Add session management
This commit is contained in:
51
src/auth.ts
51
src/auth.ts
@@ -2,8 +2,11 @@ import bcrypt from "bcrypt";
|
||||
import { FastifyReply, FastifyRequest } from "fastify";
|
||||
import { getToken } from "./tokens/token.service";
|
||||
import { Claim } from "./utils/claims";
|
||||
import { OAuth2Namespace } from "@fastify/oauth2";
|
||||
import { getSession } from "./auth/auth.service";
|
||||
|
||||
export type AuthenticatedUser = {
|
||||
sid?: string;
|
||||
userId?: string;
|
||||
tenantId: string;
|
||||
claims: Array<Claim>;
|
||||
@@ -16,6 +19,7 @@ declare module "fastify" {
|
||||
|
||||
export interface FastifyInstance {
|
||||
authorize: (req: FastifyRequest, res: FastifyReply) => Promise<unknown>;
|
||||
microsoftOauth: OAuth2Namespace;
|
||||
}
|
||||
|
||||
export interface FastifyContextConfig {
|
||||
@@ -26,19 +30,46 @@ declare module "fastify" {
|
||||
export async function authHandler(req: FastifyRequest, res: FastifyReply) {
|
||||
if (!req.headers.authorization) return res.code(401).send();
|
||||
|
||||
const [tokenId, token] = req.headers.authorization.split(" ")[1].split(".");
|
||||
if (!tokenId || !token) return res.code(401).send({ error: "invalid token" });
|
||||
const authHeader = req.headers.authorization.split(" ")[1];
|
||||
if (!authHeader || authHeader == "")
|
||||
return res.code(401).send({ error: "invalid_token" });
|
||||
|
||||
const tokenInDb = await getToken(tokenId);
|
||||
if (tokenInDb === null) return res.code(401).send({ error: "invalid token" });
|
||||
if (authHeader.includes(".")) {
|
||||
const [tokenId, token] = authHeader.split(".");
|
||||
if (!tokenId || !token)
|
||||
return res.code(401).send({ error: "invalid_token" });
|
||||
|
||||
const valid = await bcrypt.compare(token, tokenInDb.hash);
|
||||
if (!valid) return res.code(401).send({ error: "invalid token" });
|
||||
const tokenInDb = await getToken(tokenId);
|
||||
if (tokenInDb === null)
|
||||
return res.code(401).send({ error: "invalid_token" });
|
||||
|
||||
req.user = {
|
||||
tenantId: tokenInDb.tenantId,
|
||||
claims: tokenInDb.claims as Array<Claim>,
|
||||
};
|
||||
const valid = await bcrypt.compare(token, tokenInDb.hash);
|
||||
if (!valid) return res.code(401).send({ error: "invalid_token" });
|
||||
|
||||
req.user = {
|
||||
tenantId: tokenInDb.tenantId,
|
||||
claims: tokenInDb.claims as Array<Claim>,
|
||||
};
|
||||
} else {
|
||||
const sessionInDb = await getSession(authHeader);
|
||||
if (sessionInDb === null)
|
||||
return res.code(401).send({ error: "invalid_token" });
|
||||
|
||||
if (new Date() > new Date(sessionInDb.expiresAt)) {
|
||||
await sessionInDb.deleteOne();
|
||||
return res.code(401).send({ error: "session_expired" });
|
||||
}
|
||||
|
||||
req.user = {
|
||||
sid: authHeader,
|
||||
//@ts-ignore
|
||||
userId: sessionInDb.user.id,
|
||||
//@ts-ignore
|
||||
tenantId: sessionInDb.user.tenantId,
|
||||
//@ts-ignore
|
||||
claims: sessionInDb.user.claims,
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
export function hasValidClaims(
|
||||
|
||||
Reference in New Issue
Block a user