jwt-couchdb/cjs.js

JWT endpoint to authenticate users and create JSON Web Tokens out of the CouchDB's session API

'use strict';

function _interopDefault (ex) { return (ex && (typeof ex === 'object') && 'default' in ex) ? ex['default'] : ex; }

var jsonwebtoken = require('jsonwebtoken');
var fetchAuth = _interopDefault(require('fetch-auth-node'));
var fs = require('fs');
var invariant = _interopDefault(require('invariant'));
var http = _interopDefault(require('http'));

var HAS_VALID_AUTHORISATION_HEADER = /^(Basic|Bearer)\s+(.+)/;

var NEEDS_TO_REFRESH_ROLES = /refresh-roles/;

const POST = 'POST';

function createHandler() {
  var _ref = arguments.length <= 0 || arguments[0] === undefined ? {} : arguments[0];

  let endpoint = _ref.endpoint;
  let options = _ref.options;
  let secret = _ref.secret;

  return function handler(req, res) {
    var _ref2;

    return Promise.resolve().then(function () {
      if (req.method === POST && HAS_VALID_AUTHORISATION_HEADER.test(req.headers.authorization)) {
        return function () {
          let name;
          let roles;

          return Promise.resolve().then(function () {
            return fetchAuth(`${ endpoint }/_session`, req.headers.authorization);
          }).then(function (_resp) {
            _ref2 = _resp;
            const userCtx = _ref2.userCtx;

            name = userCtx.name;
            roles = userCtx.roles;

            return fetchAuth(`${ endpoint }/_users/org.couchdb.user:${ name }`, req.headers.authorization);
          }).then(function (_resp) {
            if (NEEDS_TO_REFRESH_ROLES.test(req.url)) {
              const nextUserCtx = _resp;
              roles = nextUserCtx.roles;
            }

            const token = jsonwebtoken.sign({ name, roles }, secret, options);

            res.writeHead(200, { 'Content-Type': 'application/json' });
            res.end(JSON.stringify(token));
          }).catch(function (err) {
            console.error(`${ new Date().toISOString().replace('T', ' ').substr(0, 19) } 401 ${ err.message }`);
            res.writeHead(401);
            res.end();
          });
        }();
      } else {
        res.writeHead(404);
        res.end();
      }
    }).then(function () {});
  };
}

function getServerConfig() {
  var _JSON$parse = JSON.parse(fs.readFileSync(process.env.CONFIG || 'config.json', 'utf8'));

  var _JSON$parse$endpoint = _JSON$parse.endpoint;
  const endpoint = _JSON$parse$endpoint === undefined ? 'http://127.0.0.1:5984' : _JSON$parse$endpoint;
  var _JSON$parse$options = _JSON$parse.options;
  const options = _JSON$parse$options === undefined ? {
    algorithms: ['HS256'],
    expiresIn: '5m'
  } : _JSON$parse$options;
  const secret = _JSON$parse.secret;
  var _JSON$parse$port = _JSON$parse.port;
  const port = _JSON$parse$port === undefined ? 5985 : _JSON$parse$port;


  invariant(endpoint, 'missing authorisation endpoint');
  invariant(options, 'missing jwt options');
  invariant(options.algorithms, 'missing jwt algorithms');
  invariant(options.expiresIn, 'missing jwt expiresIn');
  invariant(secret, 'missing secret');
  invariant(port, 'missing port');

  return {
    endpoint,
    options,
    secret,
    port
  };
}

var _getServerConfig = getServerConfig();

const endpoint = _getServerConfig.endpoint;
const options = _getServerConfig.options;
const port = _getServerConfig.port;
const secret = _getServerConfig.secret;


http.createServer(createHandler({ endpoint, options, secret })).listen(port);

console.log(`CouchDB JWT auth running on port http://localhost:${ port } against ${ endpoint }`);