vulcain-corejs
Version:
Vulcain micro-service framework
123 lines (121 loc) • 5.53 kB
JavaScript
;
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments)).next());
});
};
const system_1 = require("../../configurations/globals/system");
class ExpressAuthentication {
constructor() {
this.strategies = new Map();
this.addOrReplaceStrategy('bearer', this.bearerAuthentication);
this.addOrReplaceStrategy('apikey', this.apiKeyAuthentication);
}
addOrReplaceStrategy(name, verify) {
this.strategies.set(name, verify);
}
bearerAuthentication(ctx, accessToken) {
return __awaiter(this, void 0, void 0, function* () {
try {
let tokens = ctx.container.get("TokenService");
let token = yield tokens.verifyTokenAsync({ token: accessToken, tenant: ctx.tenant });
// No token found
if (!token) {
system_1.System.log.info(ctx, "Bearer authentication: Invalid jwtToken : " + accessToken);
return null;
}
token.user.tenant = token.user.tenant || token.tenantId;
token.user.scopes = token.scopes;
token.user.data = token.user.data || token.data;
token.user.bearer = accessToken;
return token.user;
}
catch (err) {
system_1.System.log.error(ctx, err, "Bearer authentication: Error with jwtToken " + accessToken);
throw err;
}
});
}
apiKeyAuthentication(ctx, accessToken) {
return __awaiter(this, void 0, void 0, function* () {
try {
let apiKeys = ctx.container.get("ApiKeyService", true);
if (!apiKeys)
return null;
let token = yield apiKeys.verifyTokenAsync({ token: accessToken, tenant: ctx.tenant });
// No token found
if (!token) {
system_1.System.log.info(ctx, `ApiKey authentication: Invalid apiKey ${accessToken} for tenant ${ctx.tenant}`);
return null;
}
token.user.data = token.user.data || token.data;
token.user.scopes = Array.isArray(token.token.scopes) ? token.token.scopes : [token.token.scopes];
return token.user;
}
catch (err) {
system_1.System.log.error(ctx, err, `ApiKey authentication: Error with apiKey ${accessToken} for tenant ${ctx.tenant}`);
throw err;
}
});
}
init(testUser) {
return (req, res, next) => __awaiter(this, void 0, void 0, function* () {
let ctx = req.requestContext;
let authorization = req.headers['authorization'];
// Perhaps in cookies
if (!authorization)
authorization = req.cookies && req.cookies.Authorization;
if (!authorization) {
// Force test user only if there is no authorization
if (testUser) {
ctx.user = testUser;
ctx.tenant = ctx.tenant || ctx.user.tenant;
system_1.System.log.info(ctx, `Request context - force test user=${ctx.user.name}, scopes=${ctx.user.scopes}, tenant=${ctx.tenant}`);
}
next();
return;
}
try {
let parts = authorization.split(' ');
if (parts.length < 2) {
throw new Error("Invalid authorization header : " + authorization);
}
let scheme = parts[0], token = parts[1];
for (let [strategyName, verify] of this.strategies) {
if (!scheme || scheme.substr(0, strategyName.length).toLowerCase() !== strategyName)
continue;
if (!token) {
throw new Error("Invalid authorization header.");
}
let user = yield verify(ctx, token);
if (user) {
ctx.user = user;
if (ctx.user.tenant) {
ctx.tenant = ctx.user.tenant;
}
else {
ctx.user.tenant = ctx.tenant;
}
// For context propagation
if (strategyName === "bearer")
ctx.bearer = token;
next();
return;
}
}
}
catch (err) {
ctx.logError(err, "Authentication error");
}
res.status(401);
res.send();
});
}
;
}
ExpressAuthentication.Anonymous = { id: "_anonymous", name: "anonymous", scopes: [], tenant: null };
exports.ExpressAuthentication = ExpressAuthentication;
//# sourceMappingURL=expressAuthentication.js.map