UNPKG

@sigiljs-community/auth-plugin

Version:

Plugin for SigilJS framework that provides authentication with JWT-like tokens

github.com/sigiljs-community/auth-plugin

sigiljs-community/auth-plugin

104 lines (103 loc) 3.4 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
import { SigilPlugin as o } from "@sigiljs/sigil"; import * as s from "crypto"; import r from "./web-tokens-controller.mjs"; class a extends o { static name = "AuthPlugin"; #e; constructor() { super(), this.$pluginConfig.secretKey ? this.logger({ level: "info", message: "Successfully configured authentication plugin", json: { milestone: "secret", ok: !0 } }) : (this.logger({ level: "warning", message: "No secret key found for web tokens generation, temporary key will be generated", json: { milestone: "secret", ok: !1 } }), this.logger({ level: "warning", message: "It is strongly recommended to avoid starting application without secret key in production environments" })); const e = this.$pluginConfig.secretKey || s.randomBytes(32); this.#e = new r(e), this.$pluginConfig.secretKey = Buffer.from(""); } onInitialize() { if (!this.$pluginConfig.protectedRoutes || this.$pluginConfig.protectedRoutes.length === 0) { this.logger({ level: "warning", message: "Authentication middleware not configured, you'll need to manually set up modifiers for each protected route", condition: !this.$pluginConfig.secretKey, json: { milestone: "middleware", ok: !1 } }); return; } else this.logger({ level: "info", message: `Successfully configured authentication middleware for ${this.$pluginConfig.protectedRoutes.length} protected route(s)`, condition: !this.$pluginConfig.secretKey, json: { milestone: "middleware", ok: !0 } }); this.sigil.addMiddleware(async (e, t) => { if (!this.$pluginConfig.protectedRoutes?.some((n) => e.path.startsWith(n))) return; const i = e.headers.get("authorization"); if (!i || !this.verifyAccessToken(i)) return t.forbidden(); }); } /** * Issue new access token with specified payload * * @param payload access token payload * @param expiresIn * @returns {string} generated access token */ issueAccessToken(e, t) { return this.#e.issueWebToken(e, t); } /** * Issue new refresh token * * @returns {{refreshToken: string, refreshTokenHash: string}} generated refresh token */ issueRefreshToken() { return this.#e.issueRefreshToken(); } /** * Check if specified access token is valid * * @param {string} token access token * @param allowExpired if true, valid tokens will still valid even if expired * @returns {boolean} is valid */ verifyAccessToken(e, t) { return this.#e.verifyWebToken(e, t); } /** * Check refresh token integrity with stored hash * * @param {string} hash stored hash * @param {string} token refresh token * @returns {boolean} is valid */ verifyRefreshToken(e, t) { return this.#e.verifyRefreshToken(e, t); } /** * Decode specified access token * * @param {string} token access token to decode * @returns {TokenPayload | null} decode access token payload or null if in invalid format */ decodeWebToken(e) { return this.#e.decodeWebToken(e); } /** * @internal */ __$getAuthHeaders() { return { refreshTokenHeader: this.$pluginConfig.authHeaders?.refreshToken || "X-Sigil-Refresh-Token", accessTokenHeader: this.$pluginConfig.authHeaders?.accessToken || "Authorization" }; } } export { a as default };