vulcain-corejs/lib/src/security/services/tokenService.js

Vulcain micro-service framework

"use strict";
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
    return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
Object.defineProperty(exports, "__esModule", { value: true });
const annotations_1 = require("../../di/annotations");
const conventions_1 = require("../../utils/conventions");
const manifest_1 = require("../../globals/manifest");
const jwt = require('jsonwebtoken');
const ms = require('ms');
const dynamicConfiguration_1 = require("../../configurations/dynamicConfiguration");
let TokenService = class TokenService {
    constructor() {
        this.name = "bearer";
        this.issuer = dynamicConfiguration_1.DynamicConfiguration.getChainedConfigurationProperty(conventions_1.Conventions.instance.TOKEN_ISSUER);
        this.tokenExpiration = dynamicConfiguration_1.DynamicConfiguration.getChainedConfigurationProperty(conventions_1.Conventions.instance.TOKEN_EXPIRATION, conventions_1.Conventions.instance.defaultTokenExpiration);
        this.secretKey = dynamicConfiguration_1.DynamicConfiguration.getChainedConfigurationProperty(conventions_1.Conventions.instance.VULCAIN_SECRET_KEY, conventions_1.Conventions.instance.defaultSecretKey);
    }
    createToken(user) {
        if (!user || !user.name)
            throw new Error("Invalid user data. name is required");
        return new Promise(async (resolve, reject) => {
            const payload = {
                value: {
                    name: user.name,
                    tenant: user.tenant,
                    scopes: user.scopes,
                    claims: user.claims
                }
            };
            let options = { issuer: this.issuer.value, expiresIn: this.tokenExpiration.value };
            try {
                let jwtToken = this.generateToken(payload, options);
                let renewToken = this.generateToken({}, options);
                let expiresIn;
                if (typeof this.tokenExpiration.value === 'string') {
                    const milliseconds = ms(this.tokenExpiration.value);
                    expiresIn = Math.floor(milliseconds / 1000);
                }
                else {
                    expiresIn = this.tokenExpiration.value;
                }
                // token payload contains iat (absolute expiration date in sec)
                resolve({ expiresIn, token: jwtToken, renewToken: renewToken });
            }
            catch (err) {
                reject({ error: err, message: "Error when creating new token for user :" + user.name + " - " + (err.message || err) });
            }
        });
    }
    generateToken(payload, options) {
        let token;
        token = jwt.sign(payload, this.secretKey.value, options);
        return token;
    }
    verifyToken(ctx, accessToken, tenant) {
        return new Promise(async (resolve, reject) => {
            if (!accessToken) {
                reject("You must provide a valid token");
                return;
            }
            let options = { "issuer": this.issuer.value };
            try {
                let key = this.secretKey.value;
                //options.algorithms=[ALGORITHM];
                jwt.verify(accessToken, key, options, (err, payload) => {
                    if (err) {
                        reject(`Bearer authentication: Invalid jwtToken, error: ${err}`);
                    }
                    else {
                        const userContext = payload.value;
                        resolve(userContext);
                    }
                });
            }
            catch (err) {
                reject({ error: err, message: "Invalid JWT token" });
            }
        });
    }
};
__decorate([
    manifest_1.ConfigurationProperty(conventions_1.Conventions.instance.TOKEN_ISSUER, "string"),
    __metadata("design:type", Object)
], TokenService.prototype, "issuer", void 0);
__decorate([
    manifest_1.ConfigurationProperty(conventions_1.Conventions.instance.VULCAIN_SECRET_KEY, "string"),
    __metadata("design:type", Object)
], TokenService.prototype, "secretKey", void 0);
__decorate([
    manifest_1.ConfigurationProperty(conventions_1.Conventions.instance.TOKEN_EXPIRATION, "string"),
    __metadata("design:type", Object)
], TokenService.prototype, "tokenExpiration", void 0);
TokenService = __decorate([
    annotations_1.Injectable(annotations_1.LifeTime.Singleton, annotations_1.DefaultServiceNames.BearerTokenService),
    __metadata("design:paramtypes", [])
], TokenService);
exports.TokenService = TokenService;
//# sourceMappingURL=tokenService.js.map