1 | import jwt from "jsonwebtoken";
|
2 | import isNil from "lodash/isNil";
|
3 | import {APIConfig} from "./APIConfig";
|
4 |
|
5 | export class APIAuthUser<T = any> {
|
6 | userID: string;
|
7 | userName: string;
|
8 |
|
9 | extraData?:T;
|
10 | }
|
11 |
|
12 | export class APIAuthCredentials extends APIAuthUser {
|
13 | isAuthenticated: boolean;
|
14 | isExpired: boolean;
|
15 |
|
16 | expires?: Date;
|
17 | refreshToken?: string;
|
18 |
|
19 | rawJWTPayload?: object;
|
20 | }
|
21 |
|
22 | export class APIAuthUtils {
|
23 |
|
24 | static setJWTSessionCookie(res, jwtToken: string, domain: string) {
|
25 | let expiration = new Date(Number(new Date()) + 1.577e+11);
|
26 | res.cookie("session", jwtToken, {domain: domain, expires: expiration, httpOnly: true});
|
27 | }
|
28 |
|
29 | static deleteJWTSessionCookie(res, domain: string) {
|
30 | let expiration = new Date();
|
31 | res.cookie("session", "", {domain: domain, expires: expiration, httpOnly: true});
|
32 | }
|
33 |
|
34 | private static getAuthCredentialsFromJWT(token: string, ignoreExpiration: boolean = true): APIAuthCredentials {
|
35 | let authCreds: APIAuthCredentials = {
|
36 | isAuthenticated: false,
|
37 | isExpired: true,
|
38 | userID: null,
|
39 | userName: null
|
40 | };
|
41 |
|
42 | if (!token) {
|
43 | return authCreds;
|
44 | }
|
45 |
|
46 | try {
|
47 | const decodedAuthToken = jwt.verify(token, APIConfig.JWT_SECRET, {ignoreExpiration});
|
48 | authCreds.isAuthenticated = true;
|
49 | authCreds.userName = decodedAuthToken.u;
|
50 | authCreds.userID = decodedAuthToken.i;
|
51 | authCreds.refreshToken = decodedAuthToken.r;
|
52 | authCreds.extraData = decodedAuthToken.ext;
|
53 | authCreds.rawJWTPayload = decodedAuthToken;
|
54 |
|
55 | if(decodedAuthToken.exp)
|
56 | {
|
57 | authCreds.expires = new Date(decodedAuthToken.exp * 1000);
|
58 | authCreds.isExpired = authCreds.expires <= (new Date());
|
59 | }
|
60 |
|
61 | } catch (err) {
|
62 | }
|
63 |
|
64 | return authCreds;
|
65 | }
|
66 |
|
67 | static getJWTFromRequest(req): string {
|
68 |
|
69 | let token;
|
70 |
|
71 |
|
72 | if (req.cookies) {
|
73 | token = req.cookies.session;
|
74 | }
|
75 |
|
76 | if (isNil(token)) {
|
77 |
|
78 | token = req.get("Authorization");
|
79 |
|
80 | if (!isNil(token)) {
|
81 | token = token.replace(/^Bearer\s/, "");
|
82 | }
|
83 | }
|
84 |
|
85 | return token;
|
86 | }
|
87 |
|
88 | static getAuthCredentialsFromRequest(req, allowExpired: boolean = false): APIAuthCredentials {
|
89 | return APIAuthUtils.getAuthCredentialsFromJWT(APIAuthUtils.getJWTFromRequest(req));
|
90 | }
|
91 |
|
92 | static createJWT(userID: string, username: string, expiresIn: string | number = "1h", refreshToken?: string, extraData?: object): string {
|
93 |
|
94 | let options = undefined;
|
95 |
|
96 | if (expiresIn) {
|
97 | options = {
|
98 | expiresIn: expiresIn
|
99 | }
|
100 | }
|
101 |
|
102 | let payload:any = {
|
103 | i: userID,
|
104 | u: username
|
105 | };
|
106 |
|
107 | if(refreshToken)
|
108 | {
|
109 | payload.r = refreshToken;
|
110 | }
|
111 |
|
112 | if(extraData)
|
113 | {
|
114 | payload.ext = extraData;
|
115 | }
|
116 |
|
117 | return jwt.sign(payload, APIConfig.JWT_SECRET, options);
|
118 | }
|
119 |
|
120 | static getAPIAuthUserFromAuthCredentials<T = any>(authCredentials:APIAuthCredentials):APIAuthUser<T>
|
121 | {
|
122 | return {
|
123 | userID: authCredentials.userID,
|
124 | userName: authCredentials.userName,
|
125 | extraData: authCredentials.extraData
|
126 | };
|
127 | }
|
128 | } |
\ | No newline at end of file |