-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
4c96713
commit b22dafb
Showing
20 changed files
with
299 additions
and
299 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
import workflow from './workflow' | ||
import { endpoint, requestSchema, responseSchema } from './endpoint' | ||
import runner from './runner' | ||
import { workflow, requestSchema, responseSchema } from './workflow' | ||
|
||
export { workflow, endpoint, requestSchema, responseSchema } | ||
export { runner, workflow, requestSchema, responseSchema } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
import jsonwebtoken from 'jsonwebtoken' | ||
|
||
import { IJwtPayload } from '../types/interfaces' | ||
import { State } from '../State' | ||
|
||
/** | ||
* Logout wokflow method, used in the `Logout.endpoint` | ||
* Invalidates whole refresh token family. Access token is still valid after calling this endpoint. | ||
* @param authHeader | ||
*/ | ||
export default async function runner(authHeader: string) { | ||
const [, accessToken] = authHeader.split(' ') | ||
|
||
// NOTE: token is valid, cause it already passed through verification (by passport) | ||
const decodedAccessTokenData = <IJwtPayload>jsonwebtoken.decode(accessToken) | ||
|
||
await State.getInstance().refreshTokenRepository.invalidateRefreshTokenFamily(decodedAccessTokenData.uid, decodedAccessTokenData.fid) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,18 +1,53 @@ | ||
import jsonwebtoken from 'jsonwebtoken' | ||
import { Request, Response, NextFunction } from 'express' | ||
import Joi from 'joi' | ||
|
||
import { IJwtPayload } from '../types/interfaces' | ||
import { State } from '../State' | ||
import { fullMessagesResponse } from '../utils/joiSchemas' | ||
import { MESSAGE_TYPE } from '../utils/enums' | ||
import runner from './runner' | ||
import { ErrorBuilder } from '../utils/ErrorBuilder' | ||
import { customTFunction } from '../utils/translations' | ||
|
||
/** | ||
* Logout wokflow method, used in the `Logout.endpoint` | ||
* Invalidates whole refresh token family. Access token is still valid after calling this endpoint. | ||
* @param authHeader | ||
* Logout endpoint request schema - empty | ||
*/ | ||
export default async function workflow(authHeader: string) { | ||
const [, accessToken] = authHeader.split(' ') | ||
export const requestSchema = Joi.object({ | ||
body: Joi.object(), | ||
query: Joi.object(), | ||
params: Joi.object() | ||
}) | ||
|
||
// NOTE: token is valid, cause it already passed through verification (by passport) | ||
const decodedAccessTokenData = <IJwtPayload>jsonwebtoken.decode(accessToken) | ||
/** | ||
* Logout endpoint response schema - full message | ||
*/ | ||
export const responseSchema = fullMessagesResponse | ||
|
||
/** | ||
* Logout endpoint | ||
* Usage: `router.post('/logout', ApiAuth.guard(), schemaMiddleware(Logout.requestSchema), Logout.endpoint)` | ||
* @param req | ||
* @param res | ||
* @param next | ||
*/ | ||
export async function workflow(req: Request, res: Response, next: NextFunction) { | ||
try { | ||
const authHeader = req.headers.authorization | ||
|
||
const t = req.t ?? customTFunction | ||
if (!authHeader) { | ||
throw new ErrorBuilder(401, t('Unauthorized')) | ||
} | ||
|
||
await runner(authHeader) | ||
|
||
await State.getInstance().refreshTokenRepository.invalidateRefreshTokenFamily(decodedAccessTokenData.uid, decodedAccessTokenData.fid) | ||
return res.json({ | ||
messages: [ | ||
{ | ||
type: MESSAGE_TYPE.SUCCESS, | ||
message: t('You were successfully logged out') | ||
} | ||
] | ||
}) | ||
} catch (err) { | ||
return next(err) | ||
} | ||
} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
import workflow from './workflow' | ||
import { endpoint, requestSchema, responseSchema } from './endpoint' | ||
import runner from './runner' | ||
import { workflow, requestSchema, responseSchema } from './workflow' | ||
|
||
export { workflow, endpoint, requestSchema, responseSchema } | ||
export { runner, workflow, requestSchema, responseSchema } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
import jsonwebtoken from 'jsonwebtoken' | ||
|
||
import { IJwtPayload } from '../types/interfaces' | ||
import { State } from '../State' | ||
|
||
/** | ||
* Logout from everywhere wokflow method, used in the `Logout.endpoint` | ||
* Invalidates all user refresh tokens by calling `refreshTokenRepository.invalidateUserRefreshTokens`. If this method is not provided and this endpoint is used, library throws exception. | ||
* All users access token are still valid after calling this endpoint. | ||
* @param authHeader | ||
*/ | ||
export default async function runner(authHeader: string) { | ||
const [, accessToken] = authHeader.split(' ') | ||
|
||
// NOTE: token is valid, cause it already passed through verification (by passport) | ||
const decodedAccessTokenData = <IJwtPayload>jsonwebtoken.decode(accessToken) | ||
|
||
const state = State.getInstance() | ||
if (!state.refreshTokenRepository.invalidateUserRefreshTokens) { | ||
throw new Error("'invalidateUserRefreshTokens' is not implemented on UserTokenRepository") | ||
} | ||
|
||
await state.refreshTokenRepository.invalidateUserRefreshTokens(decodedAccessTokenData.uid) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,24 +1,53 @@ | ||
import jsonwebtoken from 'jsonwebtoken' | ||
import { Request, Response, NextFunction } from 'express' | ||
import Joi from 'joi' | ||
|
||
import { IJwtPayload } from '../types/interfaces' | ||
import { State } from '../State' | ||
import { fullMessagesResponse } from '../utils/joiSchemas' | ||
import { MESSAGE_TYPE } from '../utils/enums' | ||
import runner from './runner' | ||
import { ErrorBuilder } from '../utils/ErrorBuilder' | ||
import { customTFunction } from '../utils/translations' | ||
|
||
/** | ||
* Logout from everywhere wokflow method, used in the `Logout.endpoint` | ||
* Invalidates all user refresh tokens by calling `refreshTokenRepository.invalidateUserRefreshTokens`. If this method is not provided and this endpoint is used, library throws exception. | ||
* All users access token are still valid after calling this endpoint. | ||
* @param authHeader | ||
* Logout from everywhere endpoint request schema - empty | ||
*/ | ||
export default async function workflow(authHeader: string) { | ||
const [, accessToken] = authHeader.split(' ') | ||
export const requestSchema = Joi.object({ | ||
body: Joi.object(), | ||
query: Joi.object(), | ||
params: Joi.object() | ||
}) | ||
|
||
// NOTE: token is valid, cause it already passed through verification (by passport) | ||
const decodedAccessTokenData = <IJwtPayload>jsonwebtoken.decode(accessToken) | ||
/** | ||
* Logout from everywhere endpoint response schema - full message | ||
*/ | ||
export const responseSchema = fullMessagesResponse | ||
|
||
const state = State.getInstance() | ||
if (!state.refreshTokenRepository.invalidateUserRefreshTokens) { | ||
throw new Error("'invalidateUserRefreshTokens' is not implemented on UserTokenRepository") | ||
} | ||
/** | ||
* Logout from everywhere endpoint | ||
* Usage: `router.post('/logout-everywhere', ApiAuth.guard(), schemaMiddleware(LogoutEverywhere.requestSchema), LogoutEverywhere.endpoint)` | ||
* @param req | ||
* @param res | ||
* @param next | ||
*/ | ||
export async function workflow(req: Request, res: Response, next: NextFunction) { | ||
try { | ||
const authHeader = req.headers.authorization | ||
|
||
const t = req.t ?? customTFunction | ||
if (!authHeader) { | ||
throw new ErrorBuilder(401, t('Unauthorized')) | ||
} | ||
|
||
await state.refreshTokenRepository.invalidateUserRefreshTokens(decodedAccessTokenData.uid) | ||
await runner(authHeader) | ||
|
||
return res.json({ | ||
messages: [ | ||
{ | ||
type: MESSAGE_TYPE.SUCCESS, | ||
message: t('You were successfully logged out') | ||
} | ||
] | ||
}) | ||
} catch (err) { | ||
return next(err) | ||
} | ||
} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
import getToken from './getToken' | ||
import guard from './guard' | ||
import { endpoint, requestSchema, responseSchema } from './endpoint' | ||
import { workflow, requestSchema, responseSchema } from './workflow' | ||
import { strategy, strategyVerifyFunction, secretOrKeyProvider } from './strategy' | ||
import workflow from './workflow' | ||
import runner from './runner' | ||
|
||
export { getToken, endpoint, requestSchema, responseSchema, guard, strategy, strategyVerifyFunction, secretOrKeyProvider, workflow } | ||
export { getToken, requestSchema, responseSchema, guard, strategy, strategyVerifyFunction, secretOrKeyProvider, workflow, runner } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
import { createHash } from '../utils/jwt' | ||
import { State } from '../State' | ||
import { ID } from '../types/interfaces' | ||
|
||
/** | ||
* Workflow method used in the `PasswordReset.endpoint`. | ||
* Internally hashes user new password and subsequently call `userRepository.updateUserPassword` with this hash. | ||
* It also invalidates all user refresh tokens, if `userRepository.invalidateUserRefreshTokens` method is provided. | ||
* @param password | ||
* @param userID | ||
*/ | ||
export default async function runner(password: string, userID: ID): Promise<void> { | ||
const hash = await createHash(password) | ||
|
||
const state = State.getInstance() | ||
await state.userRepository.updateUserPassword(userID, hash) | ||
|
||
await state.refreshTokenRepository.invalidateUserRefreshTokens?.(userID) | ||
} |
Oops, something went wrong.