sso-module-punch
Version:
Single Sign On Sign in module for nodejs packages
349 lines (348 loc) • 13.5 kB
JavaScript
"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __generator = (this && this.__generator) || function (thisArg, body) {
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
function verb(n) { return function (v) { return step([n, v]); }; }
function step(op) {
if (f) throw new TypeError("Generator is already executing.");
while (_) try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
if (y = 0, t) op = [op[0] & 2, t.value];
switch (op[0]) {
case 0: case 1: t = op; break;
case 4: _.label++; return { value: op[1], done: false };
case 5: _.label++; y = op[1]; op = [0]; continue;
case 7: op = _.ops.pop(); _.trys.pop(); continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
if (t[2]) _.ops.pop();
_.trys.pop(); continue;
}
op = body.call(thisArg, _);
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
}
};
Object.defineProperty(exports, "__esModule", { value: true });
var axios_1 = require("axios");
var jwt = require("jsonwebtoken");
var jwtDecode = require("jwt-decode");
var views_1 = require("./views");
/**
*
*/
var SSOModule = /** @class */ (function () {
function SSOModule() {
this.mSSOUrl = 'https://login.shotbeach.nl';
this.mAuthUrl = 'https://auth.shotbeach.nl';
this.mUserDetail = {
id: '',
roles: [],
username: '',
};
this.mExpirationDate = 1587401966;
this.mApplicationKey = 'undefined';
this.mApplicationName = 'undefined';
this.mRoles = [];
this.mAuthenticated = false;
this.mToken = '';
this.pVerify = views_1.verifyPage;
this.pForwarding = views_1.forwardingPage;
this.pUnauthenticated = views_1.unauthenticatedPage;
this.key = Buffer.from('', 'utf8');
}
Object.defineProperty(SSOModule.prototype, "unauthenticatedHtml", {
/**
*
* @param body
*/
set: function (body) {
this.pUnauthenticated = body;
},
enumerable: true,
configurable: true
});
Object.defineProperty(SSOModule.prototype, "verifyHtml", {
/**
*
* @param body
*/
set: function (body) {
this.pVerify = body;
},
enumerable: true,
configurable: true
});
Object.defineProperty(SSOModule.prototype, "forwardingHtml", {
/**
*
* @param body
*/
set: function (body) {
this.pForwarding = body;
},
enumerable: true,
configurable: true
});
Object.defineProperty(SSOModule.prototype, "applicationName", {
/**
*
* @param ApplicationName
*/
set: function (ApplicationName) {
this.mApplicationName = ApplicationName;
},
enumerable: true,
configurable: true
});
Object.defineProperty(SSOModule.prototype, "applicationKey", {
/**
*
* @param ApplicationKey
*/
set: function (ApplicationKey) {
this.mApplicationKey = ApplicationKey;
},
enumerable: true,
configurable: true
});
Object.defineProperty(SSOModule.prototype, "publicKey", {
/**
*
* @param publicKey
*/
set: function (publicKey) {
this.key = Buffer.from(publicKey, 'utf8');
},
enumerable: true,
configurable: true
});
Object.defineProperty(SSOModule.prototype, "ssoUrl", {
// tslint:disable-next-line:adjacent-overload-signatures
get: function () {
return this.mSSOUrl + '?appName=' + this.mApplicationName;
},
set: function (SSOUrl) {
this.mSSOUrl = SSOUrl;
},
enumerable: true,
configurable: true
});
Object.defineProperty(SSOModule.prototype, "authUrl", {
get: function () {
return this.mAuthUrl + '?appName=' + this.mApplicationName;
},
set: function (AuthUrl) {
this.mAuthUrl = AuthUrl;
},
enumerable: true,
configurable: true
});
Object.defineProperty(SSOModule.prototype, "roles", {
// tslint:disable-next-line:adjacent-overload-signatures
get: function () {
return this.mRoles;
},
set: function (roles) {
this.mRoles = roles;
},
enumerable: true,
configurable: true
});
Object.defineProperty(SSOModule.prototype, "rawToken", {
get: function () {
return this.mToken;
},
enumerable: true,
configurable: true
});
Object.defineProperty(SSOModule.prototype, "authenticated", {
get: function () {
return this.mAuthenticated;
},
enumerable: true,
configurable: true
});
Object.defineProperty(SSOModule.prototype, "verifyUrl", {
get: function () {
return this.mAuthUrl + '/verifytoken?appName=' + this.mApplicationName;
},
enumerable: true,
configurable: true
});
Object.defineProperty(SSOModule.prototype, "user", {
get: function () {
return this.mUserDetail;
},
enumerable: true,
configurable: true
});
SSOModule.prototype.addRole = function (role) {
this.mRoles.push(role);
};
SSOModule.prototype.checkAuthenticated = function () {
var token = localStorage.getItem('token');
if (token) {
this.mToken = token;
this.DecodeJWT(token);
var renewDate = (new Date().getTime()) / 1000;
if (this.mExpirationDate > renewDate) {
this.mAuthenticated = true;
return true;
}
}
return false;
};
SSOModule.prototype.checkSSOToken = function (token) {
return __awaiter(this, void 0, void 0, function () {
var e_1;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
document.open();
document.writeln(this.pVerify);
document.close();
_a.label = 1;
case 1:
_a.trys.push([1, 3, , 4]);
return [4 /*yield*/, this.verifyToken(token)];
case 2:
if (_a.sent()) {
window.location.href = window.location.origin;
}
else {
document.open();
document.write(this.pUnauthenticated);
document.close();
}
return [3 /*break*/, 4];
case 3:
e_1 = _a.sent();
document.open();
document.write(this.pUnauthenticated);
document.close();
return [3 /*break*/, 4];
case 4: return [2 /*return*/];
}
});
});
};
SSOModule.prototype.Authenticate = function () {
return __awaiter(this, void 0, void 0, function () {
var urlParams, serviceURL, token, e_2;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
if (!!this.checkAuthenticated()) return [3 /*break*/, 7];
if (!(typeof window !== "undefined")) return [3 /*break*/, 6];
urlParams = new URLSearchParams(window.location.search);
if (!urlParams.has('ssoToken')) return [3 /*break*/, 2];
return [4 /*yield*/, this.checkSSOToken(urlParams.get('ssoToken'))];
case 1:
_a.sent();
return [3 /*break*/, 6];
case 2:
serviceURL = window.location.href;
_a.label = 3;
case 3:
_a.trys.push([3, 5, , 6]);
return [4 /*yield*/, axios_1.default.get(this.authUrl + '&serviceurl=' + serviceURL, {
withCredentials: true
})];
case 4:
token = _a.sent();
this.checkSSOToken(token.data.ssoToken);
return [3 /*break*/, 6];
case 5:
e_2 = _a.sent();
document.open();
document.writeln(this.pForwarding);
document.close();
this.toLogin();
return [3 /*break*/, 6];
case 6: return [3 /*break*/, 8];
case 7: return [2 /*return*/, true];
case 8: return [2 /*return*/];
}
});
});
};
SSOModule.prototype.toLogin = function () {
var serviceURL = window.location.href;
if (!this.checkAuthenticated()) {
window.location.href = this.ssoUrl + '&serviceurl=' + serviceURL;
}
return true;
};
SSOModule.prototype.verifyToken = function (ssoToken) {
return __awaiter(this, void 0, void 0, function () {
var url, result, jwtCheck;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
url = this.verifyUrl + '&ssoToken=' + ssoToken;
return [4 /*yield*/, axios_1.default.get(url, {
headers: {
Authorization: "bearer " + this.mApplicationKey,
'Access-Control-Allow-Origin': '*',
'Content-Type': 'application/x-www-form-urlencoded'
}
})];
case 1:
result = _a.sent();
return [4 /*yield*/, this.verifyJWT(result.data)];
case 2:
jwtCheck = _a.sent();
if (jwtCheck) {
localStorage.setItem('token', result.data);
return [2 /*return*/, true];
}
else {
return [2 /*return*/, false];
}
return [2 /*return*/];
}
});
});
};
SSOModule.prototype.verifyJWT = function (token) {
return __awaiter(this, void 0, void 0, function () {
var ISSUER;
return __generator(this, function (_a) {
ISSUER = "simple-sso";
try {
jwt.verify(token, this.key, { issuer: ISSUER, algorithms: ["RS256"] });
this.mToken = token;
this.DecodeJWT(token);
return [2 /*return*/, true];
}
catch (e) {
return [2 /*return*/, false];
}
return [2 /*return*/];
});
});
};
SSOModule.prototype.DecodeJWT = function (token) {
var decoded = jwtDecode(token);
this.mAuthenticated = true;
this.mUserDetail.id = decoded.userID;
this.mUserDetail.username = decoded.username;
this.mUserDetail.roles = decoded.roles;
this.mExpirationDate = decoded.exp;
};
return SSOModule;
}());
exports.SSOModule = SSOModule;