, expiresIn = config_1.tokenExpiration) { const secretParams = { workspace: workspace ? Object.assign(Object.assign({}, workspace), { // encode workspace name that might contain special characters name: encodeURIComponent(workspace.name || '') }) : undefined, sub: user._id, tenant: user.tenant, username: user.username, email: user.email, phone: user.phone, name: encodeURIComponent(user.name), fullName: encodeURIComponent(user.fullName), firstName: encodeURIComponent(user.firstName), lastName: encodeURIComponent(user.lastName), roles: user.roles, profileImage: user.profileImage, }; if (tokenIdentifier) { secretParams.tokenIdentifier = tokenIdentifier; } return { payload: secretParams, token: jsonwebtoken_1.default.sign(secretParams, config_1.jwtSecret, { expiresIn }) }; } exports.getSignedToken = getSignedToken;