Implemented a baisc user checker/getter

ref #100
2021-01-15 22:16:28 +01:00 · 2021-01-15 22:16:28 +01:00 · f1db883609
commit f1db883609
parent e586a11e2a
2 changed files with 51 additions and 0 deletions
--- a/src/app.ts
+++ b/src/app.ts
@ -5,10 +5,12 @@ import { config, e as errors } from './config';
 import loaders from "./loaders/index";
 import authchecker from "./middlewares/authchecker";
 import { ErrorHandler } from './middlewares/ErrorHandler';
+import UserChecker from './middlewares/UserChecker';

 const CONTROLLERS_FILE_EXTENSION = process.env.NODE_ENV === 'production' ? 'js' : 'ts';
 const app = createExpressServer({
  authorizationChecker: authchecker,
+  currentUserChecker: UserChecker,
  middlewares: [ErrorHandler],
  development: config.development,
  cors: true,
--- a/src/middlewares/UserChecker.ts
+++ b/src/middlewares/UserChecker.ts
@ -1,9 +1,58 @@
+import cookie from "cookie";
+import * as jwt from "jsonwebtoken";
 import { Action } from 'routing-controllers';
+import { getConnectionManager } from 'typeorm';
+import { config } from '../config';
+import { IllegalJWTError, UserDisabledError, UserNonexistantOrRefreshtokenInvalidError } from '../errors/AuthError';
+import { JwtCreator, JwtUser } from '../jwtcreator';
+import { User } from '../models/entities/User';

 /**
 * TODO:
 */
 const UserChecker = async (action: Action) => {
+    let jwtPayload = undefined
+    try {
+        let provided_token = "" + action.request.headers["authorization"].replace("Bearer ", "");
+        jwtPayload = <any>jwt.verify(provided_token, config.jwt_secret);
+        jwtPayload = jwtPayload["userdetails"];
+    } catch (error) {
+        jwtPayload = await refresh(action);
+    }

+    const user = await getConnectionManager().get().getRepository(User).findOne({ id: jwtPayload["id"], refreshTokenCount: jwtPayload["refreshTokenCount"] })
+    if (!user) { throw new UserNonexistantOrRefreshtokenInvalidError() }
+    if (user.enabled == false) { throw new UserDisabledError(); }
+    return user;
 };
+
+/**
+ * Handles soft-refreshing of access-tokens.
+ * @param action Routing-Controllers action object that provides request and response objects among other stuff.
+ */
+const refresh = async (action: Action) => {
+    let refresh_token = undefined;
+    try {
+        refresh_token = cookie.parse(action.request.headers["cookie"])["lfk_backend__refresh_token"];
+    }
+    catch {
+        throw new IllegalJWTError();
+    }
+
+    let jwtPayload = undefined;
+    try {
+        jwtPayload = <any>jwt.verify(refresh_token, config.jwt_secret);
+    } catch (error) {
+        throw new IllegalJWTError();
+    }
+
+    const user = await getConnectionManager().get().getRepository(User).findOne({ id: jwtPayload["id"], refreshTokenCount: jwtPayload["refreshTokenCount"] }, { relations: ['permissions', 'groups', 'groups.permissions'] })
+    if (!user) { throw new UserNonexistantOrRefreshtokenInvalidError() }
+    if (user.enabled == false) { throw new UserDisabledError(); }
+
+    let newAccess = JwtCreator.createAccess(user);
+    action.response.header("authorization", "Bearer " + newAccess);
+
+    return await new JwtUser(user);
+}
 export default UserChecker;