73
src/models/actions/create/CreateAuth.ts
Normal file
73
src/models/actions/create/CreateAuth.ts
Normal file
@@ -0,0 +1,73 @@
|
||||
import * as argon2 from "argon2";
|
||||
import { IsEmail, IsNotEmpty, IsOptional, IsString } from 'class-validator';
|
||||
import { getConnectionManager } from 'typeorm';
|
||||
import { InvalidCredentialsError, PasswordNeededError, UserDisabledError, UserNotFoundError } from '../../errors/AuthError';
|
||||
import { UsernameOrEmailNeededError } from '../../errors/UserErrors';
|
||||
import { JwtCreator } from '../../jwtcreator';
|
||||
import { User } from '../entities/User';
|
||||
import { Auth } from '../responses/ResponseAuth';
|
||||
|
||||
/**
|
||||
* This class is used to create auth credentials based on user credentials provided in a json body (post request).
|
||||
* To be a little bit more exact: Is takes in a username/email + password and creates a new access and refresh token for the user.
|
||||
* It of course checks for user existance, password validity and so on.
|
||||
*/
|
||||
export class CreateAuth {
|
||||
/**
|
||||
* The username of the user that want's to login.
|
||||
* Either username or email have to be provided.
|
||||
*/
|
||||
@IsOptional()
|
||||
@IsString()
|
||||
username?: string;
|
||||
|
||||
/**
|
||||
* The email address of the user that want's to login.
|
||||
* Either username or email have to be provided.
|
||||
*/
|
||||
@IsOptional()
|
||||
@IsEmail()
|
||||
@IsString()
|
||||
email?: string;
|
||||
|
||||
/**
|
||||
* The user's password.
|
||||
* Will be checked against an argon2 hash.
|
||||
*/
|
||||
@IsNotEmpty()
|
||||
@IsString()
|
||||
password: string;
|
||||
|
||||
|
||||
/**
|
||||
* Creates a new auth object based on this.
|
||||
*/
|
||||
public async toAuth(): Promise<Auth> {
|
||||
let newAuth: Auth = new Auth();
|
||||
|
||||
if (this.email === undefined && this.username === undefined) {
|
||||
throw new UsernameOrEmailNeededError();
|
||||
}
|
||||
if (!this.password) {
|
||||
throw new PasswordNeededError();
|
||||
}
|
||||
const found_user = await getConnectionManager().get().getRepository(User).findOne({ relations: ['groups', 'permissions', 'groups.permissions'], where: [{ username: this.username }, { email: this.email }] });
|
||||
if (!found_user) {
|
||||
throw new UserNotFoundError();
|
||||
}
|
||||
if (found_user.enabled == false) { throw new UserDisabledError(); }
|
||||
if (!(await argon2.verify(found_user.password, this.password + found_user.uuid))) {
|
||||
throw new InvalidCredentialsError();
|
||||
}
|
||||
|
||||
//Create the access token
|
||||
const timestamp_accesstoken_expiry = Math.floor(Date.now() / 1000) + 5 * 60
|
||||
newAuth.access_token = JwtCreator.createAccess(found_user, timestamp_accesstoken_expiry);
|
||||
newAuth.access_token_expires_at = timestamp_accesstoken_expiry
|
||||
//Create the refresh token
|
||||
const timestamp_refresh_expiry = Math.floor(Date.now() / 1000) + 10 * 36000
|
||||
newAuth.refresh_token = JwtCreator.createRefresh(found_user, timestamp_refresh_expiry);
|
||||
newAuth.refresh_token_expires_at = timestamp_refresh_expiry
|
||||
return newAuth;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user