UNPKG

oidc-provider

Version:

OAuth 2.0 Authorization Server implementation for Node.js with OpenID Connect

github.com/panva/node-oidc-provider

panva/node-oidc-provider

142 lines (110 loc) 3.46 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
/* eslint-disable max-classes-per-file */ import snakeCase from '../helpers/_/snake_case.js'; import epochTime from '../helpers/epoch_time.js'; import pickBy from '../helpers/_/pick_by.js'; import instance from '../helpers/weak_cache.js'; import isConstructable from '../helpers/type_validators.js'; import hasFormat from './mixins/has_format.js'; const IN_PAYLOAD = [ 'iat', 'exp', 'jti', 'kind', ]; const adapterCache = new WeakMap(); export default function getBaseModel(provider) { function adapter(ctx) { const obj = typeof ctx === 'function' ? ctx : ctx.constructor; if (!adapterCache.has(obj)) { if (isConstructable(instance(provider).Adapter)) { adapterCache.set(obj, new (instance(provider).Adapter)(obj.name)); } else { adapterCache.set(obj, instance(provider).Adapter(obj.name)); } } return adapterCache.get(obj); } class Class { constructor({ jti, kind, ...payload } = {}) { Object.assign(this, pickBy( payload, (val, key) => this.constructor.IN_PAYLOAD.includes(key), )); if (kind && kind !== this.constructor.name) { throw new TypeError('kind mismatch'); } this.kind = kind || this.constructor.name; this.jti = jti; } static instantiate(payload) { return new this(payload); } async save(ttl) { if (!this.jti) { this.jti = this.generateTokenId(); } // this is true for all BaseToken descendants if (typeof this.constructor.expiresIn !== 'function') { this.exp = epochTime() + ttl; } const { value, payload } = await this.getValueAndPayload(); if (payload) { await this.adapter.upsert(this.jti, payload, ttl); this.emit('saved'); } else { this.emit('issued'); } return value; } async destroy() { await this.adapter.destroy(this.jti); this.emit('destroyed'); } static get adapter() { return adapter(this); } get adapter() { return adapter(this); } static get IN_PAYLOAD() { return IN_PAYLOAD; } static async find(value, { ignoreExpiration = false } = {}) { if (typeof value !== 'string') { return undefined; } const stored = await this.adapter.find(value); if (!stored) { return undefined; } try { const payload = await this.verify(stored, { ignoreExpiration }); return this.instantiate(payload); } catch (err) { return undefined; } } emit(eventName) { provider.emit(`${snakeCase(this.kind)}.${eventName}`, this); } /* * ttlPercentagePassed * returns a Number (0 to 100) with the value being percentage of the token's ttl already * passed. The higher the percentage the older the token is. At 0 the token is fresh, at a 100 * it is expired. */ ttlPercentagePassed() { const now = epochTime(); const percentage = Math.floor(100 * ((now - this.iat) / (this.exp - this.iat))); return Math.max(Math.min(100, percentage), 0); } get isValid() { return !this.isExpired; } get isExpired() { return this.exp <= epochTime(); } get remainingTTL() { if (!this.exp) { return this.expiration; } return this.exp - epochTime(); } } class BaseModel extends hasFormat(provider, 'base', Class) {} return BaseModel; }