1 |
|
2 |
|
3 |
|
4 | declare var require: any;
|
5 |
|
6 |
|
7 | import jwt from 'jsonwebtoken';
|
8 |
|
9 | import {getBasename} from '../libs/iso-libs';
|
10 |
|
11 |
|
12 |
|
13 |
|
14 | export const IC_WEB_TOKEN = "IC_WEB_TOKEN";
|
15 |
|
16 |
|
17 |
|
18 |
|
19 |
|
20 | export const IC_USER_ID = 'IC_USER_ID';
|
21 |
|
22 | export const EMAIL_CONFIRMATION_PARAM = "confirmationtoken";
|
23 | export const EMAIL_PARAM = "email";
|
24 | export const PASSWORD_PARAM = "password";
|
25 |
|
26 | export const AUTH_STATUS = {
|
27 | PENDING: "pending",
|
28 | ACTIVE: "active"
|
29 | }
|
30 |
|
31 |
|
32 |
|
33 |
|
34 |
|
35 |
|
36 |
|
37 |
|
38 |
|
39 |
|
40 |
|
41 |
|
42 | export const createAuthMiddleware = (clientSecret, onAuthenticated: (userid:string) => void) => (req, res, next) => {
|
43 |
|
44 | console.log("createAuthMiddleware", req.universalCookies);
|
45 |
|
46 | const webtoken = req.universalCookies.get(IC_WEB_TOKEN);
|
47 | const userId = req.universalCookies.get(IC_USER_ID);
|
48 |
|
49 | if (webtoken !== undefined && userId !== undefined) {
|
50 | console.log("webtoken: ", webtoken);
|
51 | console.log("userId: ", userId);
|
52 |
|
53 | try {
|
54 | const decoded = jwt.verify(webtoken, clientSecret);
|
55 | if (decoded !== undefined) {
|
56 |
|
57 | const { id } = decoded;
|
58 |
|
59 | console.log("id: ", id);
|
60 |
|
61 |
|
62 | if (id.toString() === userId.toString()) {
|
63 |
|
64 | console.log("token matches :-)")
|
65 | onAuthenticated(id.toString());
|
66 | return next();
|
67 | }
|
68 |
|
69 | }
|
70 | return next("UserId in Token does not match UserId in cookie");
|
71 |
|
72 | } catch(err) {
|
73 | return next(err);
|
74 |
|
75 | }
|
76 |
|
77 | } else {
|
78 | return next('No token present!');
|
79 |
|
80 | }
|
81 |
|
82 |
|
83 |
|
84 |
|
85 | };
|
86 |
|
87 | export interface IUserData {
|
88 | id: string | undefined,
|
89 | name: string | undefined,
|
90 | username: string | undefined,
|
91 | imageUrl: string | undefined,
|
92 | email: string | undefined,
|
93 | access_token: string | undefined,
|
94 | encrypted_password?: string,
|
95 | status?: string
|
96 | }
|
97 |
|
98 | const getEncryptedAccessToken = (id, clientSecret, access_token) => {
|
99 |
|
100 | const today = new Date();
|
101 | const expirationDate = new Date(today);
|
102 | expirationDate.setDate(today.getDate() + 60);
|
103 |
|
104 |
|
105 | const webtoken = jwt.sign({
|
106 | id: id,
|
107 | exp: expirationDate.getTime() / 1000,
|
108 | }, clientSecret);
|
109 |
|
110 |
|
111 | const encryptedAccessToken = jwt.sign({
|
112 | id: id,
|
113 | accessToken: access_token,
|
114 | exp: expirationDate.getTime() / 1000,
|
115 | }, webtoken);
|
116 |
|
117 | return {
|
118 | webtoken: webtoken,
|
119 | encryptedAccessToken: encryptedAccessToken
|
120 | };
|
121 | };
|
122 |
|
123 |
|
124 |
|
125 |
|
126 |
|
127 |
|
128 |
|
129 |
|
130 |
|
131 |
|
132 |
|
133 | export const createCallbackMiddleware = (
|
134 | clientSecret,
|
135 | fetchAccessToken: (req: any) => any,
|
136 | getUserData: (resJson: any) => Promise<IUserData>,
|
137 | storeAuthData: (request: any, key: string, val: any, jsonData: any) => void,
|
138 | getAuthData: (request: any, matchBrowserIdentity: boolean, key: string, val: any) => any
|
139 | ) => async function (req, res, next) {
|
140 |
|
141 | const path = require('path');
|
142 |
|
143 | console.log("THIS IS THE AUTH CALLBACK");
|
144 |
|
145 |
|
146 |
|
147 | const email_confirmation = req.query[EMAIL_CONFIRMATION_PARAM];
|
148 | const email_param = req.query[EMAIL_PARAM];
|
149 | const password_param = req.query[PASSWORD_PARAM];
|
150 | const page = req.query["page"];
|
151 |
|
152 | console.log("received params: ", email_confirmation, email_param, password_param);
|
153 |
|
154 | if (email_param) {
|
155 |
|
156 |
|
157 | const authDataList = await getAuthData(
|
158 | req,
|
159 | false,
|
160 | IC_USER_ID,
|
161 | email_param
|
162 | );
|
163 |
|
164 | console.log("retrieved auth-data-list: ", authDataList);
|
165 |
|
166 |
|
167 | const parsedAuthDataList = authDataList.map(raw=> JSON.parse(raw.jsonData));
|
168 |
|
169 |
|
170 | if (password_param !== undefined && parsedAuthDataList.length > 0) {
|
171 |
|
172 | const authData = parsedAuthDataList
|
173 | .reduce((result, cur) => result !== undefined ? result : (
|
174 |
|
175 | cur.encrypted_password === password_param ? cur: undefined
|
176 | ), undefined);
|
177 |
|
178 | if (authData !== undefined) {
|
179 |
|
180 |
|
181 | const { webtoken, encryptedAccessToken } = getEncryptedAccessToken(email_param, clientSecret, password_param);
|
182 |
|
183 |
|
184 | const storeResult = await storeAuthData(
|
185 | req,
|
186 | IC_USER_ID,
|
187 | email_param,
|
188 | Object.assign({}, authData, {
|
189 | encryptedAccessToken: encryptedAccessToken
|
190 | })
|
191 | );
|
192 |
|
193 |
|
194 | req.universalCookies.set(IC_WEB_TOKEN, webtoken, { path: '/' });
|
195 | req.universalCookies.set(IC_USER_ID, email_param, { path: '/' });
|
196 |
|
197 |
|
198 | console.log("store password verified result: ", storeResult);
|
199 |
|
200 | res.redirect(`${path.join(getBasename(), page !== undefined ? page : "/")}?message=success`);
|
201 |
|
202 |
|
203 | } else {
|
204 | console.log ("could not verify password, ", password_param,email_param);
|
205 | return next("login failure");
|
206 | }
|
207 |
|
208 | return;
|
209 |
|
210 | } else if (email_confirmation && parsedAuthDataList.length > 0) {
|
211 |
|
212 |
|
213 | const authData = parsedAuthDataList
|
214 | .reduce((result, cur) => result !== undefined ? result : (
|
215 | cur.encryptedAccessToken === email_confirmation ? cur: undefined
|
216 | ), undefined);
|
217 |
|
218 | console.log("retrieved auth-data: ", authData);
|
219 |
|
220 | if (authData !== undefined) {
|
221 |
|
222 | const { webtoken, encryptedAccessToken } = getEncryptedAccessToken(email_param, clientSecret, email_confirmation);
|
223 |
|
224 |
|
225 |
|
226 | const storeResult = await storeAuthData(
|
227 | req,
|
228 | IC_USER_ID,
|
229 | email_param,
|
230 | Object.assign({}, authData, {
|
231 | status: AUTH_STATUS.ACTIVE,
|
232 | encryptedAccessToken: encryptedAccessToken
|
233 | })
|
234 | );
|
235 |
|
236 | console.log("webtoken: ", webtoken, email_param)
|
237 |
|
238 | req.universalCookies.set(IC_WEB_TOKEN, webtoken, { path: '/' });
|
239 | req.universalCookies.set(IC_USER_ID, email_param, { path: '/' });
|
240 |
|
241 | console.log("store email verified result: ", storeResult);
|
242 |
|
243 | res.redirect(`${path.join(getBasename(), page !== undefined ? page : "/")}?message=mailverified`);
|
244 |
|
245 |
|
246 | } else {
|
247 | console.log ("could not verify access token, ", email_confirmation,email_param);
|
248 |
|
249 | return next("access token is wrong");
|
250 | }
|
251 | return;
|
252 | }
|
253 |
|
254 | }
|
255 |
|
256 | const { redirectPage, fFetch } = fetchAccessToken(req);
|
257 |
|
258 |
|
259 | console.log("redirect to: ", redirectPage);
|
260 | req["redirectPage"] = redirectPage;
|
261 |
|
262 |
|
263 | await fFetch().then(async function(resJson) {
|
264 |
|
265 |
|
266 |
|
267 |
|
268 | await getUserData(resJson).then(async function(data) {
|
269 | console.log("get user data: ", JSON.stringify(data));
|
270 |
|
271 | const {id, name, username, imageUrl, access_token, email, status } = data;
|
272 |
|
273 | console.log("id: ", id);
|
274 | console.log("name: ", name);
|
275 |
|
276 | const { webtoken, encryptedAccessToken } = getEncryptedAccessToken(id, clientSecret, access_token);
|
277 |
|
278 |
|
279 |
|
280 |
|
281 |
|
282 |
|
283 |
|
284 |
|
285 | const storeResult = await storeAuthData(
|
286 | req,
|
287 | IC_USER_ID,
|
288 | id,
|
289 | Object.assign({
|
290 | |
291 |
|
292 | encryptedAccessToken: status === AUTH_STATUS.ACTIVE ? encryptedAccessToken : access_token,
|
293 | name: name,
|
294 | username: username,
|
295 | imageUrl: imageUrl,
|
296 | email: email,
|
297 | status: status,
|
298 |
|
299 | }, password_param ? {
|
300 | encrypted_password: password_param
|
301 | } : {})
|
302 | );
|
303 |
|
304 | console.log("storeResult: ", storeResult);
|
305 |
|
306 |
|
307 |
|
308 | if (status === AUTH_STATUS.ACTIVE) {
|
309 | req.universalCookies.set(IC_WEB_TOKEN, webtoken, { path: '/' });
|
310 | req.universalCookies.set(IC_USER_ID, id, { path: '/' });
|
311 |
|
312 | }
|
313 |
|
314 |
|
315 | console.log("done")
|
316 | res.redirect(path.join(getBasename(), redirectPage));
|
317 | return;
|
318 | });
|
319 |
|
320 | });
|
321 |
|
322 |
|
323 | }; |
\ | No newline at end of file |