secure-link/src/lib/validateResourceAccessToken.js

Functions to generate and validate resource access tokens.

const { parse } = require('url');
const generateNginxAccessToken = require('./generateNginxAccessToken');
const errors = require('../utils/errors');


/**
 * Middleware to validate generated access tokens
 * @param {Object} [options] Configuration for token validation
 * @return {Function} Middleware with closure over options
 */
const validateResourceAccessToken = (middlewareOptions = {}) => {
  const {
    secret,
    algorithm,
    tokenParameterName,
    expiresParamaterName
  } = middlewareOptions;

  if (!secret) {
    throw new Error(errors.missingSecret);
  }

  if (!tokenParameterName) {
    throw new Error(errors.missingTokenParameterName);
  }

  if (!expiresParamaterName) {
    throw new Error(errors.missingExpiresParamaterName);
  }

  return (req, res, next) => {
    const receivedToken = req.query[tokenParameterName];
    const receivedExpires = req.query[expiresParamaterName];

    if (!receivedToken || !receivedExpires) {
      return res.status(403).end();
    }

    const { pathname } = parse(req.originalUrl);

    const options = {
      secret: secret,
      algorithm: algorithm ? algorithm : 'md5',
      resourcePath: pathname,
      expirationTime: receivedExpires
    };

    const checksumToken = generateNginxAccessToken(options);

    if (checksumToken === receivedToken && receivedExpires > Date.now()) {
      return next();
    } else if (checksumToken !== receivedToken) {
      return res.status(403).end();
    }

    // Token has expired - 'Gone'
    return res.status(410).end();
  };
};


module.exports = validateResourceAccessToken;