auth-server-helper/lib/Authority.ts
Timo Hocker ba9608829d
All checks were successful
continuous-integration/drone/push Build is passing
permissions, connection data reader
2022-09-12 12:30:06 +02:00

139 lines
3.2 KiB
TypeScript

/*
* Copyright (C) Sapphirecode - All Rights Reserved
* This file is part of Auth-Server-Helper which is released under MIT.
* See file 'LICENSE' for full license details.
* Created by Timo Hocker <timo@scode.ovh>, December 2020
*/
import {
sign_object,
verify_signature_get_info
} from '@sapphirecode/crypto-helper';
import keystore from './KeyStore';
import blacklist from './Blacklist';
import { debug } from './debug';
import { generate_token_id } from './token_id';
const logger = debug ('authority');
// eslint-disable-next-line no-shadow
type TokenType = 'access_token' | 'none' | 'part_token' | 'refresh_token'
interface VerificationResult {
authorized: boolean;
valid: boolean;
type: TokenType;
id: string;
next_module?: string;
permissions?: string[];
data?: unknown;
error?: string;
}
interface SignatureResult {
signature: string;
id: string;
}
interface SignatureOptions
{
data?: unknown
next_module?: string,
permissions?: string[]
}
class Authority {
public async verify (key: string): Promise<VerificationResult> {
const log = logger.extend ('verify');
log ('verifying token');
const result: VerificationResult = {
authorized: false,
valid: false,
type: 'none',
permissions: [],
id: ''
};
const data = await verify_signature_get_info (
key,
async (info) => {
try {
return await keystore.get_key (info.iat / 1000, info.iss);
}
catch {
return '';
}
},
(info) => info.valid_for * 1000
);
if (data === null) {
log ('token invalid');
result.error = 'invalid signature';
return result;
}
result.id = data.id;
result.type = data.type;
log ('parsing token %s %s', result.type, result.id);
if (!(await blacklist.is_valid (data.id))) {
log ('token is blacklisted');
result.error = 'blacklisted';
return result;
}
result.valid = true;
result.authorized = result.type === 'access_token';
result.next_module = data.next_module;
result.permissions = data.permissions;
result.data = data.obj;
log (
'valid %s; targeting module %s',
result.type,
result.next_module
);
log ('permissions %o', result.permissions);
return result;
}
public async sign (
type: TokenType,
valid_for: number,
options?: SignatureOptions
): Promise<SignatureResult> {
const log = logger.extend ('sign');
log ('signing new %s', type);
const time = Date.now ();
const valid_until = time + (valid_for * 1e3);
const key = await keystore.get_sign_key (time / 1000, valid_for);
const attributes = {
id: generate_token_id (new Date (valid_until)),
iat: time,
iss: keystore.instance_id,
type,
valid_for,
valid_until,
next_module: options?.next_module,
permissions: options?.permissions
};
const signature = sign_object (options?.data, key, attributes);
log ('created token %s', attributes.id);
return { id: attributes.id, signature };
}
}
const auth = (new Authority);
export {
TokenType,
VerificationResult,
SignatureResult,
SignatureOptions,
Authority
};
export default auth;