@agilesoft/ags_authrest2 1.0.3 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +18 -73
  2. package/index.js +36 -273
  3. package/package.json +5 -16
  4. package/claudia.json +0 -0
package/README.md CHANGED
@@ -1,28 +1,28 @@
1
1
  # ags_authrest
2
+ _____________
2
3
 
3
- **packages library**
4
- ** For **flutter** auth client https://pub.dev/packages/ags_authrest2
5
- ---
6
4
 
7
- const express = require("express");
5
+ const express = require("express");
8
6
 
9
- const bodyParser = require("body-parser");
7
+ const bodyParser = require("body-parser");
10
8
 
11
- const app = express();
9
+ const app = express();
12
10
 
13
11
  app.use(bodyParser.json());
14
12
 
15
- app.use(bodyParser.urlencoded({ extended: true }));
13
+ app.use(bodyParser.urlencoded({ extended: true }));
14
+
15
+
16
16
 
17
17
  //เรียกใช้งาน
18
18
 
19
- **const ags_restauth = require("ags_authrest");**
19
+ **const ags_restauth = require("ags_authrest");**
20
20
 
21
- **const Auth = new ags_restauth();**
21
+ **const Auth = new ags_restauth();**
22
22
 
23
23
  //.env
24
24
 
25
- **process.env.SECERT_JWT = "ihavealongpassword";** //ใช้secert ที่มีความปลอดภัยสูง
25
+ **process.env.SECERT_JWT = "ihavealongpassword";** //ใช้secert ที่มีความปลอดภัยสูง
26
26
 
27
27
  //เปิดใช้ request เพื่อทดสอบ
28
28
 
@@ -34,76 +34,21 @@ app.use(bodyParser.urlencoded({ extended: true }));
34
34
 
35
35
  //ตัวอย่าง midleware ที่มีการ protect
36
36
 
37
+
38
+
37
39
  app.post("/jwtauth", Auth.Middleware, (req, res, next) => {
38
40
 
39
- return res.send(true);
41
+ return res.send(true);
40
42
 
41
43
  });
42
44
 
43
- const port = process.env.PORT || 3999;
44
-
45
- app.listen(port, () => console.log("Server is listening on port ${port}."));
46
-
47
- **//สำหรับเรียกใช้ token**
45
+
48
46
 
49
- (async () => {
50
-
51
- console.log(await Auth.GenToken(process.env.SECERT_JWT, process.env.R_USER));
52
-
53
- })();
47
+ const port = process.env.PORT || 3999;
54
48
 
55
- **//Client Use**
49
+ app.listen(port, () => console.log("Server is listening on port ${port}."));
56
50
 
51
+ **//สำหรับเรียกใช้ token**
57
52
  (async () => {
58
-
59
- var bodyData = {
60
-
61
- phone: "+66885257777",
62
-
63
- otpCode: "778747",
64
-
65
- refCode: "orxh4f",
66
-
67
- fromBU: "Qsms",
68
-
69
- };
70
-
71
- var options = {
72
-
73
- method: "POST",
74
-
75
- url: "http://localhost:3999/",
76
-
77
- headers: {
78
-
79
- Authorization: await Auth.genTokenEncryp(),
80
-
81
- "Content-Type": "application/json",
82
-
83
- },
84
-
85
- body: JSON.stringify(await Auth.encrypbody(bodyData)),
86
-
87
- };
88
-
89
- request(options, function (error, response) {
90
-
91
- if (error) throw new Error(error);
92
-
93
- console.log(JSON.parse(response.body));
94
-
95
- });
96
-
53
+ console.log(await Auth.GenToken(process.env.SECERT_JWT, process.env.R_USER));
97
54
  })();
98
-
99
-
100
- **//Exlample .env**
101
- SECERT_JWT=ihavealongpassword
102
-
103
- R_USER=karantest
104
-
105
- R_PASS=123456
106
-
107
- R_PATH=gentoken
108
-
109
- TZ=Europe/London
package/index.js CHANGED
@@ -2,18 +2,14 @@
2
2
  const jwt = require("jsonwebtoken");
3
3
  const date = require("date-and-time");
4
4
  var CryptoJS = require("crypto-js");
5
- var crypto = require("crypto");
6
- const { v4: uuidv4 } = require("uuid");
7
- require("dotenv").config();
8
- var isBase64 = require("is-base64");
5
+ require('dotenv').config()
9
6
  // default env request_token
10
7
  // R_USER = `karan_ags_ci`;
11
8
  // R_PASS = `12345678`;
12
9
 
13
- var R_USER = process.env.R_USER || `karan_ags_ci`;
10
+ var R_USER = process.env.R_USER || `karan_ags_ci`
14
11
  var R_PASS = process.env.R_PASS || `12345678`;
15
- var R_PATH = process.env.R_PATH || `/request_token`;
16
- var R_TOKEN = process.env.SECERT_JWT || `12345678`;
12
+ var R_PATH = process.env.R_PATH || `/request_token`
17
13
 
18
14
  async function SECRET(secretOrKey) {
19
15
  return new Promise(function (resolve, reject) {
@@ -27,190 +23,52 @@ async function SECRET(secretOrKey) {
27
23
  });
28
24
  }
29
25
 
30
- var arr = [];
31
-
32
- function check(token) {
33
- return new Promise(function (resolve, reject) {
34
- for (let index = 0; index < arr.length; index++) {
35
- const element = arr[index];
36
- if (element == token) {
37
- return resolve(true);
38
- }
39
- }
40
- return resolve(false);
41
- });
42
- }
43
-
44
- async function encrypt(secretRaw, decryptedMessage) {
45
- return new Promise(function (resolve, reject) {
46
- (async () => {
47
- try {
48
- var secret = await SECRET(secretRaw);
49
- var cipher = crypto.createCipheriv(
50
- "AES-256-CBC",
51
- secret.substr(0, 32),
52
- secret.substr(0, 16)
53
- );
54
- // console.log(`secert encryp is ${secret}`);
55
- let encrypted = cipher.update(decryptedMessage, "utf8", "base64");
56
- encrypted += cipher.final("base64");
57
- return resolve(encrypted);
58
- } catch (err) {
59
- console.log("err");
60
- console.log(err);
61
- return reject(err);
62
- }
63
- })();
64
- });
65
- }
66
-
67
- async function decrypt(encryptedMessage, secretOption) {
68
- if (secretOption === "" || secretOption === undefined) {
69
- secretOption = R_TOKEN;
70
- }
71
- return new Promise(function (resolve, reject) {
72
- (async () => {
73
- try {
74
- var secret = await SECRET(secretOption);
75
- var decipher = crypto.createDecipheriv(
76
- "AES-256-CBC",
77
- secret.substr(0, 32),
78
- secret.substr(0, 16)
79
- );
80
- // console.log(`secert decipher is ${secret}`);
81
- let decrypted = decipher.update(encryptedMessage, "base64", "utf8");
82
- return resolve(decrypted + decipher.final("utf8"));
83
- } catch (err) {
84
- console.log("err");
85
- console.log(err);
86
- return reject(err);
87
- }
88
- })();
89
- });
90
- }
91
-
92
26
  class Auth {
93
- constructor() {}
27
+ constructor() {
28
+ }
94
29
 
95
30
  Middleware(req, res, next) {
96
31
  (async () => {
97
- try {
98
- var headersEncrypter = false;
99
- var bodyOriginal = req.body;
100
- if (req.headers.authorization) {
101
- let findSecurity = req.headers.authorization.indexOf("securityAgs");
102
- if (findSecurity == -1) {
103
- const isb64 = isBase64(bodyOriginal.encrypData);
104
- if (isb64) {
105
- req.headers.authorization = await decrypt(
106
- req.headers.authorization
107
- );
108
- headersEncrypter = true;
109
- }
110
- } else {
111
- const replaceStr = req.headers.authorization.replace(
112
- /securityAgs/g,
113
- "/"
114
- );
115
- const isb64 = isBase64(bodyOriginal.encrypData);
116
- // console.log(isb64);
117
- // console.log("decrypt header");
118
- if (isb64) {
119
- req.headers.authorization = await decrypt(replaceStr);
120
- headersEncrypter = true;
32
+ if (req.headers.authorization) {
33
+ jwt.verify(
34
+ req.headers.authorization,
35
+ await SECRET(process.env.SECERT_JWT),
36
+ (err, payload) => {
37
+ if (err) {
38
+ console.log(err);
39
+ return res.sendStatus(400);
40
+ } else {
41
+ var isExpiredToken = false;
42
+
43
+ var dateNow = new Date();
44
+
45
+ if (payload.exp < dateNow.getTime()) {
46
+ isExpiredToken = true;
47
+ }
48
+ if (
49
+ payload.sub === R_USER &&
50
+ isExpiredToken === false
51
+ ) {
52
+ next();
53
+ } else {
54
+ return res.sendStatus(400);
55
+ }
121
56
  }
122
57
  }
123
- jwt.verify(
124
- req.headers.authorization,
125
- await SECRET(R_TOKEN),
126
- (err, payload) => {
127
- (async () => {
128
- if (err) {
129
- console.log(err);
130
- return res.sendStatus(400);
131
- } else {
132
- var isExpiredToken = false;
133
-
134
- var dateNow = new Date();
135
- if (payload.exp.toString().length > 10) {
136
- payload.exp = parseInt(payload.exp.toString().substr(0, 10));
137
- }
138
- // console.log(
139
- // `${payload.exp} < ${parseInt(
140
- // new Date().getTime().toString().slice(0, -3)
141
- // )}`
142
- // );
143
-
144
- if (
145
- payload.exp <
146
- parseInt(new Date().getTime().toString().slice(0, -3))
147
- ) {
148
- isExpiredToken = true;
149
- }
150
-
151
- if (payload.sub === R_USER && isExpiredToken === false) {
152
- const chk = await check(req.headers.authorization);
153
- // console.log(chk);
154
- arr.push(req.headers.authorization);
155
- if (
156
- chk == true &&
157
- req.headers.testdev !== true &&
158
- req.headers.testdev !== "true"
159
- ) {
160
- return res.send("duplicate token");
161
- }
162
- if (arr.length > 200) {
163
- arr = [];
164
- }
165
- // console.log(`headersEncrypter ${headersEncrypter}`);
166
- if (headersEncrypter === true) {
167
- if (bodyOriginal.encrypData) {
168
- const isb64 = isBase64(bodyOriginal.encrypData);
169
- if (isb64) {
170
- const result = await decrypt(bodyOriginal.encrypData);
171
- try {
172
- req.body = JSON.parse(result);
173
- next();
174
- } catch (error) {
175
- req.body = error;
176
- next();
177
- }
178
- } else {
179
- req.body = { result: `isb64 false` };
180
- next();
181
- }
182
- } else {
183
- req.body = { result: "no encrypData" };
184
- next();
185
- }
186
- } else {
187
- next();
188
- }
189
- } else {
190
- return res.sendStatus(400);
191
- }
192
- }
193
- })();
194
- }
195
- );
196
- } else {
197
- // console.log("bypass");
198
- // next();
199
- return res.sendStatus(400);
200
- }
201
- } catch (error) {
58
+ );
59
+ } else {
60
+ // console.log("bypass");
61
+ // next();
202
62
  return res.sendStatus(400);
203
63
  }
204
64
  })();
205
65
  }
206
66
 
207
67
  RequestToken(req, res, next) {
208
- // console.log(req.body.username, req.body.password, req.path);
209
- // console.log(R_USER, R_PASS, R_PATH);
210
68
  if (
211
69
  req.body.username === R_USER &&
212
70
  req.body.password === R_PASS &&
213
- (req.path === R_PATH || req.path === `/${R_PATH}`)
71
+ req.path === R_PATH
214
72
  ) {
215
73
  (async () => {
216
74
  const payload = {
@@ -218,9 +76,8 @@ class Auth {
218
76
  iat: new Date().getTime(),
219
77
  };
220
78
  res.send(
221
- jwt.sign(payload, await SECRET(R_TOKEN), {
79
+ jwt.sign(payload, await SECRET(process.env.SECERT_JWT), {
222
80
  expiresIn: "1d",
223
- jwtid: uuidv4(),
224
81
  })
225
82
  );
226
83
  })();
@@ -230,13 +87,6 @@ class Auth {
230
87
  }
231
88
 
232
89
  GenToken(secret, user) {
233
- if (secret === "" || secret === undefined) {
234
- secret = R_TOKEN;
235
- }
236
- if (user === "" || user === undefined) {
237
- user = R_USER;
238
- }
239
-
240
90
  return new Promise(function (resolve, reject) {
241
91
  (async () => {
242
92
  try {
@@ -247,7 +97,6 @@ class Auth {
247
97
  return resolve(
248
98
  jwt.sign(payload, await SECRET(secret), {
249
99
  expiresIn: "1d",
250
- jwtid: "uuidv4()",
251
100
  })
252
101
  );
253
102
  } catch (error) {
@@ -256,92 +105,6 @@ class Auth {
256
105
  })();
257
106
  });
258
107
  }
259
-
260
- genTokenEncryp(secret, user) {
261
- if (secret === "" || secret === undefined) {
262
- secret = R_TOKEN;
263
- }
264
- if (user === "" || user === undefined) {
265
- user = R_USER;
266
- }
267
-
268
- return new Promise(function (resolve, reject) {
269
- (async () => {
270
- try {
271
- const payload = {
272
- sub: user,
273
- iat: new Date().getTime(),
274
- };
275
- const token = jwt.sign(payload, await SECRET(secret), {
276
- expiresIn: "1d",
277
- jwtid: uuidv4(),
278
- });
279
- // console.log(secret);
280
- const encryp = await encrypt(secret, token);
281
-
282
- return resolve(encryp.replace(/\//g, "securityAgs"));
283
- } catch (error) {
284
- reject(error);
285
- }
286
- })();
287
- });
288
- }
289
-
290
- encrypbody(body, secret) {
291
- if (secret === "" || secret === undefined) {
292
- secret = R_TOKEN;
293
- }
294
-
295
- return new Promise(function (resolve, reject) {
296
- (async () => {
297
- try {
298
- const encryp = await encrypt(secret, JSON.stringify(body));
299
- const result = { encrypData: encryp };
300
- return resolve(result);
301
- } catch (error) {
302
- console.log(error);
303
- return reject(error);
304
- }
305
- })();
306
- });
307
- }
308
-
309
- decrypbody(body, secret) {
310
- if (secret === "" || secret === undefined) {
311
- secret = R_TOKEN;
312
- }
313
-
314
- return new Promise(function (resolve, reject) {
315
- (async () => {
316
- try {
317
- const result = await decrypt(body, secret);
318
- return resolve(result);
319
- } catch (error) {
320
- console.log(error);
321
- return reject(error);
322
- }
323
- })();
324
- });
325
- }
326
-
327
- test(secret) {
328
- if (secret === "" || secret === undefined) {
329
- secret = R_TOKEN;
330
- }
331
- return new Promise(function (resolve, reject) {
332
- (async () => {
333
- try {
334
- const encryp2 = await encrypt(R_TOKEN, "test");
335
- console.log(encryp2);
336
- const decrypt2 = await decrypt(encryp2);
337
- console.log(decrypt2);
338
- return resolve(decrypt2);
339
- } catch (error) {
340
- console.log(error);
341
- reject(error);
342
- }
343
- })();
344
- });
345
- }
346
108
  }
347
109
  module.exports = Auth;
110
+
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@agilesoft/ags_authrest2",
3
- "version": "1.0.3",
4
- "description": "This version has been deprecated",
3
+ "version": "1.0.5",
4
+ "description": "",
5
5
  "main": "index.js",
6
6
  "scripts": {
7
7
  "test": "echo \"Error: no test specified\" && exit 1"
@@ -10,20 +10,9 @@
10
10
  "author": "",
11
11
  "license": "ISC",
12
12
  "dependencies": {
13
- "crypto-js": "4.1.1",
13
+ "crypto-js": "4.2.0",
14
14
  "date-and-time": "2.1.0",
15
15
  "dotenv": "^16.0.0",
16
- "is-base64": "^1.1.0",
17
- "jsonwebtoken": "8.5.1",
18
- "uuid": "^8.3.2"
19
- },
20
- "devDependencies": {},
21
- "repository": {
22
- "type": "git",
23
- "url": "git+https://github.com/AGScorp/ags_authrest.git"
24
- },
25
- "bugs": {
26
- "url": "https://github.com/AGScorp/ags_authrest/issues"
27
- },
28
- "homepage": "https://github.com/AGScorp/ags_authrest#readme"
16
+ "jsonwebtoken": "9.0.3"
17
+ }
29
18
  }
package/claudia.json DELETED
File without changes