From 68c06b67425d9008cba41f9b3e9bb1bf88965508 Mon Sep 17 00:00:00 2001
From: Timo Hocker <timo@scode.ovh>
Date: Sun, 13 Dec 2020 12:26:40 +0100
Subject: [PATCH] cookie auth

---
 lib/Gateway.ts | 39 +++++++++++++++++++++++++++++++--------
 package.json   |  3 ++-
 yarn.lock      |  5 +++++
 3 files changed, 38 insertions(+), 9 deletions(-)

diff --git a/lib/Gateway.ts b/lib/Gateway.ts
index a3e8f21..d7df7c4 100644
--- a/lib/Gateway.ts
+++ b/lib/Gateway.ts
@@ -2,6 +2,7 @@ import {
   get_signature_info,
   verify_signature
 } from '@sapphirecode/crypto-helper';
+import { run_regex } from '@sapphirecode/utilities';
 import keystore from './KeyStore';
 import blacklist from './Blacklist';
 
@@ -10,6 +11,7 @@ type Gateway = (req: Request, res: Response, next: AnyFunc) => Promise<void>;
 
 interface GatewayOptions {
   redirect_url: string;
+  cookie_name?: string;
 }
 
 class GatewayClass {
@@ -25,19 +27,40 @@ class GatewayClass {
     res.end ();
   }
 
+  private get_header_auth (req: Request): string | null {
+    const auth_header = req.headers.get ('Authorization');
+    const auth = (/(?<type>\w)+ (?<data>.*)/u).exec (auth_header);
+    if (auth === null)
+      return null;
+    if (auth.groups.type !== 'Bearer')
+      return null;
+    return auth.groups.data;
+  }
+
+  private get_cookie_auth (req: Request): string | null {
+    let auth = null;
+    run_regex (
+      /[\^;](?<name>[^;=]+)=(?<value>[^;]+)/gu,
+      req.headers.get ('cookie'),
+      (res) => {
+        if (res.groups.name === this._options.cookie_name)
+          auth = res.groups.value;
+      }
+    );
+    return auth;
+  }
+
   private authenticate (req: Request): Promise<boolean> {
-    const auth = req.headers.get ('Authentication');
-    const auth_type_regex = /(?<type>\w)+ (?<data>.*)/u;
-    const auth_type = auth_type_regex.exec (auth);
-    if (auth_type === null)
-      return false;
-    if (auth_type.groups.type !== 'Bearer')
+    let auth = this.get_header_auth (req);
+    if (auth === null)
+      auth = this.get_cookie_auth (req);
+    if (auth === null)
       return false;
 
-    const data = get_signature_info (auth_type.groups.data);
+    const data = get_signature_info (auth);
     const key = keystore.get_key (data.iat / 1000);
     const valid = verify_signature (
-      auth_type.groups.data,
+      auth,
       key,
       data.obj.valid_for * 1000
     ) === null;
diff --git a/package.json b/package.json
index 70fc8ed..db7ffb6 100644
--- a/package.json
+++ b/package.json
@@ -37,6 +37,7 @@
     "middleware"
   ],
   "dependencies": {
-    "@sapphirecode/crypto-helper": "^1.1.62"
+    "@sapphirecode/crypto-helper": "^1.1.62",
+    "@sapphirecode/utilities": "^1.8.8"
   }
 }
diff --git a/yarn.lock b/yarn.lock
index deaaa61..a678fc7 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -282,6 +282,11 @@
     eslint-plugin-node "^11.1.0"
     eslint-plugin-sort-requires-by-path "^1.0.2"
 
+"@sapphirecode/utilities@^1.8.8":
+  version "1.8.8"
+  resolved "https://registry.yarnpkg.com/@sapphirecode/utilities/-/utilities-1.8.8.tgz#59edeee14a0e6180e0f5b6185e6ab0d58c8f2a46"
+  integrity sha512-U8vJv0YZK3Q2YoELL6MhM0Wzyf3Ay6peDkiL/kqA6Z8HpaQzo+4aH5rZdmwsQ8lfV04qWUtzQRupU6/TCxqyRg==
+
 "@types/jasmine@^3.6.2":
   version "3.6.2"
   resolved "https://registry.yarnpkg.com/@types/jasmine/-/jasmine-3.6.2.tgz#02f64450016f7de70f145d698be311136d7c6374"