@agilesoft/ags_authrest2 1.0.4 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +18 -73
  2. package/index.js +36 -279
  3. package/package.json +5 -16
  4. package/claudia.json +0 -0
package/README.md CHANGED
@@ -1,28 +1,28 @@
1
1
  # ags_authrest
2
+ _____________
2
3
 
3
- **packages library**
4
- ** For **flutter** auth client https://pub.dev/packages/ags_authrest2
5
- ---
6
4
 
7
- const express = require("express");
5
+ const express = require("express");
8
6
 
9
- const bodyParser = require("body-parser");
7
+ const bodyParser = require("body-parser");
10
8
 
11
- const app = express();
9
+ const app = express();
12
10
 
13
11
  app.use(bodyParser.json());
14
12
 
15
- app.use(bodyParser.urlencoded({ extended: true }));
13
+ app.use(bodyParser.urlencoded({ extended: true }));
14
+
15
+
16
16
 
17
17
  //เรียกใช้งาน
18
18
 
19
- **const ags_restauth = require("ags_authrest");**
19
+ **const ags_restauth = require("ags_authrest");**
20
20
 
21
- **const Auth = new ags_restauth();**
21
+ **const Auth = new ags_restauth();**
22
22
 
23
23
  //.env
24
24
 
25
- **process.env.SECERT_JWT = "ihavealongpassword";** //ใช้secert ที่มีความปลอดภัยสูง
25
+ **process.env.SECERT_JWT = "ihavealongpassword";** //ใช้secert ที่มีความปลอดภัยสูง
26
26
 
27
27
  //เปิดใช้ request เพื่อทดสอบ
28
28
 
@@ -34,76 +34,21 @@ app.use(bodyParser.urlencoded({ extended: true }));
34
34
 
35
35
  //ตัวอย่าง midleware ที่มีการ protect
36
36
 
37
+
38
+
37
39
  app.post("/jwtauth", Auth.Middleware, (req, res, next) => {
38
40
 
39
- return res.send(true);
41
+ return res.send(true);
40
42
 
41
43
  });
42
44
 
43
- const port = process.env.PORT || 3999;
44
-
45
- app.listen(port, () => console.log("Server is listening on port ${port}."));
46
-
47
- **//สำหรับเรียกใช้ token**
45
+
48
46
 
49
- (async () => {
50
-
51
- console.log(await Auth.GenToken(process.env.SECERT_JWT, process.env.R_USER));
52
-
53
- })();
47
+ const port = process.env.PORT || 3999;
54
48
 
55
- **//Client Use**
49
+ app.listen(port, () => console.log("Server is listening on port ${port}."));
56
50
 
51
+ **//สำหรับเรียกใช้ token**
57
52
  (async () => {
58
-
59
- var bodyData = {
60
-
61
- phone: "+66885257777",
62
-
63
- otpCode: "778747",
64
-
65
- refCode: "orxh4f",
66
-
67
- fromBU: "Qsms",
68
-
69
- };
70
-
71
- var options = {
72
-
73
- method: "POST",
74
-
75
- url: "http://localhost:3999/",
76
-
77
- headers: {
78
-
79
- Authorization: await Auth.genTokenEncryp(),
80
-
81
- "Content-Type": "application/json",
82
-
83
- },
84
-
85
- body: JSON.stringify(await Auth.encrypbody(bodyData)),
86
-
87
- };
88
-
89
- request(options, function (error, response) {
90
-
91
- if (error) throw new Error(error);
92
-
93
- console.log(JSON.parse(response.body));
94
-
95
- });
96
-
53
+ console.log(await Auth.GenToken(process.env.SECERT_JWT, process.env.R_USER));
97
54
  })();
98
-
99
-
100
- **//Exlample .env**
101
- SECERT_JWT=ihavealongpassword
102
-
103
- R_USER=karantest
104
-
105
- R_PASS=123456
106
-
107
- R_PATH=gentoken
108
-
109
- TZ=Europe/London
package/index.js CHANGED
@@ -2,18 +2,14 @@
2
2
  const jwt = require("jsonwebtoken");
3
3
  const date = require("date-and-time");
4
4
  var CryptoJS = require("crypto-js");
5
- var crypto = require("crypto");
6
- const { v4: uuidv4 } = require("uuid");
7
- require("dotenv").config();
8
- var isBase64 = require("is-base64");
5
+ require('dotenv').config()
9
6
  // default env request_token
10
7
  // R_USER = `karan_ags_ci`;
11
8
  // R_PASS = `12345678`;
12
9
 
13
- var R_USER = process.env.R_USER || `karan_ags_ci`;
10
+ var R_USER = process.env.R_USER || `karan_ags_ci`
14
11
  var R_PASS = process.env.R_PASS || `12345678`;
15
- var R_PATH = process.env.R_PATH || `/request_token`;
16
- var R_TOKEN = process.env.SECERT_JWT || `12345678`;
12
+ var R_PATH = process.env.R_PATH || `/request_token`
17
13
 
18
14
  async function SECRET(secretOrKey) {
19
15
  return new Promise(function (resolve, reject) {
@@ -27,196 +23,52 @@ async function SECRET(secretOrKey) {
27
23
  });
28
24
  }
29
25
 
30
- var arr = [];
31
-
32
- function check(token) {
33
- return new Promise(function (resolve, reject) {
34
- for (let index = 0; index < arr.length; index++) {
35
- const element = arr[index];
36
- if (element == token) {
37
- return resolve(true);
38
- }
39
- }
40
- return resolve(false);
41
- });
42
- }
43
-
44
- async function encrypt(secretRaw, decryptedMessage) {
45
- return new Promise(function (resolve, reject) {
46
- (async () => {
47
- try {
48
- var secret = await SECRET(secretRaw);
49
- var cipher = crypto.createCipheriv(
50
- "AES-256-CBC",
51
- secret.substr(0, 32),
52
- secret.substr(0, 16)
53
- );
54
- // console.log(`secert encryp is ${secret}`);
55
- let encrypted = cipher.update(decryptedMessage, "utf8", "base64");
56
- encrypted += cipher.final("base64");
57
- return resolve(encrypted);
58
- } catch (err) {
59
- console.log("err");
60
- console.log(err);
61
- return reject(err);
62
- }
63
- })();
64
- });
65
- }
66
-
67
- async function decrypt(encryptedMessage, secretOption) {
68
- if (secretOption === "" || secretOption === undefined) {
69
- secretOption = R_TOKEN;
70
- }
71
- return new Promise(function (resolve, reject) {
72
- (async () => {
73
- try {
74
- var secret = await SECRET(secretOption);
75
- var decipher = crypto.createDecipheriv(
76
- "AES-256-CBC",
77
- secret.substr(0, 32),
78
- secret.substr(0, 16)
79
- );
80
- // console.log(`secert decipher is ${secret}`);
81
- let decrypted = decipher.update(encryptedMessage, "base64", "utf8");
82
- return resolve(decrypted + decipher.final("utf8"));
83
- } catch (err) {
84
- console.log("err");
85
- console.log(err);
86
- return reject(err);
87
- }
88
- })();
89
- });
90
- }
91
-
92
26
  class Auth {
93
- constructor() {}
27
+ constructor() {
28
+ }
94
29
 
95
30
  Middleware(req, res, next) {
96
31
  (async () => {
97
- try {
98
- var headersEncrypter = false;
99
- var bodyOriginal = req.body;
100
- if (req.headers.authorization) {
101
- let findSecurity = req.headers.authorization.indexOf("securityAgs");
102
- if (findSecurity == -1) {
103
- const isb64 = isBase64(bodyOriginal.encrypData);
104
- if (isb64) {
105
- req.headers.authorization = await decrypt(
106
- req.headers.authorization
107
- );
108
- headersEncrypter = true;
109
- }
110
- } else {
111
- const replaceStr = req.headers.authorization.replace(
112
- /securityAgs/g,
113
- "/"
114
- );
115
- const isb64 = isBase64(bodyOriginal.encrypData);
116
- // console.log(isb64);
117
- // console.log("decrypt header");
118
- if (isb64) {
119
- req.headers.authorization = await decrypt(replaceStr);
120
- headersEncrypter = true;
32
+ if (req.headers.authorization) {
33
+ jwt.verify(
34
+ req.headers.authorization,
35
+ await SECRET(process.env.SECERT_JWT),
36
+ (err, payload) => {
37
+ if (err) {
38
+ console.log(err);
39
+ return res.sendStatus(400);
40
+ } else {
41
+ var isExpiredToken = false;
42
+
43
+ var dateNow = new Date();
44
+
45
+ if (payload.exp < dateNow.getTime()) {
46
+ isExpiredToken = true;
47
+ }
48
+ if (
49
+ payload.sub === R_USER &&
50
+ isExpiredToken === false
51
+ ) {
52
+ next();
53
+ } else {
54
+ return res.sendStatus(400);
55
+ }
121
56
  }
122
57
  }
123
- jwt.verify(
124
- req.headers.authorization,
125
- await SECRET(R_TOKEN),
126
- (err, payload) => {
127
- (async () => {
128
- if (err) {
129
- console.log(err);
130
- return res.sendStatus(400);
131
- } else {
132
- var isExpiredToken = false;
133
-
134
- var dateNow = new Date();
135
- if (payload.exp) {
136
- if (payload.exp.toString().length > 10) {
137
- payload.exp = parseInt(
138
- payload.exp.toString().substr(0, 10)
139
- );
140
- }
141
- // console.log(
142
- // `${payload.exp} < ${parseInt(
143
- // new Date().getTime().toString().slice(0, -3)
144
- // )}`
145
- // );
146
-
147
- if (
148
- payload.exp <
149
- parseInt(new Date().getTime().toString().slice(0, -3))
150
- ) {
151
- isExpiredToken = true;
152
- }
153
- } else {
154
- isExpiredToken = false;
155
- }
156
-
157
- if (payload.sub === R_USER && isExpiredToken === false) {
158
- const chk = await check(req.headers.authorization);
159
- // console.log(chk);
160
- arr.push(req.headers.authorization);
161
- if (
162
- chk == true &&
163
- req.headers.testdev !== true &&
164
- req.headers.testdev !== "true"
165
- ) {
166
- return res.send("duplicate token");
167
- }
168
- if (arr.length > 200) {
169
- arr = [];
170
- }
171
- // console.log(`headersEncrypter ${headersEncrypter}`);
172
- if (headersEncrypter === true) {
173
- if (bodyOriginal.encrypData) {
174
- const isb64 = isBase64(bodyOriginal.encrypData);
175
- if (isb64) {
176
- const result = await decrypt(bodyOriginal.encrypData);
177
- try {
178
- req.body = JSON.parse(result);
179
- next();
180
- } catch (error) {
181
- req.body = error;
182
- next();
183
- }
184
- } else {
185
- req.body = { result: `isb64 false` };
186
- next();
187
- }
188
- } else {
189
- req.body = { result: "no encrypData" };
190
- next();
191
- }
192
- } else {
193
- next();
194
- }
195
- } else {
196
- return res.sendStatus(400);
197
- }
198
- }
199
- })();
200
- }
201
- );
202
- } else {
203
- // console.log("bypass");
204
- // next();
205
- return res.sendStatus(400);
206
- }
207
- } catch (error) {
58
+ );
59
+ } else {
60
+ // console.log("bypass");
61
+ // next();
208
62
  return res.sendStatus(400);
209
63
  }
210
64
  })();
211
65
  }
212
66
 
213
67
  RequestToken(req, res, next) {
214
- // console.log(req.body.username, req.body.password, req.path);
215
- // console.log(R_USER, R_PASS, R_PATH);
216
68
  if (
217
69
  req.body.username === R_USER &&
218
70
  req.body.password === R_PASS &&
219
- (req.path === R_PATH || req.path === `/${R_PATH}`)
71
+ req.path === R_PATH
220
72
  ) {
221
73
  (async () => {
222
74
  const payload = {
@@ -224,9 +76,8 @@ class Auth {
224
76
  iat: new Date().getTime(),
225
77
  };
226
78
  res.send(
227
- jwt.sign(payload, await SECRET(R_TOKEN), {
79
+ jwt.sign(payload, await SECRET(process.env.SECERT_JWT), {
228
80
  expiresIn: "1d",
229
- jwtid: uuidv4(),
230
81
  })
231
82
  );
232
83
  })();
@@ -236,13 +87,6 @@ class Auth {
236
87
  }
237
88
 
238
89
  GenToken(secret, user) {
239
- if (secret === "" || secret === undefined) {
240
- secret = R_TOKEN;
241
- }
242
- if (user === "" || user === undefined) {
243
- user = R_USER;
244
- }
245
-
246
90
  return new Promise(function (resolve, reject) {
247
91
  (async () => {
248
92
  try {
@@ -253,7 +97,6 @@ class Auth {
253
97
  return resolve(
254
98
  jwt.sign(payload, await SECRET(secret), {
255
99
  expiresIn: "1d",
256
- jwtid: "uuidv4()",
257
100
  })
258
101
  );
259
102
  } catch (error) {
@@ -262,92 +105,6 @@ class Auth {
262
105
  })();
263
106
  });
264
107
  }
265
-
266
- genTokenEncryp(secret, user) {
267
- if (secret === "" || secret === undefined) {
268
- secret = R_TOKEN;
269
- }
270
- if (user === "" || user === undefined) {
271
- user = R_USER;
272
- }
273
-
274
- return new Promise(function (resolve, reject) {
275
- (async () => {
276
- try {
277
- const payload = {
278
- sub: user,
279
- iat: new Date().getTime(),
280
- };
281
- const token = jwt.sign(payload, await SECRET(secret), {
282
- expiresIn: "1d",
283
- jwtid: uuidv4(),
284
- });
285
- // console.log(secret);
286
- const encryp = await encrypt(secret, token);
287
-
288
- return resolve(encryp.replace(/\//g, "securityAgs"));
289
- } catch (error) {
290
- reject(error);
291
- }
292
- })();
293
- });
294
- }
295
-
296
- encrypbody(body, secret) {
297
- if (secret === "" || secret === undefined) {
298
- secret = R_TOKEN;
299
- }
300
-
301
- return new Promise(function (resolve, reject) {
302
- (async () => {
303
- try {
304
- const encryp = await encrypt(secret, JSON.stringify(body));
305
- const result = { encrypData: encryp };
306
- return resolve(result);
307
- } catch (error) {
308
- console.log(error);
309
- return reject(error);
310
- }
311
- })();
312
- });
313
- }
314
-
315
- decrypbody(body, secret) {
316
- if (secret === "" || secret === undefined) {
317
- secret = R_TOKEN;
318
- }
319
-
320
- return new Promise(function (resolve, reject) {
321
- (async () => {
322
- try {
323
- const result = await decrypt(body, secret);
324
- return resolve(result);
325
- } catch (error) {
326
- console.log(error);
327
- return reject(error);
328
- }
329
- })();
330
- });
331
- }
332
-
333
- test(secret) {
334
- if (secret === "" || secret === undefined) {
335
- secret = R_TOKEN;
336
- }
337
- return new Promise(function (resolve, reject) {
338
- (async () => {
339
- try {
340
- const encryp2 = await encrypt(R_TOKEN, "test");
341
- console.log(encryp2);
342
- const decrypt2 = await decrypt(encryp2);
343
- console.log(decrypt2);
344
- return resolve(decrypt2);
345
- } catch (error) {
346
- console.log(error);
347
- reject(error);
348
- }
349
- })();
350
- });
351
- }
352
108
  }
353
109
  module.exports = Auth;
110
+
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@agilesoft/ags_authrest2",
3
- "version": "1.0.4",
4
- "description": "This version has been deprecated",
3
+ "version": "1.0.5",
4
+ "description": "",
5
5
  "main": "index.js",
6
6
  "scripts": {
7
7
  "test": "echo \"Error: no test specified\" && exit 1"
@@ -10,20 +10,9 @@
10
10
  "author": "",
11
11
  "license": "ISC",
12
12
  "dependencies": {
13
- "crypto-js": "4.1.1",
13
+ "crypto-js": "4.2.0",
14
14
  "date-and-time": "2.1.0",
15
15
  "dotenv": "^16.0.0",
16
- "is-base64": "^1.1.0",
17
- "jsonwebtoken": "8.5.1",
18
- "uuid": "^8.3.2"
19
- },
20
- "devDependencies": {},
21
- "repository": {
22
- "type": "git",
23
- "url": "git+https://github.com/AGScorp/ags_authrest.git"
24
- },
25
- "bugs": {
26
- "url": "https://github.com/AGScorp/ags_authrest/issues"
27
- },
28
- "homepage": "https://github.com/AGScorp/ags_authrest#readme"
16
+ "jsonwebtoken": "9.0.3"
17
+ }
29
18
  }
package/claudia.json DELETED
File without changes