allow signed data storage

2021-01-03 15:13:03 +01:00 · 2021-01-03 15:13:03 +01:00 · 80d04f7441
commit 80d04f7441
parent f39759bad9
4 changed files with 48 additions and 12 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -0,0 +1,13 @@
+# Changelog
+
+## 2.0.0
+
+Complete redesign
+
+## 1.1.0
+
+add user_id to res.connection, so request handlers can access the current user
+
+## 1.0.0
+
+initial release
--- a/lib/AuthHandler.ts
+++ b/lib/AuthHandler.ts
@ -13,6 +13,7 @@ interface AccessSettings {
  access_token_expires_in: number
  include_refresh_token?: boolean
  refresh_token_expires_in?: number
+  data?: Record<string, unknown>
 }

 interface AccessResult {
@ -64,11 +65,12 @@ class AuthRequest {
  public allow_access ({
    access_token_expires_in,
    include_refresh_token,
-    refresh_token_expires_in
+    refresh_token_expires_in,
+    data
  }: AccessSettings): AccessResult {
    this.default_header ();

-    const at = auth.sign ('access_token', access_token_expires_in);
+    const at = auth.sign ('access_token', access_token_expires_in, { data });
    const result: AccessResult = { access_token_id: at.id };

    const res: AccessResponse = {
@ -87,7 +89,11 @@ class AuthRequest {
    if (include_refresh_token) {
      if (typeof refresh_token_expires_in !== 'number')
        throw new Error ('no expiry time defined for refresh tokens');
-      const rt = auth.sign ('refresh_token', refresh_token_expires_in);
+      const rt = auth.sign (
+        'refresh_token',
+        refresh_token_expires_in,
+        { data }
+      );
      res.refresh_token = rt.signature;
      res.refresh_expires_in = refresh_token_expires_in;
      result.refresh_token_id = rt.id;
@ -98,10 +104,18 @@ class AuthRequest {
    return result;
  }

-  public allow_part (part_token_expires_in: number, module: string): string {
+  public allow_part (
+    part_token_expires_in: number,
+    next_module: string,
+    data?: Record<string, unknown>
+  ): string {
    this.default_header ();

-    const pt = auth.sign ('part_token', part_token_expires_in, module);
+    const pt = auth.sign (
+      'part_token',
+      part_token_expires_in,
+      { next_module, data }
+    );

    const res = {
      token_type: 'bearer',
--- a/lib/Authority.ts
+++ b/lib/Authority.ts
@ -21,6 +21,7 @@ interface VerificationResult {
  valid: boolean;
  type: TokenType;
  next_module?: string;
+  data?: Record<string, unknown>;
 }

 interface SignatureResult {
@ -28,6 +29,12 @@ interface SignatureResult {
  id: string;
 }

+interface SignatureOptions
+{
+  data?: Record<string, unknown>
+  next_module?: string
+}
+
 class Authority {
  public verify (key: string): VerificationResult {
    const result: VerificationResult = {
@ -58,7 +65,8 @@ class Authority {

    result.valid = true;
    result.authorized = result.type === 'access_token';
-    result.next_module = data.obj;
+    result.next_module = data.next_module;
+    result.data = data.obj;

    return result;
  }
@ -66,7 +74,7 @@ class Authority {
  public sign (
    type: TokenType,
    valid_for: number,
-    next_module?: string
+    options?: SignatureOptions
  ): SignatureResult {
    const time = Date.now ();
    const key = keystore.get_key (time / 1000, valid_for);
@ -74,9 +82,10 @@ class Authority {
      id:          create_salt (),
      iat:         time,
      type,
-      valid_for
+      valid_for,
+      next_module: options?.next_module
    };
-    const signature = sign_object (next_module, key, attributes);
+    const signature = sign_object (options?.data, key, attributes);
    return { id: attributes.id, signature };
  }
 }
--- a/test/spec/Authority.ts
+++ b/test/spec/Authority.ts
@ -56,7 +56,7 @@ describe ('authority', () => {
  });

  it ('should create a part token', () => {
-    const token = auth.sign ('part_token', 60, '2fa');
+    const token = auth.sign ('part_token', 60, { next_module: '2fa' });
    jasmine.clock ()
      .tick (30000);
    const res = auth.verify (token.signature);