From debb7debf11701e7ca70d3225bdc0ee1f2b124ac Mon Sep 17 00:00:00 2001
From: Timo Hocker <timo@scode.ovh>
Date: Sun, 3 Jan 2021 15:32:29 +0100
Subject: [PATCH] allow attaching of custom data

---
 lib/AuthHandler.ts       |  5 +++++
 lib/Authority.ts         | 14 +++++++++++---
 lib/Gateway.ts           |  9 ++++++++-
 stryker.conf.js          |  3 ++-
 test/spec/AuthHandler.ts |  1 -
 test/spec/Authority.ts   | 28 ++++++++++++++++++++++++++++
 6 files changed, 54 insertions(+), 6 deletions(-)

diff --git a/lib/AuthHandler.ts b/lib/AuthHandler.ts
index 75726f4..3f7fb50 100644
--- a/lib/AuthHandler.ts
+++ b/lib/AuthHandler.ts
@@ -37,6 +37,8 @@ class AuthRequest {
   public is_basic: boolean;
   public user: string;
   public password: string;
+  public token_data?: Record<string, unknown>;
+  public token_id?: string;
   public body: string;
 
   private _cookie_name?: string;
@@ -202,6 +204,9 @@ export default function create_auth_handler (
       return Promise.resolve ();
     }
 
+    request.token_data = token_data.data;
+    request.token_id = token_data.id;
+
     if (
       typeof options !== 'undefined'
       && typeof options.refresh !== 'undefined'
diff --git a/lib/Authority.ts b/lib/Authority.ts
index a75733e..9c81b83 100644
--- a/lib/Authority.ts
+++ b/lib/Authority.ts
@@ -20,8 +20,10 @@ interface VerificationResult {
   authorized: boolean;
   valid: boolean;
   type: TokenType;
+  id: string;
   next_module?: string;
   data?: Record<string, unknown>;
+  error?: string;
 }
 
 interface SignatureResult {
@@ -40,7 +42,8 @@ class Authority {
     const result: VerificationResult = {
       authorized: false,
       valid:      false,
-      type:       'none'
+      type:       'none',
+      id:         ''
     };
     const data = verify_signature_get_info (
       key,
@@ -55,13 +58,18 @@ class Authority {
       (info) => info.valid_for * 1000
     );
 
-    if (data === null)
+    if (data === null) {
+      result.error = 'invalid signature';
       return result;
+    }
 
+    result.id = data.id;
     result.type = data.type;
 
-    if (!blacklist.is_valid (data.id))
+    if (!blacklist.is_valid (data.id)) {
+      result.error = 'blacklisted';
       return result;
+    }
 
     result.valid = true;
     result.authorized = result.type === 'access_token';
diff --git a/lib/Gateway.ts b/lib/Gateway.ts
index 82f682d..fd4d54c 100644
--- a/lib/Gateway.ts
+++ b/lib/Gateway.ts
@@ -65,7 +65,14 @@ class GatewayClass {
     if (auth === null)
       return false;
 
-    return authority.verify (auth).authorized;
+    const ver = authority.verify (auth);
+
+    const con = req.connection as Record<string, unknown>;
+    con.auth = {};
+    con.auth.token_id = ver.id;
+    con.auth.token_data = ver.data;
+
+    return ver.authorized;
   }
 
   public process_request (
diff --git a/stryker.conf.js b/stryker.conf.js
index f51e7ec..a9c5847 100644
--- a/stryker.conf.js
+++ b/stryker.conf.js
@@ -19,5 +19,6 @@ module.exports = {
   testRunner:        'jasmine',
   jasmineConfigFile: 'jasmine.json',
   coverageAnalysis:  'perTest',
-  mutate:            [ 'lib/*.ts' ]
+  mutate:            [ 'lib/*.ts' ],
+  tsconfigFile:      'tsconfig.json'
 };
diff --git a/test/spec/AuthHandler.ts b/test/spec/AuthHandler.ts
index 8119fbc..5020248 100644
--- a/test/spec/AuthHandler.ts
+++ b/test/spec/AuthHandler.ts
@@ -204,7 +204,6 @@ describe ('auth handler', () => {
       .toEqual ({ error: 'invalid_client' });
   });
 
-
   it ('should process part token', async () => {
     const resp1 = await get ({ authorization: 'Basic part:bar' });
     expect (resp1.statusCode)
diff --git a/test/spec/Authority.ts b/test/spec/Authority.ts
index c322ca1..53dd482 100644
--- a/test/spec/Authority.ts
+++ b/test/spec/Authority.ts
@@ -38,6 +38,10 @@ describe ('authority', () => {
       .toEqual ('access_token');
     expect (res.next_module)
       .toBeUndefined ();
+    expect (res.id)
+      .toEqual (token.id);
+    expect (res.error)
+      .toBeUndefined ();
   });
 
   it ('should create a refresh token', () => {
@@ -53,6 +57,10 @@ describe ('authority', () => {
       .toEqual ('refresh_token');
     expect (res.next_module)
       .toBeUndefined ();
+    expect (res.id)
+      .toEqual (token.id);
+    expect (res.error)
+      .toBeUndefined ();
   });
 
   it ('should create a part token', () => {
@@ -68,6 +76,10 @@ describe ('authority', () => {
       .toEqual ('part_token');
     expect (res.next_module)
       .toEqual ('2fa');
+    expect (res.id)
+      .toEqual (token.id);
+    expect (res.error)
+      .toBeUndefined ();
   });
 
   it ('should reject an invalid access token', () => {
@@ -84,6 +96,10 @@ describe ('authority', () => {
       .toEqual ('none');
     expect (res.next_module)
       .toBeUndefined ();
+    expect (res.id)
+      .toEqual ('');
+    expect (res.error)
+      .toEqual ('invalid signature');
   });
 
   it ('should reject blacklisted access token', () => {
@@ -100,6 +116,10 @@ describe ('authority', () => {
       .toEqual ('access_token');
     expect (res.next_module)
       .toBeUndefined ();
+    expect (res.id)
+      .toEqual (token.id);
+    expect (res.error)
+      .toEqual ('blacklisted');
   });
 
   it ('should reject an invalid refresh token', () => {
@@ -116,6 +136,10 @@ describe ('authority', () => {
       .toEqual ('none');
     expect (res.next_module)
       .toBeUndefined ();
+    expect (res.id)
+      .toEqual ('');
+    expect (res.error)
+      .toEqual ('invalid signature');
   });
 
   it ('should reject a blacklisted refresh token', () => {
@@ -132,5 +156,9 @@ describe ('authority', () => {
       .toEqual ('refresh_token');
     expect (res.next_module)
       .toBeUndefined ();
+    expect (res.id)
+      .toEqual (token.id);
+    expect (res.error)
+      .toEqual ('blacklisted');
   });
 });