separate authority

2020-12-19 15:40:49 +01:00 · 2020-12-19 15:40:49 +01:00 · 8a264bfa58
commit 8a264bfa58
parent 170eb8a743
2 changed files with 68 additions and 12 deletions
--- a/lib/Authority.ts
+++ b/lib/Authority.ts
@ -0,0 +1,66 @@
+import {
+  create_salt,
+  sign_object,
+  verify_signature_get_info
+} from '@sapphirecode/crypto-helper';
+import keystore from './KeyStore';
+import blacklist from './Blacklist';
+
+// eslint-disable-next-line no-shadow
+type TokenType = 'access_token'|'refresh_token'|'part_token'|'none'
+
+interface VerificationResult {
+  authorized: boolean;
+  type: TokenType;
+  next_module: string;
+}
+
+interface SignatureResult {
+  signature: string;
+  id: string;
+}
+
+class Authority {
+  public verify (key: string): VerificationResult {
+    const result = { authorized: false, type: 'none', next_module: '' };
+    const data = verify_signature_get_info (
+      key,
+      (info) => keystore.get_key (info.iat / 1000),
+      (info) => info.valid_for * 1000
+    );
+
+    if (data === null)
+      return result;
+
+    result.type = data.type;
+
+    if (!blacklist.is_valid (data.id))
+      return result;
+
+    result.authorized = result.type === 'access_token';
+    result.next_module = data.obj;
+
+    return result;
+  }
+
+  public sign (
+    type: TokenType,
+    valid_for: number,
+    next_module?: string
+  ): SignatureResult {
+    const time = Date.now ();
+    const key = keystore.get_key (time / 1000);
+    const attributes = {
+      id:  create_salt (),
+      iat: time,
+      type,
+      valid_for
+    };
+    const signature = sign_object (next_module, key, attributes);
+    return { id: attributes.id, signature };
+  }
+}
+
+const auth = (new Authority);
+
+export default auth;
--- a/lib/Gateway.ts
+++ b/lib/Gateway.ts
@ -5,10 +5,8 @@
 * Created by Timo Hocker <timo@scode.ovh>, December 2020
 */

-import { verify_signature_get_info } from '@sapphirecode/crypto-helper';
 import { run_regex } from '@sapphirecode/utilities';
-import keystore from './KeyStore';
-import blacklist from './Blacklist';
+import authority from './Authority';

 type AnyFunc = (...args: unknown) => unknown;
 type Gateway = (req: Request, res: Response, next: AnyFunc) => Promise<void>;
@ -63,15 +61,7 @@ class GatewayClass {
    if (auth === null)
      return false;

-    const data = verify_signature_get_info (
-      auth,
-      (info) => keystore.get_key (info.iat),
-      (info) => info.valid_for * 1000
-    );
-
-    return data !== null
-      && data.type === 'access_token'
-      && blacklist.is_valid (data.id);
+    return authority.verify (auth).authorized;
  }

  public process_request (