This commit is contained in:
parent
170eb8a743
commit
8a264bfa58
66
lib/Authority.ts
Normal file
66
lib/Authority.ts
Normal file
@ -0,0 +1,66 @@
|
|||||||
|
import {
|
||||||
|
create_salt,
|
||||||
|
sign_object,
|
||||||
|
verify_signature_get_info
|
||||||
|
} from '@sapphirecode/crypto-helper';
|
||||||
|
import keystore from './KeyStore';
|
||||||
|
import blacklist from './Blacklist';
|
||||||
|
|
||||||
|
// eslint-disable-next-line no-shadow
|
||||||
|
type TokenType = 'access_token'|'refresh_token'|'part_token'|'none'
|
||||||
|
|
||||||
|
interface VerificationResult {
|
||||||
|
authorized: boolean;
|
||||||
|
type: TokenType;
|
||||||
|
next_module: string;
|
||||||
|
}
|
||||||
|
|
||||||
|
interface SignatureResult {
|
||||||
|
signature: string;
|
||||||
|
id: string;
|
||||||
|
}
|
||||||
|
|
||||||
|
class Authority {
|
||||||
|
public verify (key: string): VerificationResult {
|
||||||
|
const result = { authorized: false, type: 'none', next_module: '' };
|
||||||
|
const data = verify_signature_get_info (
|
||||||
|
key,
|
||||||
|
(info) => keystore.get_key (info.iat / 1000),
|
||||||
|
(info) => info.valid_for * 1000
|
||||||
|
);
|
||||||
|
|
||||||
|
if (data === null)
|
||||||
|
return result;
|
||||||
|
|
||||||
|
result.type = data.type;
|
||||||
|
|
||||||
|
if (!blacklist.is_valid (data.id))
|
||||||
|
return result;
|
||||||
|
|
||||||
|
result.authorized = result.type === 'access_token';
|
||||||
|
result.next_module = data.obj;
|
||||||
|
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
public sign (
|
||||||
|
type: TokenType,
|
||||||
|
valid_for: number,
|
||||||
|
next_module?: string
|
||||||
|
): SignatureResult {
|
||||||
|
const time = Date.now ();
|
||||||
|
const key = keystore.get_key (time / 1000);
|
||||||
|
const attributes = {
|
||||||
|
id: create_salt (),
|
||||||
|
iat: time,
|
||||||
|
type,
|
||||||
|
valid_for
|
||||||
|
};
|
||||||
|
const signature = sign_object (next_module, key, attributes);
|
||||||
|
return { id: attributes.id, signature };
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
const auth = (new Authority);
|
||||||
|
|
||||||
|
export default auth;
|
||||||
@ -5,10 +5,8 @@
|
|||||||
* Created by Timo Hocker <timo@scode.ovh>, December 2020
|
* Created by Timo Hocker <timo@scode.ovh>, December 2020
|
||||||
*/
|
*/
|
||||||
|
|
||||||
import { verify_signature_get_info } from '@sapphirecode/crypto-helper';
|
|
||||||
import { run_regex } from '@sapphirecode/utilities';
|
import { run_regex } from '@sapphirecode/utilities';
|
||||||
import keystore from './KeyStore';
|
import authority from './Authority';
|
||||||
import blacklist from './Blacklist';
|
|
||||||
|
|
||||||
type AnyFunc = (...args: unknown) => unknown;
|
type AnyFunc = (...args: unknown) => unknown;
|
||||||
type Gateway = (req: Request, res: Response, next: AnyFunc) => Promise<void>;
|
type Gateway = (req: Request, res: Response, next: AnyFunc) => Promise<void>;
|
||||||
@ -63,15 +61,7 @@ class GatewayClass {
|
|||||||
if (auth === null)
|
if (auth === null)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
const data = verify_signature_get_info (
|
return authority.verify (auth).authorized;
|
||||||
auth,
|
|
||||||
(info) => keystore.get_key (info.iat),
|
|
||||||
(info) => info.valid_for * 1000
|
|
||||||
);
|
|
||||||
|
|
||||||
return data !== null
|
|
||||||
&& data.type === 'access_token'
|
|
||||||
&& blacklist.is_valid (data.id);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public process_request (
|
public process_request (
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user