UNPKG

@teamsight/flight

Version:

Lambda life cycles

67 lines 2.71 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
"use strict"; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; Object.defineProperty(exports, "__esModule", { value: true }); const jsonwebtoken = require("jsonwebtoken"); const http_error_1 = require("../http/http-error"); class AuthIt { static process(token) { return __awaiter(this, void 0, void 0, function* () { token = token.split("Bearer ")[1]; console.log("processing token"); const decoded = jsonwebtoken.decode(token, { complete: true }); console.log("decoded", decoded); const keyId = decoded.header.kid; const secret = yield AuthIt.secrets[keyId]; jsonwebtoken.verify(token, secret, { audience: "ts", algorithms: ["HS256"] }); const result = decoded.payload; result.header = decoded.header; return result; }); } member(orgId, auth) { this.checkAuthExists(auth); if (orgId !== auth.orgId) { throw new http_error_1.HttpError(403, "not a member of the org"); } } owner(orgId, auth) { this.checkAuthExists(auth); if (orgId !== auth.orgId) { throw new http_error_1.HttpError(403, "not a member of the org"); } if (!auth.isOwner) { throw new http_error_1.HttpError(403, "not an owner of the org"); } } ownerOrUser(orgId, userId, auth) { this.checkAuthExists(auth); if (orgId !== auth.orgId) { throw new http_error_1.HttpError(403, "not a member of the org"); } if (userId !== auth.userId && !auth.isOwner) { throw new http_error_1.HttpError(403, "not the user or org owner"); } } isServer(auth) { this.checkAuthExists(auth); return auth.header.kid === "SERVER_SECRET"; } checkAuthExists(auth) { if (!auth) { throw new http_error_1.HttpError(403, "No auth token found"); } } } AuthIt.secrets = { APP_SECRET: "4b87b7ff8b3349649d0001178e4f0753", SERVER_SECRET: "3718705b43554bc6a0e2919ef48efa7a" }; exports.AuthIt = AuthIt; //# sourceMappingURL=auth-it.js.map