vulcain-corejs
Version:
Vulcain micro-service framework
98 lines (96 loc) • 4.37 kB
JavaScript
;
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments)).next());
});
};
const annotations_1 = require("../../di/annotations");
const system_1 = require("../../configurations/globals/system");
class AbstractExpressAuthentication {
constructor() {
this.strategies = new Map();
}
addOrReplaceStrategy(name, verify) {
this.strategies.set(name, verify);
}
/**
* Initialize authentication process
*
* @param {UserContext} testUser User to use for testing when no authentication is provide
* @param {boolean} ignoreInvalidBearer Do not reject invalid bearer token, just ignore it. Can be initialize with application.ignoreInvalidBearer property.
* @returns
*
* @memberOf ExpressAuthentication
*/
init(testUser, ignoreInvalidBearer) {
return (req, res, next) => __awaiter(this, void 0, void 0, function* () {
let ctx = req.requestContext;
let authorization = req.headers['authorization'];
// Perhaps in cookies
if (!authorization)
authorization = req.cookies && req.cookies.Authorization;
if (!authorization) {
// Force test user only if there is no authorization
if (testUser) {
ctx.user = testUser;
ctx.tenant = ctx.tenant || ctx.user.tenant;
system_1.System.log.info(ctx, `Request context - force test user=${ctx.user.name}, scopes=${ctx.user.scopes}, tenant=${ctx.tenant}`);
}
next();
return;
}
try {
let parts = authorization.split(' ');
if (parts.length < 2) {
throw new Error("Invalid authorization header : " + authorization);
}
let scheme = parts[0], token = parts[1];
for (let [strategyName, verify] of this.strategies) {
if (!scheme || scheme.substr(0, strategyName.length).toLowerCase() !== strategyName)
continue;
if (!token) {
throw new Error("Invalid authorization header.");
}
let user = yield verify(ctx, token);
if (user) {
ctx.user = user;
if (ctx.user.tenant) {
ctx.tenant = ctx.user.tenant;
}
else {
ctx.user.tenant = ctx.tenant;
}
// For context propagation
if (strategyName === "bearer")
ctx.bearer = token;
next();
return;
}
else if (strategyName !== "bearer" || !ignoreInvalidBearer) {
let logger = ctx.container.get(annotations_1.DefaultServiceNames.Logger);
logger.logAction(ctx, 'ER');
res.status(401);
res.send();
return;
}
next();
return;
}
}
catch (err) {
ctx.logError(err, "Authentication error");
}
let logger = ctx.container.get(annotations_1.DefaultServiceNames.Logger);
logger.logAction(ctx, 'ER');
res.status(401);
res.send();
});
}
;
}
AbstractExpressAuthentication.Anonymous = { id: "_anonymous", name: "anonymous", scopes: [], tenant: null };
exports.AbstractExpressAuthentication = AbstractExpressAuthentication;
//# sourceMappingURL=abstractExpressAuthentication.js.map