auth-server-helper/lib/Authority.ts

/*
 * Copyright (C) Sapphirecode - All Rights Reserved
 * This file is part of Auth-Server-Helper which is released under MIT.
 * See file 'LICENSE' for full license details.
 * Created by Timo Hocker <timo@scode.ovh>, December 2020
 */

import {
  create_salt,
  sign_object,
  verify_signature_get_info
} from '@sapphirecode/crypto-helper';
import keystore from './KeyStore';
import blacklist from './Blacklist';

// eslint-disable-next-line no-shadow
type TokenType = 'access_token'|'refresh_token'|'part_token'|'none'

interface VerificationResult {
  authorized: boolean;
  valid: boolean;
  type: TokenType;
  next_module?: string;
}

interface SignatureResult {
  signature: string;
  id: string;
}

class Authority {
  public verify (key: string): VerificationResult {
    const result: VerificationResult = {
      authorized: false,
      valid:      false,
      type:       'none'
    };
    const data = verify_signature_get_info (
      key,
      (info) => keystore.get_key (info.iat / 1000),
      (info) => info.valid_for * 1000
    );

    if (data === null)
      return result;

    result.type = data.type;

    if (!blacklist.is_valid (data.id))
      return result;

    result.valid = true;
    result.authorized = result.type === 'access_token';
    result.next_module = data.obj;

    return result;
  }

  public sign (
    type: TokenType,
    valid_for: number,
    next_module?: string
  ): SignatureResult {
    const time = Date.now ();
    const key = keystore.get_key (time / 1000, valid_for);
    const attributes = {
      id:  create_salt (),
      iat: time,
      type,
      valid_for
    };
    const signature = sign_object (next_module, key, attributes);
    return { id: attributes.id, signature };
  }
}

const auth = (new Authority);

export default auth;