UNPKG

cor-base-service

Version:

Library build upon COR web services. Handles authN/authZ, standarizes logging and error messages

github.com/dimitris-zervas/cor-base-service-js

dimitris-zervas/cor-base-service-js

62 lines (61 loc) 2.52 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.getTokenFromWebSocket = exports.verifyJWT = exports.getSigningKey = exports.getTokenFromHeader = void 0; const jwt_decode_1 = __importDefault(require("jwt-decode")); const jwks_rsa_1 = __importDefault(require("jwks-rsa")); const jsonwebtoken_1 = __importDefault(require("jsonwebtoken")); const errors_1 = require("../errors"); function getTokenFromHeader(req) { let authHeader = req.get("Authorization"); if (Array.isArray(authHeader)) { authHeader = authHeader[0]; } return authHeader?.split("Bearer ").pop(); } exports.getTokenFromHeader = getTokenFromHeader; const getSigningKey = async (jwksUri, token, logger) => { const idpClient = (0, jwks_rsa_1.default)({ jwksUri, requestHeaders: {}, timeout: 30000 }); const decodedHeader = (0, jwt_decode_1.default)(token); const kid = decodedHeader.kid; const key = await idpClient.getSigningKey(kid).catch((error) => { logger.error({ token, kid, idpClient, error }, "Error retrieving signing key"); throw (0, errors_1.InternalServerError)(); }); return key.getPublicKey(); }; exports.getSigningKey = getSigningKey; const verifyJWT = async (jwksUri, token, logger) => { const signingKey = await (0, exports.getSigningKey)(jwksUri, token, logger); const payload = jsonwebtoken_1.default.verify(token, signingKey); // TODO: Check the iss and other claims here!!! return payload; }; exports.verifyJWT = verifyJWT; /** * * @param req The HTTP IncomingMessage object * @param logger * @returns * @description Will look for a token in the Authorization header, and if not found, will look for a query parameter named accessToken */ const getTokenFromWebSocket = (req, logger) => { let token = req.headers.authorization?.split("Bearer ").pop(); if (!token || token === "") { logger.debug({ token }, "Token not found in header, looking for query parameters"); const location = new URL(req.url, `http://${req.headers.host}`); const headerToken = location.searchParams.get("accessToken"); if (headerToken !== null) { logger.debug("Token found in query parameter"); token = headerToken; } } return token; }; exports.getTokenFromWebSocket = getTokenFromWebSocket;