auth-server-helper/lib/AuthHandler.ts

/*
 * Copyright (C) Sapphirecode - All Rights Reserved
 * This file is part of Auth-Server-Helper which is released under MIT.
 * See file 'LICENSE' for full license details.
 * Created by Timo Hocker <timo@scode.ovh>, January 2021
 */

import { IncomingMessage, ServerResponse } from 'http';
import { to_utf8 } from '@sapphirecode/encoding-helper';
import auth from './Authority';
import { debug } from './debug';

const logger = debug ('auth');

interface AccessSettings {
  access_token_expires_in: number
  include_refresh_token?: boolean
  refresh_token_expires_in?: number
  redirect_to?: string
  data?: unknown,
  leave_open?: boolean
}

interface AccessResult {
  access_token_id: string;
  refresh_token_id?: string;
}

interface AccessResponse {
  token_type: string;
  access_token: string;
  expires_in: number;
  refresh_token?: string;
  refresh_expires_in?: number;
}

type AuthHandler =
  (req: IncomingMessage, res: ServerResponse) => Promise<boolean>;

function build_cookie (name: string, value: string): string {
  return `${name}=${value}; Secure; HttpOnly; SameSite=Strict`;
}

class AuthRequest {
  public request: IncomingMessage;
  public response: ServerResponse;

  public is_basic: boolean;
  public user: string;
  public password: string;

  public is_bearer: boolean;
  public token?: string;
  public token_data?: unknown;
  public token_id?: string;

  public body: string;

  private _cookie_name?: string;
  private _refresh_cookie_name?: string;
  private _is_successful: boolean;

  public get is_successful (): boolean {
    return this._is_successful;
  }

  public constructor (
    req: IncomingMessage,
    res: ServerResponse,
    body: string,
    cookie?: string,
    refresh_cookie?: string
  ) {
    this.request = req;
    this.response = res;
    this.body = body;
    this.is_basic = false;
    this.is_bearer = false;
    this.user = '';
    this.password = '';
    this._cookie_name = cookie;
    this._refresh_cookie_name = refresh_cookie;
    this._is_successful = false;
    logger ('started processing new auth request');
  }

  private default_header (set_content = true) {
    this.response.setHeader ('Cache-Control', 'no-store');
    this.response.setHeader ('Pragma', 'no-cache');
    if (set_content)
      this.response.setHeader ('Content-Type', 'application/json');
  }

  // eslint-disable-next-line max-statements, max-lines-per-function
  public async allow_access ({
    access_token_expires_in,
    include_refresh_token,
    refresh_token_expires_in,
    redirect_to,
    data,
    leave_open
  }: AccessSettings): Promise<AccessResult> {
    logger ('allowed access');
    this.default_header (typeof redirect_to !== 'string' && !leave_open);

    const at = await auth.sign (
      'access_token',
      access_token_expires_in,

      { data }
    );
    const result: AccessResult = { access_token_id: at.id };

    const res: AccessResponse = {
      token_type:   'bearer',
      access_token: at.signature,
      expires_in:   access_token_expires_in
    };

    const cookies = [];

    if (typeof this._cookie_name === 'string')
      cookies.push (build_cookie (this._cookie_name, at.signature));

    if (include_refresh_token) {
      logger ('including refresh token');
      if (typeof refresh_token_expires_in !== 'number')
        throw new Error ('no expiry time defined for refresh tokens');
      const rt = await auth.sign (
        'refresh_token',
        refresh_token_expires_in,
        { data }
      );
      res.refresh_token = rt.signature;
      res.refresh_expires_in = refresh_token_expires_in;
      result.refresh_token_id = rt.id;

      if (typeof this._refresh_cookie_name === 'string')
        // eslint-disable-next-line max-len
        cookies.push (build_cookie (this._refresh_cookie_name, rt.signature));
    }

    if (cookies.length > 0) {
      logger ('sending %d cookies', cookies.length);
      this.response.setHeader (
        'Set-Cookie',
        cookies
      );
    }

    this._is_successful = true;

    if (typeof redirect_to === 'string') {
      logger ('redirecting to %s', redirect_to);
      this.response.setHeader ('Location', redirect_to);
      this.response.statusCode = 302;
      if (!leave_open)
        this.response.end ();
      return result;
    }

    if (!leave_open) {
      logger ('finishing http request');
      this.response.writeHead (200);
      this.response.end (JSON.stringify (res));
    }

    return result;
  }

  public async allow_part (
    part_token_expires_in: number,
    next_module: string,
    data?: Record<string, unknown>,
    leave_open = false
  ): Promise<string> {
    logger ('allowed part token');
    this.default_header ();

    const pt = await auth.sign (
      'part_token',
      part_token_expires_in,
      { next_module, data }
    );

    const res = {
      token_type: 'bearer',
      part_token: pt.signature,
      expires_in: part_token_expires_in
    };

    if (!leave_open) {
      logger ('finishing http request');
      this.response.writeHead (200);
      this.response.end (JSON.stringify (res));
    }

    this._is_successful = true;
    return pt.id;
  }

  public invalid (error_description?: string, leave_open = false): void {
    logger ('rejecting invalid request');
    this.default_header ();
    this.response.statusCode = 400;
    if (!leave_open) {
      logger ('finishing http request');
      this.response.end (JSON.stringify ({
        error: 'invalid_request',
        error_description
      }));
    }
  }

  public deny (leave_open = false): void {
    logger ('denied access');
    this.default_header ();
    this.response.statusCode = 401;
    if (!leave_open) {
      logger ('finishing http request');
      this.response.end (JSON.stringify ({ error: 'invalid_client' }));
    }
  }
}

type AuthRequestHandler = (req: AuthRequest) => Promise<void> | void;

interface CreateHandlerOptions {
  refresh?: AccessSettings;
  modules?: Record<string, AuthRequestHandler>;
  cookie_name?: string;
  refresh_cookie_name?: string;
}

// eslint-disable-next-line max-lines-per-function
function process_request (
  request: AuthRequest,
  token: RegExpExecArray | null,
  default_handler: AuthRequestHandler,
  options?: CreateHandlerOptions
): Promise<void> | void {
  if (token === null)
    return default_handler (request);

  if ((/Basic/ui).test (token?.groups?.type as string)) {
    logger ('found basic login data');
    request.is_basic = true;

    let login = token?.groups?.token as string;
    if (!login.includes (':'))
      login = to_utf8 (login, 'base64');
    const login_data = login.split (':');
    request.user = login_data[0];
    request.password = login_data[1];

    return default_handler (request);
  }

  if ((/Bearer/ui).test (token?.groups?.type as string)) {
    logger ('found bearer login data');
    request.is_bearer = true;
    request.token = token?.groups?.token;

    const token_data = auth.verify (request.token as string);

    if (!token_data.valid)
      return default_handler (request);

    logger ('bearer token is valid');

    request.token_data = token_data.data;
    request.token_id = token_data.id;

    if (
      typeof options !== 'undefined'
      && typeof options.refresh !== 'undefined'
      && token_data.type === 'refresh_token'
    ) {
      logger ('found refresh token, emitting new access token');
      request.allow_access (options.refresh);
      return Promise.resolve ();
    }

    if (
      typeof options !== 'undefined'
      && typeof options.modules !== 'undefined'
      && token_data.type === 'part_token'
      && typeof token_data.next_module !== 'undefined'
      && Object.keys (options.modules)
        .includes (token_data.next_module)
    ) {
      logger ('processing module %s', token_data.next_module);
      return options.modules[token_data.next_module] (request);
    }

    request.invalid ('invalid bearer type');
    return Promise.resolve ();
  }

  logger ('no matching login method, triggering default handler');
  return default_handler (request);
}

// eslint-disable-next-line max-lines-per-function
export default function create_auth_handler (
  default_handler: AuthRequestHandler,
  options?: CreateHandlerOptions
): AuthHandler {
  logger ('creating new auth handler');
  if (
    typeof options?.cookie_name !== 'undefined'
    && options.cookie_name === options.refresh_cookie_name
  )
    throw new Error ('access and refresh cookies cannot have the same name');

  return async (
    req: IncomingMessage,
    res: ServerResponse
  ): Promise<boolean> => {
    const body: string = await new Promise ((resolve) => {
      let data = '';
      req.on ('data', (c) => {
        data += c;
      });
      req.on ('end', () => {
        resolve (data);
      });
    });

    const request = new AuthRequest (
      req,
      res,
      body,
      options?.cookie_name,
      options?.refresh_cookie_name
    );
    const token = (/(?<type>\S+) (?<token>.+)/ui)
      .exec (req.headers.authorization as string);

    await process_request (request, token, default_handler, options);

    return request.is_successful;
  };
}

export {
  AccessSettings,
  AccessResult,
  AccessResponse,
  AuthRequest,
  AuthRequestHandler,
  CreateHandlerOptions,
  AuthHandler
};
complete redesign 2021-01-03 14:51:07 +01:00			`/*`
			`* Copyright (C) Sapphirecode - All Rights Reserved`
			`* This file is part of Auth-Server-Helper which is released under MIT.`
			`* See file 'LICENSE' for full license details.`
			`* Created by Timo Hocker <timo@scode.ovh>, January 2021`
			`*/`

auth handler 2020-12-30 19:39:49 +01:00			`import { IncomingMessage, ServerResponse } from 'http';`
auth handler tests 2021-01-01 14:14:19 +01:00			`import { to_utf8 } from '@sapphirecode/encoding-helper';`
auth handler 2020-12-30 19:39:49 +01:00			`import auth from './Authority';`
add debug logging 2022-01-05 12:32:04 +01:00			`import { debug } from './debug';`

			`const logger = debug ('auth');`
auth handler 2020-12-30 19:39:49 +01:00
			`interface AccessSettings {`
auth handler tests 2021-01-01 14:14:19 +01:00			`access_token_expires_in: number`
auth handler 2020-12-30 19:39:49 +01:00			`include_refresh_token?: boolean`
			`refresh_token_expires_in?: number`
allow immediate redirect on auth 2021-05-10 12:26:56 +02:00			`redirect_to?: string`
fix refresh cookie settings 2022-01-05 08:11:18 +01:00			`data?: unknown,`
flag to leave request open on auth 2022-01-03 16:26:23 +01:00			`leave_open?: boolean`
auth handler 2020-12-30 19:39:49 +01:00			`}`

auth handler tests 2021-01-01 14:14:19 +01:00			`interface AccessResult {`
			`access_token_id: string;`
			`refresh_token_id?: string;`
			`}`

			`interface AccessResponse {`
			`token_type: string;`
			`access_token: string;`
			`expires_in: number;`
			`refresh_token?: string;`
			`refresh_expires_in?: number;`
			`}`

automatic refresh tokens 2022-01-04 21:32:04 +01:00			`type AuthHandler =`
			`(req: IncomingMessage, res: ServerResponse) => Promise<boolean>;`

improved cookie security 2022-01-08 22:10:02 +01:00			`function build_cookie (name: string, value: string): string {`
			return `${name}=${value}; Secure; HttpOnly; SameSite=Strict`;
			`}`

auth handler 2020-12-30 19:39:49 +01:00			`class AuthRequest {`
			`public request: IncomingMessage;`
			`public response: ServerResponse;`

auth handler tests 2021-01-01 14:14:19 +01:00			`public is_basic: boolean;`
			`public user: string;`
			`public password: string;`
allow bearer and other types of authorization in default handler 2021-01-06 11:38:56 +01:00
			`public is_bearer: boolean;`
			`public token?: string;`
fix 2021-01-05 15:59:06 +01:00			`public token_data?: unknown;`
allow attaching of custom data 2021-01-03 15:32:29 +01:00			`public token_id?: string;`
allow bearer and other types of authorization in default handler 2021-01-06 11:38:56 +01:00
complete redesign 2021-01-03 14:51:07 +01:00			`public body: string;`
auth handler tests 2021-01-01 14:14:19 +01:00
			`private _cookie_name?: string;`
automatic refresh tokens 2022-01-04 21:32:04 +01:00			`private _refresh_cookie_name?: string;`
get boolean return from auth handler 2022-01-03 15:40:13 +01:00			`private _is_successful: boolean;`

			`public get is_successful (): boolean {`
			`return this._is_successful;`
			`}`
auth handler tests 2021-01-01 14:14:19 +01:00
			`public constructor (`
			`req: IncomingMessage,`
			`res: ServerResponse,`
complete redesign 2021-01-03 14:51:07 +01:00			`body: string,`
automatic refresh tokens 2022-01-04 21:32:04 +01:00			`cookie?: string,`
			`refresh_cookie?: string`
auth handler tests 2021-01-01 14:14:19 +01:00			`) {`
auth handler 2020-12-30 19:39:49 +01:00			`this.request = req;`
			`this.response = res;`
complete redesign 2021-01-03 14:51:07 +01:00			`this.body = body;`
auth handler tests 2021-01-01 14:14:19 +01:00			`this.is_basic = false;`
allow bearer and other types of authorization in default handler 2021-01-06 11:38:56 +01:00			`this.is_bearer = false;`
auth handler tests 2021-01-01 14:14:19 +01:00			`this.user = '';`
			`this.password = '';`
			`this._cookie_name = cookie;`
automatic refresh tokens 2022-01-04 21:32:04 +01:00			`this._refresh_cookie_name = refresh_cookie;`
get boolean return from auth handler 2022-01-03 15:40:13 +01:00			`this._is_successful = false;`
add debug logging 2022-01-05 12:32:04 +01:00			`logger ('started processing new auth request');`
auth handler 2020-12-30 19:39:49 +01:00			`}`

allow immediate redirect on auth 2021-05-10 12:26:56 +02:00			`private default_header (set_content = true) {`
auth handler 2020-12-30 19:39:49 +01:00			`this.response.setHeader ('Cache-Control', 'no-store');`
			`this.response.setHeader ('Pragma', 'no-cache');`
allow immediate redirect on auth 2021-05-10 12:26:56 +02:00			`if (set_content)`
			`this.response.setHeader ('Content-Type', 'application/json');`
auth handler 2020-12-30 19:39:49 +01:00			`}`

improved cookie security 2022-01-08 22:10:02 +01:00			`// eslint-disable-next-line max-statements, max-lines-per-function`
asymmetric keys 2021-01-06 16:06:03 +01:00			`public async allow_access ({`
auth handler 2020-12-30 19:39:49 +01:00			`access_token_expires_in,`
			`include_refresh_token,`
allow signed data storage 2021-01-03 15:13:03 +01:00			`refresh_token_expires_in,`
allow immediate redirect on auth 2021-05-10 12:26:56 +02:00			`redirect_to,`
flag to leave request open on auth 2022-01-03 16:26:23 +01:00			`data,`
			`leave_open`
asymmetric keys 2021-01-06 16:06:03 +01:00			`}: AccessSettings): Promise<AccessResult> {`
add debug logging 2022-01-05 12:32:04 +01:00			`logger ('allowed access');`
fix unreliable 'successful' flag, don't set content-type on leave_open 2022-01-04 13:39:00 +01:00			`this.default_header (typeof redirect_to !== 'string' && !leave_open);`
auth handler 2020-12-30 19:39:49 +01:00
asymmetric keys 2021-01-06 16:06:03 +01:00			`const at = await auth.sign (`
			`'access_token',`
			`access_token_expires_in,`

			`{ data }`
			`);`
auth handler tests 2021-01-01 14:14:19 +01:00			`const result: AccessResult = { access_token_id: at.id };`

			`const res: AccessResponse = {`
auth handler 2020-12-30 19:39:49 +01:00			`token_type: 'bearer',`
auth handler tests 2021-01-01 14:14:19 +01:00			`access_token: at.signature,`
			`expires_in: access_token_expires_in`
auth handler 2020-12-30 19:39:49 +01:00			`};`

automatic refresh tokens 2022-01-04 21:32:04 +01:00			`const cookies = [];`

			`if (typeof this._cookie_name === 'string')`
improved cookie security 2022-01-08 22:10:02 +01:00			`cookies.push (build_cookie (this._cookie_name, at.signature));`
auth handler tests 2021-01-01 14:14:19 +01:00
auth handler 2020-12-30 19:39:49 +01:00			`if (include_refresh_token) {`
add debug logging 2022-01-05 12:32:04 +01:00			`logger ('including refresh token');`
auth handler tests 2021-01-01 14:14:19 +01:00			`if (typeof refresh_token_expires_in !== 'number')`
			`throw new Error ('no expiry time defined for refresh tokens');`
asymmetric keys 2021-01-06 16:06:03 +01:00			`const rt = await auth.sign (`
allow signed data storage 2021-01-03 15:13:03 +01:00			`'refresh_token',`
			`refresh_token_expires_in,`
			`{ data }`
			`);`
auth handler tests 2021-01-01 14:14:19 +01:00			`res.refresh_token = rt.signature;`
			`res.refresh_expires_in = refresh_token_expires_in;`
			`result.refresh_token_id = rt.id;`
automatic refresh tokens 2022-01-04 21:32:04 +01:00
			`if (typeof this._refresh_cookie_name === 'string')`
improved cookie security 2022-01-08 22:10:02 +01:00			`// eslint-disable-next-line max-len`
			`cookies.push (build_cookie (this._refresh_cookie_name, rt.signature));`
automatic refresh tokens 2022-01-04 21:32:04 +01:00			`}`

			`if (cookies.length > 0) {`
add debug logging 2022-01-05 12:32:04 +01:00			`logger ('sending %d cookies', cookies.length);`
automatic refresh tokens 2022-01-04 21:32:04 +01:00			`this.response.setHeader (`
			`'Set-Cookie',`
			`cookies`
			`);`
auth handler 2020-12-30 19:39:49 +01:00			`}`
allow immediate redirect on auth 2021-05-10 12:26:56 +02:00
fix unreliable 'successful' flag, don't set content-type on leave_open 2022-01-04 13:39:00 +01:00			`this._is_successful = true;`

allow immediate redirect on auth 2021-05-10 12:26:56 +02:00			`if (typeof redirect_to === 'string') {`
add debug logging 2022-01-05 12:32:04 +01:00			`logger ('redirecting to %s', redirect_to);`
allow immediate redirect on auth 2021-05-10 12:26:56 +02:00			`this.response.setHeader ('Location', redirect_to);`
flag to leave request open on auth 2022-01-03 16:26:23 +01:00			`this.response.statusCode = 302;`
			`if (!leave_open)`
			`this.response.end ();`
allow immediate redirect on auth 2021-05-10 12:26:56 +02:00			`return result;`
			`}`

flag to leave request open on auth 2022-01-03 16:26:23 +01:00			`if (!leave_open) {`
add debug logging 2022-01-05 12:32:04 +01:00			`logger ('finishing http request');`
flag to leave request open on auth 2022-01-03 16:26:23 +01:00			`this.response.writeHead (200);`
			`this.response.end (JSON.stringify (res));`
			`}`
auth handler tests 2021-01-01 14:14:19 +01:00
			`return result;`
auth handler 2020-12-30 19:39:49 +01:00			`}`

asymmetric keys 2021-01-06 16:06:03 +01:00			`public async allow_part (`
allow signed data storage 2021-01-03 15:13:03 +01:00			`part_token_expires_in: number,`
			`next_module: string,`
flag to leave request open on auth 2022-01-03 16:26:23 +01:00			`data?: Record<string, unknown>,`
			`leave_open = false`
asymmetric keys 2021-01-06 16:06:03 +01:00			`): Promise<string> {`
add debug logging 2022-01-05 12:32:04 +01:00			`logger ('allowed part token');`
complete redesign 2021-01-03 14:51:07 +01:00			`this.default_header ();`

asymmetric keys 2021-01-06 16:06:03 +01:00			`const pt = await auth.sign (`
allow signed data storage 2021-01-03 15:13:03 +01:00			`'part_token',`
			`part_token_expires_in,`
			`{ next_module, data }`
			`);`
complete redesign 2021-01-03 14:51:07 +01:00
			`const res = {`
			`token_type: 'bearer',`
			`part_token: pt.signature,`
			`expires_in: part_token_expires_in`
			`};`

flag to leave request open on auth 2022-01-03 16:26:23 +01:00			`if (!leave_open) {`
add debug logging 2022-01-05 12:32:04 +01:00			`logger ('finishing http request');`
flag to leave request open on auth 2022-01-03 16:26:23 +01:00			`this.response.writeHead (200);`
			`this.response.end (JSON.stringify (res));`
			`}`
complete redesign 2021-01-03 14:51:07 +01:00
get boolean return from auth handler 2022-01-03 15:40:13 +01:00			`this._is_successful = true;`
complete redesign 2021-01-03 14:51:07 +01:00			`return pt.id;`
			`}`

flag to leave request open on auth 2022-01-03 16:26:23 +01:00			`public invalid (error_description?: string, leave_open = false): void {`
add debug logging 2022-01-05 12:32:04 +01:00			`logger ('rejecting invalid request');`
auth handler 2020-12-30 19:39:49 +01:00			`this.default_header ();`
flag to leave request open on auth 2022-01-03 16:26:23 +01:00			`this.response.statusCode = 400;`
			`if (!leave_open) {`
add debug logging 2022-01-05 12:32:04 +01:00			`logger ('finishing http request');`
flag to leave request open on auth 2022-01-03 16:26:23 +01:00			`this.response.end (JSON.stringify ({`
			`error: 'invalid_request',`
			`error_description`
			`}));`
			`}`
auth handler 2020-12-30 19:39:49 +01:00			`}`

flag to leave request open on auth 2022-01-03 16:26:23 +01:00			`public deny (leave_open = false): void {`
add debug logging 2022-01-05 12:32:04 +01:00			`logger ('denied access');`
auth handler 2020-12-30 19:39:49 +01:00			`this.default_header ();`
flag to leave request open on auth 2022-01-03 16:26:23 +01:00			`this.response.statusCode = 401;`
add debug logging 2022-01-05 12:32:04 +01:00			`if (!leave_open) {`
			`logger ('finishing http request');`
flag to leave request open on auth 2022-01-03 16:26:23 +01:00			`this.response.end (JSON.stringify ({ error: 'invalid_client' }));`
add debug logging 2022-01-05 12:32:04 +01:00			`}`
auth handler 2020-12-30 19:39:49 +01:00			`}`
			`}`

allow immediate redirect on auth 2021-05-10 12:26:56 +02:00			`type AuthRequestHandler = (req: AuthRequest) => Promise<void> \| void;`
auth handler 2020-12-30 19:39:49 +01:00
			`interface CreateHandlerOptions {`
			`refresh?: AccessSettings;`
			`modules?: Record<string, AuthRequestHandler>;`
auth handler tests 2021-01-01 14:14:19 +01:00			`cookie_name?: string;`
automatic refresh tokens 2022-01-04 21:32:04 +01:00			`refresh_cookie_name?: string;`
auth handler 2020-12-30 19:39:49 +01:00			`}`

get boolean return from auth handler 2022-01-03 15:40:13 +01:00			`// eslint-disable-next-line max-lines-per-function`
			`function process_request (`
			`request: AuthRequest,`
			`token: RegExpExecArray \| null,`
			`default_handler: AuthRequestHandler,`
			`options?: CreateHandlerOptions`
			`): Promise<void> \| void {`
			`if (token === null)`
			`return default_handler (request);`

			`if ((/Basic/ui).test (token?.groups?.type as string)) {`
add debug logging 2022-01-05 12:32:04 +01:00			`logger ('found basic login data');`
get boolean return from auth handler 2022-01-03 15:40:13 +01:00			`request.is_basic = true;`

			`let login = token?.groups?.token as string;`
			`if (!login.includes (':'))`
			`login = to_utf8 (login, 'base64');`
			`const login_data = login.split (':');`
			`request.user = login_data[0];`
			`request.password = login_data[1];`

			`return default_handler (request);`
			`}`

			`if ((/Bearer/ui).test (token?.groups?.type as string)) {`
add debug logging 2022-01-05 12:32:04 +01:00			`logger ('found bearer login data');`
get boolean return from auth handler 2022-01-03 15:40:13 +01:00			`request.is_bearer = true;`
			`request.token = token?.groups?.token;`

			`const token_data = auth.verify (request.token as string);`

			`if (!token_data.valid)`
			`return default_handler (request);`

add debug logging 2022-01-05 12:32:04 +01:00			`logger ('bearer token is valid');`

get boolean return from auth handler 2022-01-03 15:40:13 +01:00			`request.token_data = token_data.data;`
			`request.token_id = token_data.id;`

			`if (`
			`typeof options !== 'undefined'`
			`&& typeof options.refresh !== 'undefined'`
			`&& token_data.type === 'refresh_token'`
			`) {`
add debug logging 2022-01-05 12:32:04 +01:00			`logger ('found refresh token, emitting new access token');`
get boolean return from auth handler 2022-01-03 15:40:13 +01:00			`request.allow_access (options.refresh);`
			`return Promise.resolve ();`
			`}`

			`if (`
			`typeof options !== 'undefined'`
			`&& typeof options.modules !== 'undefined'`
			`&& token_data.type === 'part_token'`
			`&& typeof token_data.next_module !== 'undefined'`
			`&& Object.keys (options.modules)`
			`.includes (token_data.next_module)`
add debug logging 2022-01-05 12:32:04 +01:00			`) {`
			`logger ('processing module %s', token_data.next_module);`
get boolean return from auth handler 2022-01-03 15:40:13 +01:00			`return options.modules[token_data.next_module] (request);`
add debug logging 2022-01-05 12:32:04 +01:00			`}`
get boolean return from auth handler 2022-01-03 15:40:13 +01:00
			`request.invalid ('invalid bearer type');`
			`return Promise.resolve ();`
			`}`

add debug logging 2022-01-05 12:32:04 +01:00			`logger ('no matching login method, triggering default handler');`
get boolean return from auth handler 2022-01-03 15:40:13 +01:00			`return default_handler (request);`
			`}`

auth handler tests 2021-01-01 14:14:19 +01:00			`// eslint-disable-next-line max-lines-per-function`
auth handler 2020-12-30 19:39:49 +01:00			`export default function create_auth_handler (`
			`default_handler: AuthRequestHandler,`
auth handler tests 2021-01-01 14:14:19 +01:00			`options?: CreateHandlerOptions`
automatic refresh tokens 2022-01-04 21:32:04 +01:00			`): AuthHandler {`
add debug logging 2022-01-05 12:32:04 +01:00			`logger ('creating new auth handler');`
automatic refresh tokens 2022-01-04 21:32:04 +01:00			`if (`
			`typeof options?.cookie_name !== 'undefined'`
			`&& options.cookie_name === options.refresh_cookie_name`
			`)`
			`throw new Error ('access and refresh cookies cannot have the same name');`

get boolean return from auth handler 2022-01-03 15:40:13 +01:00			`return async (`
auth handler 2020-12-30 19:39:49 +01:00			`req: IncomingMessage,`
			`res: ServerResponse`
get boolean return from auth handler 2022-01-03 15:40:13 +01:00			`): Promise<boolean> => {`
complete redesign 2021-01-03 14:51:07 +01:00			`const body: string = await new Promise ((resolve) => {`
			`let data = '';`
			`req.on ('data', (c) => {`
			`data += c;`
			`});`
			`req.on ('end', () => {`
			`resolve (data);`
			`});`
			`});`

automatic refresh tokens 2022-01-04 21:32:04 +01:00			`const request = new AuthRequest (`
			`req,`
			`res,`
			`body,`
			`options?.cookie_name,`
			`options?.refresh_cookie_name`
			`);`
auth handler tests 2021-01-01 14:14:19 +01:00			`const token = (/(?<type>\S+) (?<token>.+)/ui)`
			`.exec (req.headers.authorization as string);`

fix promise not being awaited 2022-01-04 15:01:33 +01:00			`await process_request (request, token, default_handler, options);`
auth handler tests 2021-01-01 14:14:19 +01:00
get boolean return from auth handler 2022-01-03 15:40:13 +01:00			`return request.is_successful;`
auth handler 2020-12-30 19:39:49 +01:00			`};`
			`}`
fix 2021-01-05 22:10:41 +01:00
			`export {`
			`AccessSettings,`
			`AccessResult,`
			`AccessResponse,`
			`AuthRequest,`
			`AuthRequestHandler,`
automatic refresh tokens 2022-01-04 21:32:04 +01:00			`CreateHandlerOptions,`
			`AuthHandler`
fix 2021-01-05 22:10:41 +01:00			`};`