This commit is contained in:
parent
f39759bad9
commit
80d04f7441
13
CHANGELOG.md
Normal file
13
CHANGELOG.md
Normal file
@ -0,0 +1,13 @@
|
||||
# Changelog
|
||||
|
||||
## 2.0.0
|
||||
|
||||
Complete redesign
|
||||
|
||||
## 1.1.0
|
||||
|
||||
add user_id to res.connection, so request handlers can access the current user
|
||||
|
||||
## 1.0.0
|
||||
|
||||
initial release
|
@ -13,6 +13,7 @@ interface AccessSettings {
|
||||
access_token_expires_in: number
|
||||
include_refresh_token?: boolean
|
||||
refresh_token_expires_in?: number
|
||||
data?: Record<string, unknown>
|
||||
}
|
||||
|
||||
interface AccessResult {
|
||||
@ -64,11 +65,12 @@ class AuthRequest {
|
||||
public allow_access ({
|
||||
access_token_expires_in,
|
||||
include_refresh_token,
|
||||
refresh_token_expires_in
|
||||
refresh_token_expires_in,
|
||||
data
|
||||
}: AccessSettings): AccessResult {
|
||||
this.default_header ();
|
||||
|
||||
const at = auth.sign ('access_token', access_token_expires_in);
|
||||
const at = auth.sign ('access_token', access_token_expires_in, { data });
|
||||
const result: AccessResult = { access_token_id: at.id };
|
||||
|
||||
const res: AccessResponse = {
|
||||
@ -87,7 +89,11 @@ class AuthRequest {
|
||||
if (include_refresh_token) {
|
||||
if (typeof refresh_token_expires_in !== 'number')
|
||||
throw new Error ('no expiry time defined for refresh tokens');
|
||||
const rt = auth.sign ('refresh_token', refresh_token_expires_in);
|
||||
const rt = auth.sign (
|
||||
'refresh_token',
|
||||
refresh_token_expires_in,
|
||||
{ data }
|
||||
);
|
||||
res.refresh_token = rt.signature;
|
||||
res.refresh_expires_in = refresh_token_expires_in;
|
||||
result.refresh_token_id = rt.id;
|
||||
@ -98,10 +104,18 @@ class AuthRequest {
|
||||
return result;
|
||||
}
|
||||
|
||||
public allow_part (part_token_expires_in: number, module: string): string {
|
||||
public allow_part (
|
||||
part_token_expires_in: number,
|
||||
next_module: string,
|
||||
data?: Record<string, unknown>
|
||||
): string {
|
||||
this.default_header ();
|
||||
|
||||
const pt = auth.sign ('part_token', part_token_expires_in, module);
|
||||
const pt = auth.sign (
|
||||
'part_token',
|
||||
part_token_expires_in,
|
||||
{ next_module, data }
|
||||
);
|
||||
|
||||
const res = {
|
||||
token_type: 'bearer',
|
||||
|
@ -21,6 +21,7 @@ interface VerificationResult {
|
||||
valid: boolean;
|
||||
type: TokenType;
|
||||
next_module?: string;
|
||||
data?: Record<string, unknown>;
|
||||
}
|
||||
|
||||
interface SignatureResult {
|
||||
@ -28,6 +29,12 @@ interface SignatureResult {
|
||||
id: string;
|
||||
}
|
||||
|
||||
interface SignatureOptions
|
||||
{
|
||||
data?: Record<string, unknown>
|
||||
next_module?: string
|
||||
}
|
||||
|
||||
class Authority {
|
||||
public verify (key: string): VerificationResult {
|
||||
const result: VerificationResult = {
|
||||
@ -58,7 +65,8 @@ class Authority {
|
||||
|
||||
result.valid = true;
|
||||
result.authorized = result.type === 'access_token';
|
||||
result.next_module = data.obj;
|
||||
result.next_module = data.next_module;
|
||||
result.data = data.obj;
|
||||
|
||||
return result;
|
||||
}
|
||||
@ -66,17 +74,18 @@ class Authority {
|
||||
public sign (
|
||||
type: TokenType,
|
||||
valid_for: number,
|
||||
next_module?: string
|
||||
options?: SignatureOptions
|
||||
): SignatureResult {
|
||||
const time = Date.now ();
|
||||
const key = keystore.get_key (time / 1000, valid_for);
|
||||
const attributes = {
|
||||
id: create_salt (),
|
||||
iat: time,
|
||||
id: create_salt (),
|
||||
iat: time,
|
||||
type,
|
||||
valid_for
|
||||
valid_for,
|
||||
next_module: options?.next_module
|
||||
};
|
||||
const signature = sign_object (next_module, key, attributes);
|
||||
const signature = sign_object (options?.data, key, attributes);
|
||||
return { id: attributes.id, signature };
|
||||
}
|
||||
}
|
||||
|
@ -56,7 +56,7 @@ describe ('authority', () => {
|
||||
});
|
||||
|
||||
it ('should create a part token', () => {
|
||||
const token = auth.sign ('part_token', 60, '2fa');
|
||||
const token = auth.sign ('part_token', 60, { next_module: '2fa' });
|
||||
jasmine.clock ()
|
||||
.tick (30000);
|
||||
const res = auth.verify (token.signature);
|
||||
|
Loading…
x
Reference in New Issue
Block a user