UNPKG

restifyve-jwt

Version:

JWT authentication middlewarefor restify > 5.x.

github.com/andreabat/restifyve-jwt

andreabat/restifyve-jwt

115 lines (93 loc) 3.87 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
var jwt = require('jsonwebtoken'); var unless = require('express-unless'); var restify = require('restify'); var async = require('async'); let errors = require('restify-errors'); var InvalidCredentialsError = errors.InvalidCredentialsError; var DEFAULT_REVOKED_FUNCTION = function(_, __, cb) { return cb(null, false); }; var getClass = {}.toString; function isFunction(object) { return object && getClass.call(object) == '[object Function]'; } function wrapStaticSecretInCallback(secret) { return function(_, __, cb) { return cb(null, secret); }; } module.exports = function(options) { if (!options || !options.secret) throw new Error('secret should be set'); var secretCallback = options.secret; if (!isFunction(secretCallback)) { secretCallback = wrapStaticSecretInCallback(secretCallback); } var isRevokedCallback = options.isRevoked || DEFAULT_REVOKED_FUNCTION; var _requestProperty = options.userProperty || options.requestProperty || 'user'; var credentialsRequired = typeof options.credentialsRequired === 'undefined' ? true : options.credentialsRequired; var middleware = function(req, res, next) { var token; if (req.method === 'OPTIONS' && req.headers.hasOwnProperty('access-control-request-headers')) { var hasAuthInAccessControl = !!~req.headers['access-control-request-headers'] .split(',').map(function(header) { return header.trim(); }).indexOf('authorization'); if (hasAuthInAccessControl) { return next(); } } if (options.getToken && typeof options.getToken === 'function') { try { token = options.getToken(req); } catch (e) { return next(e); } } else if (req.headers && req.headers.authorization) { var parts = req.headers.authorization.split(' '); if (parts.length == 2) { var scheme = parts[0]; var credentials = parts[1]; if (/^Bearer$/i.test(scheme)) { token = credentials; } else { return next(new InvalidCredentialsError('Format is Authorization: Bearer [token]')); } } else { return next(new InvalidCredentialsError('Format is Authorization: Bearer [token]')); } } if (!token) { if (credentialsRequired) { return next(new InvalidCredentialsError('No authorization token was found')); } else { return next(); } } var dtoken = jwt.decode(token, { complete: true }) || {}; async.parallel([ function(callback) { var arity = secretCallback.length; if (arity == 4) { secretCallback(req, dtoken.header, dtoken.payload, callback); } else { // arity == 3 secretCallback(req, dtoken.payload, callback); } }, function(callback) { isRevokedCallback(req, dtoken.payload, callback); } ], function(err, results) { if (err) { return next(err); } var revoked = results[1]; if (revoked) { return next(new errors.UnauthorizedError('The token has been revoked.')); } var secret = results[0]; jwt.verify(token, secret, options, function(err, decoded) { if (err && credentialsRequired) return next(new InvalidCredentialsError(err)); req[_requestProperty] = decoded; next(); }); }); }; middleware.unless = unless; return middleware; };