This commit is contained in:
42
lib/Blacklist.ts
Normal file
42
lib/Blacklist.ts
Normal file
@ -0,0 +1,42 @@
|
||||
interface Signature {
|
||||
hash: string;
|
||||
iat: Date;
|
||||
}
|
||||
|
||||
class Blacklist {
|
||||
private _signatures: Signature[];
|
||||
|
||||
public constructor () {
|
||||
this._signatures = [];
|
||||
}
|
||||
|
||||
public clear_before (date: Date) {
|
||||
for (let i = this._signatures.length - 1; i >= 0; i--) {
|
||||
if (this._signatures[i].iat < date)
|
||||
this._signatures.splice (i, 1);
|
||||
}
|
||||
}
|
||||
|
||||
public add_signature (hash: string) {
|
||||
this._signatures.push ({ iat: (new Date), hash });
|
||||
}
|
||||
|
||||
public remove_signature (hash:string) {
|
||||
for (let i = this._signatures.length - 1; i >= 0; i--) {
|
||||
if (this._signatures[i].hash === hash)
|
||||
this._signatures.splice (i, 1);
|
||||
}
|
||||
}
|
||||
|
||||
public is_valid (hash: string) {
|
||||
for (const sig of this._signatures) {
|
||||
if (sig.hash === hash)
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
const bl = (new Blacklist);
|
||||
export default bl;
|
||||
@ -1,9 +1,15 @@
|
||||
import {
|
||||
get_signature_info,
|
||||
verify_signature
|
||||
} from '@sapphirecode/crypto-helper';
|
||||
import keystore from './KeyStore';
|
||||
import blacklist from './Blacklist';
|
||||
|
||||
type AnyFunc = (...args: unknown) => unknown;
|
||||
type Gateway = (req: Request, res: Response, next: AnyFunc) => Promise<void>;
|
||||
|
||||
interface GatewayOptions {
|
||||
redirect_url: string;
|
||||
use_stored_sessions?: boolean;
|
||||
}
|
||||
|
||||
class GatewayClass {
|
||||
@ -19,17 +25,34 @@ class GatewayClass {
|
||||
res.end ();
|
||||
}
|
||||
|
||||
private async authenticate (req: Request): Promise<boolean> {
|
||||
await Promise.resolve (req.body);
|
||||
return false;
|
||||
private authenticate (req: Request): Promise<boolean> {
|
||||
const auth = req.headers.get ('Authentication');
|
||||
const auth_type_regex = /(?<type>\w)+ (?<data>.*)/u;
|
||||
const auth_type = auth_type_regex.exec (auth);
|
||||
if (auth_type === null)
|
||||
return false;
|
||||
if (auth_type.groups.type !== 'Bearer')
|
||||
return false;
|
||||
|
||||
const data = get_signature_info (auth_type.groups.data);
|
||||
const key = keystore.get_key (data.iat / 1000);
|
||||
const valid = verify_signature (
|
||||
auth_type.groups.data,
|
||||
key,
|
||||
data.obj.valid_for * 1000
|
||||
) === null;
|
||||
|
||||
return valid
|
||||
&& data.obj.type === 'access_token'
|
||||
&& blacklist.is_valid (data.obj.id);
|
||||
}
|
||||
|
||||
public async process_request (
|
||||
public process_request (
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: AnyFunc
|
||||
): Promise<void> {
|
||||
if (await this.authenticate (req))
|
||||
if (this.authenticate (req))
|
||||
return next ();
|
||||
return this.redirect (res);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user