parent
e5b605cc55
commit
76e19ca28d
|
|
@ -5,14 +5,13 @@ import { createExpressServer } from "routing-controllers";
|
|||
import authchecker from "./authchecker";
|
||||
import loaders from "./loaders/index";
|
||||
import { ErrorHandler } from './middlewares/ErrorHandler';
|
||||
import { JWTAuth } from './middlewares/JWTAuth';
|
||||
|
||||
dotenvSafe.config();
|
||||
const PORT = process.env.APP_PORT || 4010;
|
||||
|
||||
const app = createExpressServer({
|
||||
authorizationChecker: authchecker,
|
||||
middlewares: [ErrorHandler, JWTAuth],
|
||||
middlewares: [ErrorHandler],
|
||||
development: process.env.NODE_ENV === "production",
|
||||
cors: true,
|
||||
routePrefix: "/api",
|
||||
|
|
|
|||
|
|
@ -1,13 +1,15 @@
|
|||
import * as jwt from "jsonwebtoken";
|
||||
import { Action } from "routing-controllers";
|
||||
import { IllegalJWTError, NoPermissionError } from './errors/AuthError';
|
||||
import { getConnectionManager } from 'typeorm';
|
||||
import { IllegalJWTError, NoPermissionError, UserNonexistantOrRefreshtokenInvalidError } from './errors/AuthError';
|
||||
import { User } from './models/entities/User';
|
||||
// -----------
|
||||
const sampletoken = jwt.sign({
|
||||
"permissions": {
|
||||
"TRACKS": ["read", "update", "delete", "add"]
|
||||
// "TRACKS": []
|
||||
}
|
||||
}, process.env.JWT_SECRET || "secretjwtsecret")
|
||||
}, "securekey")
|
||||
console.log(`sampletoken: ${sampletoken}`);
|
||||
// -----------
|
||||
const authchecker = async (action: Action, permissions: string | string[]) => {
|
||||
|
|
@ -21,10 +23,15 @@ const authchecker = async (action: Action, permissions: string | string[]) => {
|
|||
const provided_token = action.request.query["auth"];
|
||||
let jwtPayload = undefined
|
||||
try {
|
||||
jwtPayload = <any>jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret");
|
||||
jwtPayload = <any>jwt.verify(provided_token, "securekey");
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
throw new IllegalJWTError()
|
||||
}
|
||||
const count = await getConnectionManager().get().getRepository(User).count({ id: jwtPayload["userdetails"]["id"], refreshTokenCount: jwtPayload["userdetails"]["refreshTokenCount"] })
|
||||
if (count !== 1) {
|
||||
throw new UserNonexistantOrRefreshtokenInvalidError()
|
||||
}
|
||||
if (jwtPayload.permissions) {
|
||||
action.response.local = {}
|
||||
action.response.local.jwtPayload = jwtPayload.permissions
|
||||
|
|
|
|||
|
|
@ -23,6 +23,17 @@ export class IllegalJWTError extends UnauthorizedError {
|
|||
message = "your provided jwt could not be parsed"
|
||||
}
|
||||
|
||||
/**
|
||||
* Error to throw when user is nonexistant or refreshtoken is invalid
|
||||
*/
|
||||
export class UserNonexistantOrRefreshtokenInvalidError extends UnauthorizedError {
|
||||
@IsString()
|
||||
name = "UserNonexistantOrRefreshtokenInvalidError"
|
||||
|
||||
@IsString()
|
||||
message = "user is nonexistant or refreshtoken is invalid"
|
||||
}
|
||||
|
||||
/**
|
||||
* Error to throw when provided credentials are invalid
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,24 +0,0 @@
|
|||
import * as jwt from "jsonwebtoken";
|
||||
import {
|
||||
ExpressMiddlewareInterface
|
||||
} from "routing-controllers";
|
||||
|
||||
export class JWTAuth implements ExpressMiddlewareInterface {
|
||||
use(request: any, response: any, next?: (err?: any) => any): any {
|
||||
const token = <string>request.headers["auth"];
|
||||
try {
|
||||
/**
|
||||
TODO: idk if we should always check the db if refreshtokencount is valid?
|
||||
seems like a lot of db overhead
|
||||
at the same time it's basically our only option to support proper logouts
|
||||
*/
|
||||
const jwtPayload = <any>jwt.verify(token, "secretjwtsecret");
|
||||
// const jwtPayload = <any>jwt.verify(token, process.env.JWT_SECRET);
|
||||
response.locals.jwtPayload = jwtPayload;
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
return response.status(401).send();
|
||||
}
|
||||
next();
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue