56 lines
		
	
	
		
			2.4 KiB
		
	
	
	
		
			TypeScript
		
	
	
	
	
	
			
		
		
	
	
			56 lines
		
	
	
		
			2.4 KiB
		
	
	
	
		
			TypeScript
		
	
	
	
	
	
| import { IsOptional, IsString } from 'class-validator';
 | |
| import * as jsonwebtoken from 'jsonwebtoken';
 | |
| import { getConnectionManager } from 'typeorm';
 | |
| import { config } from '../../config';
 | |
| import { IllegalJWTError, JwtNotProvidedError, RefreshTokenCountInvalidError, UserDisabledError, UserNotFoundError } from '../../errors/AuthError';
 | |
| import { JwtCreator } from "../../jwtcreator";
 | |
| import { User } from '../entities/User';
 | |
| import { ResponseAuth } from '../responses/ResponseAuth';
 | |
| 
 | |
| /**
 | |
|  * This class is used to create refreshed auth credentials.
 | |
|  * To be a little bit more exact: Is takes in a refresh token and creates a new access and refresh token for it's user.
 | |
|  * It of course checks for user existance, jwt validity and so on.
 | |
|  */
 | |
| export class RefreshAuth {
 | |
|     /**
 | |
|      * A stringyfied jwt refresh token.
 | |
|      * Will get checked for validity.
 | |
|      */
 | |
|     @IsString()
 | |
|     @IsOptional()
 | |
|     token?: string;
 | |
| 
 | |
|     /**
 | |
|      * Creates a new auth object based on this.
 | |
|      */
 | |
|     public async toAuth(): Promise<ResponseAuth> {
 | |
|         let newAuth: ResponseAuth = new ResponseAuth();
 | |
|         if (!this.token || this.token === undefined) {
 | |
|             throw new JwtNotProvidedError()
 | |
|         }
 | |
|         let decoded
 | |
|         try {
 | |
|             decoded = jsonwebtoken.verify(this.token, config.jwt_secret)
 | |
|         } catch (error) {
 | |
|             throw new IllegalJWTError()
 | |
|         }
 | |
|         const found_user = await getConnectionManager().get().getRepository(User).findOne({ id: decoded["id"] }, { relations: ['groups', 'permissions', 'groups.permissions'] });
 | |
|         if (!found_user) {
 | |
|             throw new UserNotFoundError()
 | |
|         }
 | |
|         if (found_user.enabled == false) { throw new UserDisabledError(); }
 | |
|         if (found_user.refreshTokenCount !== decoded["refreshTokenCount"]) {
 | |
|             throw new RefreshTokenCountInvalidError()
 | |
|         }
 | |
|         //Create the auth token
 | |
|         const timestamp_accesstoken_expiry = Math.floor(Date.now() / 1000) + 5 * 60
 | |
|         newAuth.access_token = JwtCreator.createAccess(found_user, timestamp_accesstoken_expiry);
 | |
|         newAuth.access_token_expires_at = timestamp_accesstoken_expiry
 | |
|         //Create the refresh token
 | |
|         const timestamp_refresh_expiry = Math.floor(Date.now() / 1000) + 10 * 36000
 | |
|         newAuth.refresh_token = JwtCreator.createRefresh(found_user, timestamp_refresh_expiry);
 | |
|         newAuth.refresh_token_expires_at = timestamp_refresh_expiry;
 | |
|         return newAuth;
 | |
|     }
 | |
| } |