12 changed files with 32 additions and 404 deletions
--- a/src/app.ts
+++ b/src/app.ts
@ -1,9 +1,9 @@
-import consola from "consola";
-import * as dotenvSafe from "dotenv-safe";
 import "reflect-metadata";
+import * as dotenvSafe from "dotenv-safe";
 import { createExpressServer } from "routing-controllers";
-import authchecker from "./authchecker";
+import consola from "consola";
 import loaders from "./loaders/index";
+import authchecker from "./authchecker";
 import { ErrorHandler } from './middlewares/ErrorHandler';

 dotenvSafe.config();
--- a/src/authchecker.ts
+++ b/src/authchecker.ts
@ -1,15 +1,12 @@
 import * as jwt from "jsonwebtoken";
-import { Action } from "routing-controllers";
-import { getConnectionManager } from 'typeorm';
-import { IllegalJWTError, NoPermissionError, UserNonexistantOrRefreshtokenInvalidError } from './errors/AuthError';
-import { User } from './models/entities/User';
+import { Action, HttpError } from "routing-controllers";
 // -----------
 const sampletoken = jwt.sign({
    "permissions": {
        "TRACKS": ["read", "update", "delete", "add"]
        // "TRACKS": []
    }
-}, "securekey")
+}, process.env.JWT_SECRET || "secretjwtsecret")
 console.log(`sampletoken: ${sampletoken}`);
 // -----------
 const authchecker = async (action: Action, permissions: string | string[]) => {
@ -23,14 +20,9 @@ const authchecker = async (action: Action, permissions: string | string[]) => {
    const provided_token = action.request.query["auth"];
    let jwtPayload = undefined
    try {
-        jwtPayload = <any>jwt.verify(provided_token, "securekey");
+        jwtPayload = <any>jwt.verify(provided_token, process.env.JWT_SECRET || "secretjwtsecret");
    } catch (error) {
-        console.log(error);
-        throw new IllegalJWTError()
-    }
-    const count = await getConnectionManager().get().getRepository(User).count({ id: jwtPayload["userdetails"]["id"], refreshTokenCount: jwtPayload["userdetails"]["refreshTokenCount"] })
-    if (count !== 1) {
-        throw new UserNonexistantOrRefreshtokenInvalidError()
+        throw new HttpError(401, "jwt_illegal")
    }
    if (jwtPayload.permissions) {
        action.response.local = {}
@ -42,11 +34,11 @@ const authchecker = async (action: Action, permissions: string | string[]) => {
            if (actual_accesslevel_for_permission.includes(permission_access_level)) {
                return true;
            } else {
-                throw new NoPermissionError()
+                throw new HttpError(403, "no")
            }
        });
    } else {
-        throw new NoPermissionError()
+        throw new HttpError(403, "no")
    }
    // 
    try {
--- a/src/controllers/AuthController.ts
+++ b/src/controllers/AuthController.ts
@ -1,71 +0,0 @@
-import { Body, JsonController, Post } from 'routing-controllers';
-import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { IllegalJWTError, InvalidCredentialsError, JwtNotProvidedError, PasswordNeededError, RefreshTokenCountInvalidError, UsernameOrEmailNeededError } from '../errors/AuthError';
-import { UserNotFoundError } from '../errors/UserErrors';
-import { CreateAuth } from '../models/creation/CreateAuth';
-import { HandleLogout } from '../models/creation/HandleLogout';
-import { RefreshAuth } from '../models/creation/RefreshAuth';
-import { Auth } from '../models/responses/Auth';
-import { Logout } from '../models/responses/Logout';
-
-@JsonController('/auth')
-export class AuthController {
-	constructor() {
-	}
-
-	@Post("/login")
-	@ResponseSchema(Auth)
-	@ResponseSchema(InvalidCredentialsError)
-	@ResponseSchema(UserNotFoundError)
-	@ResponseSchema(UsernameOrEmailNeededError)
-	@ResponseSchema(PasswordNeededError)
-	@ResponseSchema(InvalidCredentialsError)
-	@OpenAPI({ description: 'Create a new access token object' })
-	async login(@Body({ validate: true }) createAuth: CreateAuth) {
-		let auth;
-		try {
-			auth = await createAuth.toAuth();
-			console.log(auth);
-		} catch (error) {
-			return error;
-		}
-		return auth
-	}
-
-	@Post("/logout")
-	@ResponseSchema(Logout)
-	@ResponseSchema(InvalidCredentialsError)
-	@ResponseSchema(UserNotFoundError)
-	@ResponseSchema(UsernameOrEmailNeededError)
-	@ResponseSchema(PasswordNeededError)
-	@ResponseSchema(InvalidCredentialsError)
-	@OpenAPI({ description: 'Create a new access token object' })
-	async logout(@Body({ validate: true }) handleLogout: HandleLogout) {
-		let logout;
-		try {
-			logout = await handleLogout.logout()
-			console.log(logout);
-		} catch (error) {
-			return error;
-		}
-		return logout
-	}
-
-	@Post("/refresh")
-	@ResponseSchema(Auth)
-	@ResponseSchema(JwtNotProvidedError)
-	@ResponseSchema(IllegalJWTError)
-	@ResponseSchema(UserNotFoundError)
-	@ResponseSchema(RefreshTokenCountInvalidError)
-	@OpenAPI({ description: 'refresh a access token' })
-	async refresh(@Body({ validate: true }) refreshAuth: RefreshAuth) {
-		let auth;
-		try {
-			auth = await refreshAuth.toAuth();
-			console.log(auth);
-		} catch (error) {
-			return error;
-		}
-		return auth
-	}
-}
--- a/src/errors/AuthError.ts
+++ b/src/errors/AuthError.ts
@ -1,123 +0,0 @@
-import { IsString } from 'class-validator';
-import { ForbiddenError, NotAcceptableError, NotFoundError, UnauthorizedError } from 'routing-controllers';
-
-/**
- * Error to throw when a jwt is expired
- */
-export class ExpiredJWTError extends UnauthorizedError {
-	@IsString()
-	name = "ExpiredJWTError"
-
-	@IsString()
-	message = "your provided jwt is expired"
-}
-
-/**
- * Error to throw when a jwt could not be parsed
- */
-export class IllegalJWTError extends UnauthorizedError {
-	@IsString()
-	name = "IllegalJWTError"
-
-	@IsString()
-	message = "your provided jwt could not be parsed"
-}
-
-/**
- * Error to throw when user is nonexistant or refreshtoken is invalid
- */
-export class UserNonexistantOrRefreshtokenInvalidError extends UnauthorizedError {
-	@IsString()
-	name = "UserNonexistantOrRefreshtokenInvalidError"
-
-	@IsString()
-	message = "user is nonexistant or refreshtoken is invalid"
-}
-
-/**
- * Error to throw when provided credentials are invalid
- */
-export class InvalidCredentialsError extends UnauthorizedError {
-	@IsString()
-	name = "InvalidCredentialsError"
-
-	@IsString()
-	message = "your provided credentials are invalid"
-}
-
-/**
- * Error to throw when a jwt does not have permission for this route/ action
- */
-export class NoPermissionError extends ForbiddenError {
-	@IsString()
-	name = "NoPermissionError"
-
-	@IsString()
-	message = "your provided jwt does not have permission for this route/ action"
-}
-
-/**
- * Error to thow when no username and no email is set
- */
-export class UsernameOrEmailNeededError extends NotAcceptableError {
-	@IsString()
-	name = "UsernameOrEmailNeededError"
-
-	@IsString()
-	message = "Auth needs to have email or username set! \n You provided neither."
-}
-
-/**
- * Error to thow when no password is provided
- */
-export class PasswordNeededError extends NotAcceptableError {
-	@IsString()
-	name = "PasswordNeededError"
-
-	@IsString()
-	message = "no password is provided - you need to provide it"
-}
-
-/**
- * Error to thow when no user could be found for provided credential
- */
-export class UserNotFoundError extends NotFoundError {
-	@IsString()
-	name = "UserNotFoundError"
-
-	@IsString()
-	message = "no user could be found for provided credential"
-}
-
-/**
- * Error to thow when no jwt token was provided
- */
-export class JwtNotProvidedError extends NotAcceptableError {
-	@IsString()
-	name = "JwtNotProvidedError"
-
-	@IsString()
-	message = "no jwt token was provided"
-}
-
-/**
- * Error to thow when user was not found or refresh token count was invalid
- */
-export class UserNotFoundOrRefreshTokenCountInvalidError extends NotAcceptableError {
-	@IsString()
-	name = "UserNotFoundOrRefreshTokenCountInvalidError"
-
-	@IsString()
-	message = "user was not found or refresh token count was invalid"
-}
-
-/**
- * Error to thow when refresh token count was invalid
- */
-export class RefreshTokenCountInvalidError extends NotAcceptableError {
-	@IsString()
-	name = "RefreshTokenCountInvalidError"
-
-	@IsString()
-	message = "refresh token count was invalid"
-}
--- a/src/loaders/openapi.ts
+++ b/src/loaders/openapi.ts
@ -1,8 +1,8 @@
-import { validationMetadatasToSchemas } from "class-validator-jsonschema";
 import { Application } from "express";
+import * as swaggerUiExpress from "swagger-ui-express";
 import { getMetadataArgsStorage } from "routing-controllers";
 import { routingControllersToSpec } from "routing-controllers-openapi";
-import * as swaggerUiExpress from "swagger-ui-express";
+import { validationMetadatasToSchemas } from "class-validator-jsonschema";

 export default async (app: Application) => {
  const storage = getMetadataArgsStorage();
@ -17,13 +17,6 @@ export default async (app: Application) => {
    {
      components: {
        schemas,
-        "securitySchemes": {
-          "AuthToken": {
-            "type": "http",
-            "scheme": "bearer",
-            "bearerFormat": "JWT"
-          }
-        }
      },
      info: {
        description: "The the backend API for the LfK! runner system.",
--- a/src/middlewares/jwtauth.ts
+++ b/src/middlewares/jwtauth.ts
@ -0,0 +1,17 @@
+import { Request, Response, NextFunction } from "express";
+// import bodyParser from 'body-parser';
+// import cors from 'cors';
+import * as jwt from "jsonwebtoken";
+
+export default (req: Request, res: Response, next: NextFunction) => {
+  const token = <string>req.headers["auth"];
+  try {
+    const jwtPayload = <any>jwt.verify(token, "secretjwtsecret");
+    // const jwtPayload = <any>jwt.verify(token, process.env.JWT_SECRET);
+    res.locals.jwtPayload = jwtPayload;
+  } catch (error) {
+    console.log(error);
+    return res.status(401).send();
+  }
+  next();
+};
--- a/src/models/creation/CreateAuth.ts
+++ b/src/models/creation/CreateAuth.ts
@ -1,57 +0,0 @@
-import * as argon2 from "argon2";
-import { IsEmail, IsOptional, IsString } from 'class-validator';
-import * as jsonwebtoken from 'jsonwebtoken';
-import { getConnectionManager } from 'typeorm';
-import { InvalidCredentialsError, PasswordNeededError, UserNotFoundError } from '../../errors/AuthError';
-import { UsernameOrEmailNeededError } from '../../errors/UserErrors';
-import { User } from '../entities/User';
-import { Auth } from '../responses/Auth';
-
-export class CreateAuth {
-    @IsOptional()
-    @IsString()
-    username?: string;
-    @IsString()
-    password: string;
-    @IsOptional()
-    @IsEmail()
-    @IsString()
-    email?: string;
-
-    public async toAuth(): Promise<Auth> {
-        let newAuth: Auth = new Auth();
-
-        if (this.email === undefined && this.username === undefined) {
-            throw new UsernameOrEmailNeededError();
-        }
-        if (!this.password) {
-            throw new PasswordNeededError()
-        }
-        const found_users = await getConnectionManager().get().getRepository(User).find({ where: [{ username: this.username }, { email: this.email }] });
-        if (found_users.length === 0) {
-            throw new UserNotFoundError()
-        } else {
-            const found_user = found_users[0]
-            if (await argon2.verify(found_user.password, this.password + found_user.uuid)) {
-                const timestamp_accesstoken_expiry = Math.floor(Date.now() / 1000) + 5 * 60
-                delete found_user.password;
-                newAuth.access_token = jsonwebtoken.sign({
-                    userdetails: found_user,
-                    exp: timestamp_accesstoken_expiry
-                }, "securekey")
-                newAuth.access_token_expires_at = timestamp_accesstoken_expiry
-                // 
-                const timestamp_refresh_expiry = Math.floor(Date.now() / 1000) + 10 * 36000
-                newAuth.refresh_token = jsonwebtoken.sign({
-                    refreshtokencount: found_user.refreshTokenCount,
-                    userid: found_user.id,
-                    exp: timestamp_refresh_expiry
-                }, "securekey")
-                newAuth.refresh_token_expires_at = timestamp_refresh_expiry
-            } else {
-                throw new InvalidCredentialsError()
-            }
-        }
-        return newAuth;
-    }
-}
--- a/src/models/creation/HandleLogout.ts
+++ b/src/models/creation/HandleLogout.ts
@ -1,35 +0,0 @@
-import { IsString } from 'class-validator';
-import * as jsonwebtoken from 'jsonwebtoken';
-import { getConnectionManager } from 'typeorm';
-import { IllegalJWTError, JwtNotProvidedError, RefreshTokenCountInvalidError, UserNotFoundError } from '../../errors/AuthError';
-import { User } from '../entities/User';
-import { Logout } from '../responses/Logout';
-
-export class HandleLogout {
-    @IsString()
-    token: string;
-
-    public async logout(): Promise<Logout> {
-        let logout: Logout = new Logout();
-        if (!this.token || this.token === undefined) {
-            throw new JwtNotProvidedError()
-        }
-        let decoded;
-        try {
-            decoded = jsonwebtoken.verify(this.token, 'securekey')
-        } catch (error) {
-            throw new IllegalJWTError()
-        }
-        logout.timestamp = Math.floor(Date.now() / 1000)
-        let found_user: User = await getConnectionManager().get().getRepository(User).findOne({ id: decoded["userid"] });
-        if (!found_user) {
-            throw new UserNotFoundError()
-        }
-        if (found_user.refreshTokenCount !== decoded["refreshtokencount"]) {
-            throw new RefreshTokenCountInvalidError()
-        }
-        found_user.refreshTokenCount++;
-        await getConnectionManager().get().getRepository(User).update({ id: found_user.id }, found_user)
-        return logout;
-    }
-}
--- a/src/models/creation/RefreshAuth.ts
+++ b/src/models/creation/RefreshAuth.ts
@ -1,49 +0,0 @@
-import { IsString } from 'class-validator';
-import * as jsonwebtoken from 'jsonwebtoken';
-import { getConnectionManager } from 'typeorm';
-import { IllegalJWTError, JwtNotProvidedError, RefreshTokenCountInvalidError, UserNotFoundError } from '../../errors/AuthError';
-import { User } from '../entities/User';
-import { Auth } from '../responses/Auth';
-
-export class RefreshAuth {
-    @IsString()
-    token: string;
-
-    public async toAuth(): Promise<Auth> {
-        let newAuth: Auth = new Auth();
-        if (!this.token || this.token === undefined) {
-            throw new JwtNotProvidedError()
-        }
-        let decoded
-        try {
-            decoded = jsonwebtoken.verify(this.token, 'securekey')
-        } catch (error) {
-            throw new IllegalJWTError()
-        }
-        const found_user = await getConnectionManager().get().getRepository(User).findOne({ id: decoded["userid"] });
-        if (!found_user) {
-            throw new UserNotFoundError()
-        }
-        if (found_user.refreshTokenCount !== decoded["refreshtokencount"]) {
-            throw new RefreshTokenCountInvalidError()
-        }
-        delete found_user.password;
-        const timestamp_accesstoken_expiry = Math.floor(Date.now() / 1000) + 5 * 60
-        delete found_user.password;
-        newAuth.access_token = jsonwebtoken.sign({
-            userdetails: found_user,
-            exp: timestamp_accesstoken_expiry
-        }, "securekey")
-        newAuth.access_token_expires_at = timestamp_accesstoken_expiry
-        // 
-        const timestamp_refresh_expiry = Math.floor(Date.now() / 1000) + 10 * 36000
-        newAuth.refresh_token = jsonwebtoken.sign({
-            refreshtokencount: found_user.refreshTokenCount,
-            userid: found_user.id,
-            exp: timestamp_refresh_expiry
-        }, "securekey")
-        newAuth.refresh_token_expires_at = timestamp_refresh_expiry
-
-        return newAuth;
-    }
-}
--- a/src/models/entities/User.ts
+++ b/src/models/entities/User.ts
@ -19,14 +19,14 @@ export class User {
  /**
  * uuid
  */
-  @Column({ unique: true })
+  @Column()
  @IsUUID(4)
  uuid: string;

  /**
  * user email
  */
-  @Column({ nullable: true, unique: true })
+  @Column({ nullable: true })
  @IsEmail()
  email?: string;

@ -41,7 +41,7 @@ export class User {
  /**
  * username
  */
-  @Column({ nullable: true, unique: true })
+  @Column({ nullable: true })
  @IsString()
  username?: string;

@ -109,7 +109,7 @@ export class User {
  /**
  * profilepic
  */
-  @Column({ nullable: true, unique: true })
+  @Column({ nullable: true })
  @IsString()
  @IsOptional()
  profilePic?: string;
--- a/src/models/responses/Auth.ts
+++ b/src/models/responses/Auth.ts
@ -1,27 +0,0 @@
-import { IsInt, IsString } from 'class-validator';
-
-/**
- * Defines a auth object
-*/
-export class Auth {
-  /**
-  * access_token - JWT shortterm access token
-  */
-  @IsString()
-  access_token: string;
-  /**
-  * refresh_token - longterm refresh token (used for requesting new access tokens)
-  */
-  @IsString()
-  refresh_token: string;
-  /**
-  * access_token_expires_at - unix timestamp of access token expiry
-  */
-  @IsInt()
-  access_token_expires_at: number;
-  /**
-  * refresh_token_expires_at - unix timestamp of access token expiry
-  */
-  @IsInt()
-  refresh_token_expires_at: number;
-}
--- a/src/models/responses/Logout.ts
+++ b/src/models/responses/Logout.ts
@ -1,12 +0,0 @@
-import { IsString } from 'class-validator';
-
-/**
- * Defines a Logout object
-*/
-export class Logout {
-  /**
-  * timestamp of logout
-  */
-  @IsString()
-  timestamp: number;
-}