alapa
Version:
A cutting-edge web development framework designed to revolutionize the way developers build modern web applications.
205 lines (204 loc) • 7.41 kB
JavaScript
;
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.Auth = void 0;
/* eslint-disable @typescript-eslint/no-explicit-any */
// import DatabaseConnection from "../../database/connections";
const globals_1 = require("../../shared/globals");
const crypto = __importStar(require("crypto"));
const hashing_1 = require("../hashing");
const data_1 = require("../../data");
const utils_1 = require("../../utils");
const api_1 = require("../../api");
class Auth {
static user = null;
static async check(req) {
const user = this.user;
return user.id == req.session.userId;
}
static async apiBasicAuth(username, password) {
const attempt = await this.attempt(username, password);
if (attempt.success) {
const jwt = await api_1.JWT.generateToken({
username,
password,
});
return {
success: true,
token: jwt.token,
user: attempt.user,
expiresAt: jwt.expiresAt,
};
}
return {
success: false,
error: {
message: attempt.errorMessage,
reasons: attempt.reason,
},
};
}
static async getUserFromDB(username) {
const authModel = new globals_1.GlobalConfig.auth.authenticatableModel();
if (authModel instanceof data_1.AuthenticatableModel) {
const user = await globals_1.GlobalConfig.auth.authenticatableModel
.createQueryBuilder("user")
.where("user.email = :username OR user.phoneNumber = :username OR user.id = :username OR user.username = :username", { username })
.getOne();
this.user = user;
return user;
}
else {
utils_1.Logger.error("Model is not Authenticatable");
}
return null;
}
static async authenticate(user, req, res, rememberMe = false) {
user = user || this.user;
if (user) {
this.user = user;
}
const loginToken = crypto.randomBytes(32).toString("hex");
const cookieExpires = new Date(Date.now() + 360 * 24 * 60 * 60 * 1000); // One year
// Set session and user properties
req.session.userId = user.id;
req.session.loginToken = loginToken;
// Set secure cookies if rememberMe is true
if (rememberMe) {
res.cookie("user", user.id, {
expires: cookieExpires,
httpOnly: true,
secure: true,
sameSite: "strict",
});
res.cookie("token", hashing_1.HashPassword.encrypt(user.password), {
expires: cookieExpires,
httpOnly: true,
secure: true,
sameSite: "strict",
});
}
let afterLogin = "";
if (req.query.next) {
afterLogin = req.query.next.toString();
}
else {
afterLogin = globals_1.GlobalConfig.auth.dashboardUrl || "/dashboard";
delete req.session.afterLogin;
}
return afterLogin;
}
static async withCookies(user, req, res) {
user = user || this.user;
const token = req.cookies["userToken"];
if (user && (await hashing_1.HashPassword.verify(token, user.password))) {
const authenticate = await this.authenticate(user, req, res, true);
if (authenticate !== false) {
return {
success: true,
destination: authenticate,
};
}
}
return {
success: false,
message: "Invalid Cookies",
};
}
static async attempt(username, password, ...when) {
const user = await this.getUserFromDB(username);
if (!user) {
return {
success: false,
errorMessage: "User not found",
user,
};
}
for (const fun of when) {
const callback = await fun(user);
if (callback.success === false) {
return callback;
}
}
if (!password) {
return { success: false, errorMessage: "Please enter a valid password." };
}
if (!(await hashing_1.HashPassword.verify(password, user.password))) {
return { success: false, errorMessage: "Invalid username or password." };
}
if (!user.isActive) {
return {
success: false,
errorMessage: "Your account is disabled, please contact the admin.",
};
}
return { success: true, user: user };
}
static login = async (user, req, res, rememberMe = false) => {
const authenticate = await this.authenticate(user, req, res, rememberMe);
if (authenticate !== false) {
return {
success: true,
destination: authenticate,
};
}
return {
success: false,
};
};
static logout = (req, res, destroySession = true) => {
return new Promise((resolve, reject) => {
delete req.session.afterLogin;
delete req.session.loginToken;
delete req.session.userId;
delete req.session.user;
Auth.user = null;
req.authenticated = false;
req.user = null;
res.clearCookie("user");
res.clearCookie("token");
if (destroySession) {
req.session.destroy((err) => {
if (err) {
console.error("Failed to destroy session during logout", err);
reject(false);
}
else {
resolve(true);
}
});
}
});
};
static get isAdmin() {
// Logic to check if the authenticated user is an admin
return Auth.user.username === "admin"; // Replace with actual admin check logic
}
static get userRole() {
// Logic to get the authenticated user's role
return "admin"; // Replace with actual role check logic
}
}
exports.Auth = Auth;