auth-server-helper/lib/Blacklist.ts

/*
 * Copyright (C) Sapphirecode - All Rights Reserved
 * This file is part of Auth-Server-Helper which is released under MIT.
 * See file 'LICENSE' for full license details.
 * Created by Timo Hocker <timo@scode.ovh>, December 2020
 */

import { debug } from './debug';
import { redis_blacklist_store } from './RedisData/RedisBlacklistStore';
import { parse_token_id } from './token_id';

const logger = debug ('blacklist');

interface Signature {
  token_id: string;
  iat: number;
  valid_until: Date;
}

interface ExportedSignature {
  token_id: string;
  iat: number;
}

class Blacklist {
  private _signatures: Signature[];
  private _interval: NodeJS.Timeout;

  public constructor () {
    this._signatures = [];
    this._interval = setInterval (
      this.garbage_collect.bind (this),
      3600000
    );
  }

  public async clear (
    before: number = Number.POSITIVE_INFINITY
  ): Promise<void> {
    logger.extend ('clear') ('clearing blacklist');
    for (let i = this._signatures.length - 1; i >= 0; i--) {
      if (this._signatures[i].iat < before) {
        // eslint-disable-next-line no-await-in-loop
        await this.remove_signature (i);
      }
    }
  }

  public async add_signature (token_id: string): Promise<void> {
    logger.extend ('add_signature') ('blacklisting signature %s', token_id);
    const parsed = parse_token_id (token_id);
    this._signatures.push ({
      iat:         Date.now (),
      token_id,
      valid_until: parsed.valid_until
    });
    await redis_blacklist_store.add (token_id, parsed.valid_until);
  }

  public async remove_signature (signature: number | string): Promise<void> {
    const log = logger.extend ('remove_signature');
    log ('removing signature from blacklist %s', signature);
    let key = '';
    if (typeof signature === 'string') {
      log ('received string, searching through signatures');
      key = signature;
      for (let i = this._signatures.length - 1; i >= 0; i--) {
        if (this._signatures[i].token_id === signature) {
          log ('removing sigature %s at %d', signature, i);
          this._signatures.splice (i, 1);
        }
      }
    }
    else {
      log (
        'received index, removing signature %s at index %s',
        this._signatures[signature].token_id,
        signature
      );

      key = this._signatures[signature].token_id;
      this._signatures.splice (signature, 1);
    }
    await redis_blacklist_store.remove (key);
  }

  public async is_valid (hash: string): Promise<boolean> {
    const log = logger.extend ('is_valid');
    log ('checking signature for blacklist entry %s', hash);
    for (const sig of this._signatures) {
      if (sig.token_id === hash) {
        log ('found matching blacklist entry');
        return false;
      }
    }

    log ('signature is not blacklisted locally, checking redis');
    if (await redis_blacklist_store.get (hash)) {
      log ('signature is blacklisted in redis');
      return false;
    }

    log ('signature is not blacklisted');
    return true;
  }

  public export_blacklist (): ExportedSignature[] {
    logger.extend ('export_blacklist') ('exporting blacklist');
    return this._signatures.map ((v) => ({
      iat:      v.iat,
      token_id: v.token_id
    }));
  }

  public import_blacklist (data: ExportedSignature[]): void {
    logger.extend ('import_blacklist') (
      'importing %d blacklist entries',
      data.length
    );
    for (const token of data) {
      const parsed = parse_token_id (token.token_id);
      this._signatures.push ({
        token_id:    token.token_id,
        iat:         token.iat,
        valid_until: parsed.valid_until
      });
    }
  }

  public sync_redis (url: string): void {
    redis_blacklist_store.connect (url);
  }

  private async garbage_collect (): Promise<void> {
    const log = logger.extend ('garbage_collect');
    const time = new Date;
    log ('removing signatures expired before', time);
    for (let i = this._signatures.length - 1; i >= 0; i--) {
      if (this._signatures[i].valid_until < time) {
        log ('signature %s expired', this._signatures[i].token_id);
        await this.remove_signature (i);
      }
    }
  }
}

const bl = (new Blacklist);

export { Blacklist };
export default bl;
improve signature structure, more tests 2020-12-13 13:37:11 +01:00			`/*`
			`* Copyright (C) Sapphirecode - All Rights Reserved`
			`* This file is part of Auth-Server-Helper which is released under MIT.`
			`* See file 'LICENSE' for full license details.`
			`* Created by Timo Hocker <timo@scode.ovh>, December 2020`
			`*/`

add debug logging 2022-01-05 12:32:04 +01:00			`import { debug } from './debug';`
blacklist sync 2022-08-27 16:39:07 +02:00			`import { redis_blacklist_store } from './RedisData/RedisBlacklistStore';`
blacklist with automatic garbage collector 2022-09-09 15:49:53 +02:00			`import { parse_token_id } from './token_id';`
add debug logging 2022-01-05 12:32:04 +01:00
			`const logger = debug ('blacklist');`

blacklist, gateway 2020-12-12 15:53:47 +01:00			`interface Signature {`
blacklist with automatic garbage collector 2022-09-09 15:49:53 +02:00			`token_id: string;`
			`iat: number;`
			`valid_until: Date;`
			`}`

			`interface ExportedSignature {`
			`token_id: string;`
clearing instances 2021-01-15 14:45:05 +01:00			`iat: number;`
blacklist, gateway 2020-12-12 15:53:47 +01:00			`}`

			`class Blacklist {`
			`private _signatures: Signature[];`
blacklist with automatic garbage collector 2022-09-09 15:49:53 +02:00			`private _interval: NodeJS.Timeout;`
blacklist, gateway 2020-12-12 15:53:47 +01:00
			`public constructor () {`
			`this._signatures = [];`
blacklist with automatic garbage collector 2022-09-09 15:49:53 +02:00			`this._interval = setInterval (`
			`this.garbage_collect.bind (this),`
			`3600000`
			`);`
blacklist, gateway 2020-12-12 15:53:47 +01:00			`}`

blacklist sync 2022-08-27 16:39:07 +02:00			`public async clear (`
			`before: number = Number.POSITIVE_INFINITY`
			`): Promise<void> {`
improve debug, redis storage structure 2022-08-15 17:33:25 +02:00			`logger.extend ('clear') ('clearing blacklist');`
blacklist, gateway 2020-12-12 15:53:47 +01:00			`for (let i = this._signatures.length - 1; i >= 0; i--) {`
blacklist sync 2022-08-27 16:39:07 +02:00			`if (this._signatures[i].iat < before) {`
			`// eslint-disable-next-line no-await-in-loop`
			`await this.remove_signature (i);`
			`}`
blacklist, gateway 2020-12-12 15:53:47 +01:00			`}`
			`}`

blacklist with automatic garbage collector 2022-09-09 15:49:53 +02:00			`public async add_signature (token_id: string): Promise<void> {`
			`logger.extend ('add_signature') ('blacklisting signature %s', token_id);`
			`const parsed = parse_token_id (token_id);`
			`this._signatures.push ({`
			`iat: Date.now (),`
			`token_id,`
			`valid_until: parsed.valid_until`
			`});`
			`await redis_blacklist_store.add (token_id, parsed.valid_until);`
blacklist, gateway 2020-12-12 15:53:47 +01:00			`}`

blacklist sync 2022-08-27 16:39:07 +02:00			`public async remove_signature (signature: number \| string): Promise<void> {`
improve debug, redis storage structure 2022-08-15 17:33:25 +02:00			`const log = logger.extend ('remove_signature');`
			`log ('removing signature from blacklist %s', signature);`
blacklist sync 2022-08-27 16:39:07 +02:00			`let key = '';`
improve debug, redis storage structure 2022-08-15 17:33:25 +02:00			`if (typeof signature === 'string') {`
			`log ('received string, searching through signatures');`
blacklist sync 2022-08-27 16:39:07 +02:00			`key = signature;`
improve debug, redis storage structure 2022-08-15 17:33:25 +02:00			`for (let i = this._signatures.length - 1; i >= 0; i--) {`
blacklist with automatic garbage collector 2022-09-09 15:49:53 +02:00			`if (this._signatures[i].token_id === signature) {`
			`log ('removing sigature %s at %d', signature, i);`
improve debug, redis storage structure 2022-08-15 17:33:25 +02:00			`this._signatures.splice (i, 1);`
blacklist with automatic garbage collector 2022-09-09 15:49:53 +02:00			`}`
improve debug, redis storage structure 2022-08-15 17:33:25 +02:00			`}`
			`}`
			`else {`
blacklist with automatic garbage collector 2022-09-09 15:49:53 +02:00			`log (`
			`'received index, removing signature %s at index %s',`
			`this._signatures[signature].token_id,`
			`signature`
			`);`

			`key = this._signatures[signature].token_id;`
improve debug, redis storage structure 2022-08-15 17:33:25 +02:00			`this._signatures.splice (signature, 1);`
blacklist, gateway 2020-12-12 15:53:47 +01:00			`}`
blacklist sync 2022-08-27 16:39:07 +02:00			`await redis_blacklist_store.remove (key);`
blacklist, gateway 2020-12-12 15:53:47 +01:00			`}`

blacklist sync 2022-08-27 16:39:07 +02:00			`public async is_valid (hash: string): Promise<boolean> {`
improve debug, redis storage structure 2022-08-15 17:33:25 +02:00			`const log = logger.extend ('is_valid');`
			`log ('checking signature for blacklist entry %s', hash);`
blacklist, gateway 2020-12-12 15:53:47 +01:00			`for (const sig of this._signatures) {`
blacklist with automatic garbage collector 2022-09-09 15:49:53 +02:00			`if (sig.token_id === hash) {`
improve debug, redis storage structure 2022-08-15 17:33:25 +02:00			`log ('found matching blacklist entry');`
blacklist, gateway 2020-12-12 15:53:47 +01:00			`return false;`
add debug logging 2022-01-05 12:32:04 +01:00			`}`
blacklist, gateway 2020-12-12 15:53:47 +01:00			`}`

blacklist sync 2022-08-27 16:39:07 +02:00			`log ('signature is not blacklisted locally, checking redis');`
			`if (await redis_blacklist_store.get (hash)) {`
			`log ('signature is blacklisted in redis');`
			`return false;`
			`}`

improve debug, redis storage structure 2022-08-15 17:33:25 +02:00			`log ('signature is not blacklisted');`
blacklist, gateway 2020-12-12 15:53:47 +01:00			`return true;`
			`}`
blacklist import export 2021-01-09 12:20:14 +01:00
blacklist with automatic garbage collector 2022-09-09 15:49:53 +02:00			`public export_blacklist (): ExportedSignature[] {`
improve debug, redis storage structure 2022-08-15 17:33:25 +02:00			`logger.extend ('export_blacklist') ('exporting blacklist');`
blacklist with automatic garbage collector 2022-09-09 15:49:53 +02:00			`return this._signatures.map ((v) => ({`
			`iat: v.iat,`
			`token_id: v.token_id`
			`}));`
blacklist import export 2021-01-09 12:20:14 +01:00			`}`

blacklist with automatic garbage collector 2022-09-09 15:49:53 +02:00			`public import_blacklist (data: ExportedSignature[]): void {`
improve debug, redis storage structure 2022-08-15 17:33:25 +02:00			`logger.extend ('import_blacklist') (`
			`'importing %d blacklist entries',`
			`data.length`
			`);`
blacklist with automatic garbage collector 2022-09-09 15:49:53 +02:00			`for (const token of data) {`
			`const parsed = parse_token_id (token.token_id);`
			`this._signatures.push ({`
			`token_id: token.token_id,`
			`iat: token.iat,`
			`valid_until: parsed.valid_until`
			`});`
			`}`
blacklist import export 2021-01-09 12:20:14 +01:00			`}`
blacklist sync 2022-08-27 16:39:07 +02:00
			`public sync_redis (url: string): void {`
			`redis_blacklist_store.connect (url);`
			`}`
blacklist with automatic garbage collector 2022-09-09 15:49:53 +02:00
			`private async garbage_collect (): Promise<void> {`
			`const log = logger.extend ('garbage_collect');`
			`const time = new Date;`
			`log ('removing signatures expired before', time);`
			`for (let i = this._signatures.length - 1; i >= 0; i--) {`
			`if (this._signatures[i].valid_until < time) {`
			`log ('signature %s expired', this._signatures[i].token_id);`
			`await this.remove_signature (i);`
			`}`
			`}`
			`}`
blacklist, gateway 2020-12-12 15:53:47 +01:00			`}`

			`const bl = (new Blacklist);`
package 2021-01-05 17:06:35 +01:00
			`export { Blacklist };`
blacklist, gateway 2020-12-12 15:53:47 +01:00			`export default bl;`