auth-server-helper/lib/Authority.ts

/*
 * Copyright (C) Sapphirecode - All Rights Reserved
 * This file is part of Auth-Server-Helper which is released under MIT.
 * See file 'LICENSE' for full license details.
 * Created by Timo Hocker <timo@scode.ovh>, December 2020
 */

import {
  create_salt,
  sign_object,
  verify_signature_get_info
} from '@sapphirecode/crypto-helper';
import keystore from './KeyStore';
import blacklist from './Blacklist';

// eslint-disable-next-line no-shadow
type TokenType = 'access_token'|'refresh_token'|'part_token'|'none'

interface VerificationResult {
  authorized: boolean;
  valid: boolean;
  type: TokenType;
  id: string;
  next_module?: string;
  data?: unknown;
  error?: string;
}

interface SignatureResult {
  signature: string;
  id: string;
}

interface SignatureOptions
{
  data?: unknown
  next_module?: string
}

class Authority {
  public verify (key: string): VerificationResult {
    const result: VerificationResult = {
      authorized: false,
      valid:      false,
      type:       'none',
      id:         ''
    };
    const data = verify_signature_get_info (
      key,
      (info) => {
        try {
          return keystore.get_key (info.iat / 1000, info.iss);
        }
        catch {
          return '';
        }
      },
      (info) => info.valid_for * 1000
    );

    if (data === null) {
      result.error = 'invalid signature';
      return result;
    }

    result.id = data.id;
    result.type = data.type;

    if (!blacklist.is_valid (data.id)) {
      result.error = 'blacklisted';
      return result;
    }

    result.valid = true;
    result.authorized = result.type === 'access_token';
    result.next_module = data.next_module;
    result.data = data.obj;

    return result;
  }

  public async sign (
    type: TokenType,
    valid_for: number,
    options?: SignatureOptions
  ): Promise<SignatureResult> {
    const time = Date.now ();
    const key = await keystore.get_sign_key (time / 1000, valid_for);
    const attributes = {
      id:          create_salt (),
      iat:         time,
      iss:         keystore.instance_id,
      type,
      valid_for,
      next_module: options?.next_module
    };
    const signature = sign_object (options?.data, key, attributes);
    return { id: attributes.id, signature };
  }
}

const auth = (new Authority);

export {
  TokenType,
  VerificationResult,
  SignatureResult,
  SignatureOptions,
  Authority
};

export default auth;
fix copy notices 2020-12-28 15:04:52 +01:00			`/*`
			`* Copyright (C) Sapphirecode - All Rights Reserved`
			`* This file is part of Auth-Server-Helper which is released under MIT.`
			`* See file 'LICENSE' for full license details.`
			`* Created by Timo Hocker <timo@scode.ovh>, December 2020`
			`*/`

separate authority 2020-12-19 15:40:49 +01:00			`import {`
			`create_salt,`
			`sign_object,`
			`verify_signature_get_info`
			`} from '@sapphirecode/crypto-helper';`
			`import keystore from './KeyStore';`
			`import blacklist from './Blacklist';`

			`// eslint-disable-next-line no-shadow`
			`type TokenType = 'access_token'\|'refresh_token'\|'part_token'\|'none'`

			`interface VerificationResult {`
			`authorized: boolean;`
more tests, stryker 2020-12-28 14:53:14 +01:00			`valid: boolean;`
separate authority 2020-12-19 15:40:49 +01:00			`type: TokenType;`
allow attaching of custom data 2021-01-03 15:32:29 +01:00			`id: string;`
more tests, stryker 2020-12-28 14:53:14 +01:00			`next_module?: string;`
fix 2021-01-05 15:59:06 +01:00			`data?: unknown;`
allow attaching of custom data 2021-01-03 15:32:29 +01:00			`error?: string;`
separate authority 2020-12-19 15:40:49 +01:00			`}`

			`interface SignatureResult {`
			`signature: string;`
			`id: string;`
			`}`

allow signed data storage 2021-01-03 15:13:03 +01:00			`interface SignatureOptions`
			`{`
fix 2021-01-05 15:59:06 +01:00			`data?: unknown`
allow signed data storage 2021-01-03 15:13:03 +01:00			`next_module?: string`
			`}`

separate authority 2020-12-19 15:40:49 +01:00			`class Authority {`
			`public verify (key: string): VerificationResult {`
tests for authority 2020-12-19 16:19:09 +01:00			`const result: VerificationResult = {`
more tests, stryker 2020-12-28 14:53:14 +01:00			`authorized: false,`
			`valid: false,`
allow attaching of custom data 2021-01-03 15:32:29 +01:00			`type: 'none',`
			`id: ''`
tests for authority 2020-12-19 16:19:09 +01:00			`};`
separate authority 2020-12-19 15:40:49 +01:00			`const data = verify_signature_get_info (`
			`key,`
testing gateway 2020-12-28 16:53:08 +01:00			`(info) => {`
			`try {`
export/import keys 2021-01-08 13:30:53 +01:00			`return keystore.get_key (info.iat / 1000, info.iss);`
testing gateway 2020-12-28 16:53:08 +01:00			`}`
			`catch {`
			`return '';`
			`}`
			`},`
separate authority 2020-12-19 15:40:49 +01:00			`(info) => info.valid_for * 1000`
			`);`

allow attaching of custom data 2021-01-03 15:32:29 +01:00			`if (data === null) {`
			`result.error = 'invalid signature';`
separate authority 2020-12-19 15:40:49 +01:00			`return result;`
allow attaching of custom data 2021-01-03 15:32:29 +01:00			`}`
separate authority 2020-12-19 15:40:49 +01:00
allow attaching of custom data 2021-01-03 15:32:29 +01:00			`result.id = data.id;`
separate authority 2020-12-19 15:40:49 +01:00			`result.type = data.type;`

allow attaching of custom data 2021-01-03 15:32:29 +01:00			`if (!blacklist.is_valid (data.id)) {`
			`result.error = 'blacklisted';`
separate authority 2020-12-19 15:40:49 +01:00			`return result;`
allow attaching of custom data 2021-01-03 15:32:29 +01:00			`}`
separate authority 2020-12-19 15:40:49 +01:00
more tests, stryker 2020-12-28 14:53:14 +01:00			`result.valid = true;`
separate authority 2020-12-19 15:40:49 +01:00			`result.authorized = result.type === 'access_token';`
allow signed data storage 2021-01-03 15:13:03 +01:00			`result.next_module = data.next_module;`
			`result.data = data.obj;`
separate authority 2020-12-19 15:40:49 +01:00
			`return result;`
			`}`

asymmetric keys 2021-01-06 16:06:03 +01:00			`public async sign (`
separate authority 2020-12-19 15:40:49 +01:00			`type: TokenType,`
			`valid_for: number,`
allow signed data storage 2021-01-03 15:13:03 +01:00			`options?: SignatureOptions`
asymmetric keys 2021-01-06 16:06:03 +01:00			`): Promise<SignatureResult> {`
separate authority 2020-12-19 15:40:49 +01:00			`const time = Date.now ();`
asymmetric keys 2021-01-06 16:06:03 +01:00			`const key = await keystore.get_sign_key (time / 1000, valid_for);`
separate authority 2020-12-19 15:40:49 +01:00			`const attributes = {`
allow signed data storage 2021-01-03 15:13:03 +01:00			`id: create_salt (),`
			`iat: time,`
export/import keys 2021-01-08 13:30:53 +01:00			`iss: keystore.instance_id,`
separate authority 2020-12-19 15:40:49 +01:00			`type,`
allow signed data storage 2021-01-03 15:13:03 +01:00			`valid_for,`
			`next_module: options?.next_module`
separate authority 2020-12-19 15:40:49 +01:00			`};`
allow signed data storage 2021-01-03 15:13:03 +01:00			`const signature = sign_object (options?.data, key, attributes);`
separate authority 2020-12-19 15:40:49 +01:00			`return { id: attributes.id, signature };`
			`}`
			`}`

			`const auth = (new Authority);`

fix 2021-01-05 22:10:41 +01:00			`export {`
			`TokenType,`
			`VerificationResult,`
			`SignatureResult,`
			`SignatureOptions,`
			`Authority`
			`};`

separate authority 2020-12-19 15:40:49 +01:00			`export default auth;`