UNPKG

dm-tools

Version:

Dev Mentor Project Creator Tools

github.com/devmentor416/dm-tools

devmentor416/dm-tools

135 lines (122 loc) 3.34 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
import express from 'express'; import fs from 'node:fs'; import jwt from 'jsonwebtoken'; import log from '../util/logger'; import {JWT_TOKEN_SECRET} from '../util/secret'; /** * Load keys to sign token and verify it. * In a real app the authentication would be performed on a separate server. */ let privateKey: string; let publicKey: string; try { log.info('Loading keys'); publicKey = fs.readFileSync('./key/jwt.pub', 'utf8'); privateKey = fs.readFileSync('./key/jwt.key', 'utf8'); log.info('Loaded keys'); } catch (err) { log.error('Unable to load keys'); process.exit(-1); } /** * Define sample JWT controller. */ export const routerJWT = express.Router(); /** * Sign JWT using a secret, return using a cookie. */ routerJWT.post('/login/secret', (req, res) => { try { const user = req.body.name; const jwtToken = jwt.sign( {name: user, exp: Math.floor(Date.now() / 1000) + 5}, JWT_TOKEN_SECRET, ); res.cookie('jwt', jwtToken); res.json({jwt: jwtToken}); } catch (err) { log.error('Failed to sign key'); } }); /** * Sign JWT using a private SSL key, return using a cookie. */ routerJWT.post('/login/key', (req, res) => { try { const user = req.body.name; const jwtToken = jwt.sign( {name: user, exp: Math.floor(Date.now() / 1000) + 20}, privateKey, {algorithm: 'RS256'}, ); res.cookie('jwt', jwtToken); res.json({jwt: jwtToken}); } catch (err) { log.error('Failed to sign key'); } }); /** * Verify JWT using a secret, using a cookie. */ routerJWT.get('/protected/secret', (req, res) => { const jwtToken = req.cookies.jwt ?? ''; log.info('jwt: ', jwtToken); try { const jwtDecoded = jwt.verify(jwtToken, JWT_TOKEN_SECRET); // if token alg != RS256, err == invalid signature if (jwtDecoded && jwtDecoded['name'] === 'Rajinder') { res.send('Passed'); } else { log.error('Invalid User'); res.status(403).send('Invalid User'); } } catch (ex) { log.error('Invalid User'); res.status(403).send('Invalid User'); } }); /** * Verify JWT using a SSL public key, using a cookie. */ routerJWT.get('/protected/key', (req, res) => { const jwtToken = req.cookies.jwt ?? ''; log.info('jwt: ', jwtToken); jwt.verify( jwtToken, publicKey, {algorithms: ['RS256']}, function (err, jwtDecoded) { // if token alg != RS256, err == invalid signature if (jwtDecoded && jwtDecoded['name'] === 'Rajinder') { res.send('Passed'); } else { log.error('Invalid User'); res.status(403).send('Invalid User'); } }, ); }); /** * Verify JWT using a SSL public key, using bearer header. * Authorization: Bearer xx.yy.zz */ routerJWT.get('/protected/bearer', (req, res) => { const bearerToken = req.get('Authorization'); const tok = (bearerToken && bearerToken.split(' ')) ?? []; const jwtToken = tok[1]; log.info('jwt: ', jwtToken); jwt.verify( jwtToken, publicKey, {algorithms: ['RS256']}, function (err, jwtDecoded) { // if token alg != RS256, err == invalid signature if (jwtDecoded && jwtDecoded['name'] === 'Rajinder') { res.send('Passed'); } else { log.error('Invalid User'); res.status(403).send('Invalid User'); } }, ); });