This commit is contained in:
parent
f39759bad9
commit
80d04f7441
13
CHANGELOG.md
Normal file
13
CHANGELOG.md
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
# Changelog
|
||||||
|
|
||||||
|
## 2.0.0
|
||||||
|
|
||||||
|
Complete redesign
|
||||||
|
|
||||||
|
## 1.1.0
|
||||||
|
|
||||||
|
add user_id to res.connection, so request handlers can access the current user
|
||||||
|
|
||||||
|
## 1.0.0
|
||||||
|
|
||||||
|
initial release
|
||||||
@ -13,6 +13,7 @@ interface AccessSettings {
|
|||||||
access_token_expires_in: number
|
access_token_expires_in: number
|
||||||
include_refresh_token?: boolean
|
include_refresh_token?: boolean
|
||||||
refresh_token_expires_in?: number
|
refresh_token_expires_in?: number
|
||||||
|
data?: Record<string, unknown>
|
||||||
}
|
}
|
||||||
|
|
||||||
interface AccessResult {
|
interface AccessResult {
|
||||||
@ -64,11 +65,12 @@ class AuthRequest {
|
|||||||
public allow_access ({
|
public allow_access ({
|
||||||
access_token_expires_in,
|
access_token_expires_in,
|
||||||
include_refresh_token,
|
include_refresh_token,
|
||||||
refresh_token_expires_in
|
refresh_token_expires_in,
|
||||||
|
data
|
||||||
}: AccessSettings): AccessResult {
|
}: AccessSettings): AccessResult {
|
||||||
this.default_header ();
|
this.default_header ();
|
||||||
|
|
||||||
const at = auth.sign ('access_token', access_token_expires_in);
|
const at = auth.sign ('access_token', access_token_expires_in, { data });
|
||||||
const result: AccessResult = { access_token_id: at.id };
|
const result: AccessResult = { access_token_id: at.id };
|
||||||
|
|
||||||
const res: AccessResponse = {
|
const res: AccessResponse = {
|
||||||
@ -87,7 +89,11 @@ class AuthRequest {
|
|||||||
if (include_refresh_token) {
|
if (include_refresh_token) {
|
||||||
if (typeof refresh_token_expires_in !== 'number')
|
if (typeof refresh_token_expires_in !== 'number')
|
||||||
throw new Error ('no expiry time defined for refresh tokens');
|
throw new Error ('no expiry time defined for refresh tokens');
|
||||||
const rt = auth.sign ('refresh_token', refresh_token_expires_in);
|
const rt = auth.sign (
|
||||||
|
'refresh_token',
|
||||||
|
refresh_token_expires_in,
|
||||||
|
{ data }
|
||||||
|
);
|
||||||
res.refresh_token = rt.signature;
|
res.refresh_token = rt.signature;
|
||||||
res.refresh_expires_in = refresh_token_expires_in;
|
res.refresh_expires_in = refresh_token_expires_in;
|
||||||
result.refresh_token_id = rt.id;
|
result.refresh_token_id = rt.id;
|
||||||
@ -98,10 +104,18 @@ class AuthRequest {
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
public allow_part (part_token_expires_in: number, module: string): string {
|
public allow_part (
|
||||||
|
part_token_expires_in: number,
|
||||||
|
next_module: string,
|
||||||
|
data?: Record<string, unknown>
|
||||||
|
): string {
|
||||||
this.default_header ();
|
this.default_header ();
|
||||||
|
|
||||||
const pt = auth.sign ('part_token', part_token_expires_in, module);
|
const pt = auth.sign (
|
||||||
|
'part_token',
|
||||||
|
part_token_expires_in,
|
||||||
|
{ next_module, data }
|
||||||
|
);
|
||||||
|
|
||||||
const res = {
|
const res = {
|
||||||
token_type: 'bearer',
|
token_type: 'bearer',
|
||||||
|
|||||||
@ -21,6 +21,7 @@ interface VerificationResult {
|
|||||||
valid: boolean;
|
valid: boolean;
|
||||||
type: TokenType;
|
type: TokenType;
|
||||||
next_module?: string;
|
next_module?: string;
|
||||||
|
data?: Record<string, unknown>;
|
||||||
}
|
}
|
||||||
|
|
||||||
interface SignatureResult {
|
interface SignatureResult {
|
||||||
@ -28,6 +29,12 @@ interface SignatureResult {
|
|||||||
id: string;
|
id: string;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
interface SignatureOptions
|
||||||
|
{
|
||||||
|
data?: Record<string, unknown>
|
||||||
|
next_module?: string
|
||||||
|
}
|
||||||
|
|
||||||
class Authority {
|
class Authority {
|
||||||
public verify (key: string): VerificationResult {
|
public verify (key: string): VerificationResult {
|
||||||
const result: VerificationResult = {
|
const result: VerificationResult = {
|
||||||
@ -58,7 +65,8 @@ class Authority {
|
|||||||
|
|
||||||
result.valid = true;
|
result.valid = true;
|
||||||
result.authorized = result.type === 'access_token';
|
result.authorized = result.type === 'access_token';
|
||||||
result.next_module = data.obj;
|
result.next_module = data.next_module;
|
||||||
|
result.data = data.obj;
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
@ -66,7 +74,7 @@ class Authority {
|
|||||||
public sign (
|
public sign (
|
||||||
type: TokenType,
|
type: TokenType,
|
||||||
valid_for: number,
|
valid_for: number,
|
||||||
next_module?: string
|
options?: SignatureOptions
|
||||||
): SignatureResult {
|
): SignatureResult {
|
||||||
const time = Date.now ();
|
const time = Date.now ();
|
||||||
const key = keystore.get_key (time / 1000, valid_for);
|
const key = keystore.get_key (time / 1000, valid_for);
|
||||||
@ -74,9 +82,10 @@ class Authority {
|
|||||||
id: create_salt (),
|
id: create_salt (),
|
||||||
iat: time,
|
iat: time,
|
||||||
type,
|
type,
|
||||||
valid_for
|
valid_for,
|
||||||
|
next_module: options?.next_module
|
||||||
};
|
};
|
||||||
const signature = sign_object (next_module, key, attributes);
|
const signature = sign_object (options?.data, key, attributes);
|
||||||
return { id: attributes.id, signature };
|
return { id: attributes.id, signature };
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -56,7 +56,7 @@ describe ('authority', () => {
|
|||||||
});
|
});
|
||||||
|
|
||||||
it ('should create a part token', () => {
|
it ('should create a part token', () => {
|
||||||
const token = auth.sign ('part_token', 60, '2fa');
|
const token = auth.sign ('part_token', 60, { next_module: '2fa' });
|
||||||
jasmine.clock ()
|
jasmine.clock ()
|
||||||
.tick (30000);
|
.tick (30000);
|
||||||
const res = auth.verify (token.signature);
|
const res = auth.verify (token.signature);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user