@feathersjs/authentication 5.0.0-pre.9 → 5.0.0

package/src/core.ts

@@ -1,24 +1,32 @@
-import merge from 'lodash/merge';
-import jsonwebtoken, { SignOptions, Secret, VerifyOptions } from 'jsonwebtoken';
-import { v4 as uuidv4 } from 'uuid';
-import { NotAuthenticated } from '@feathersjs/errors';
-import { createDebug } from '@feathersjs/commons';
-import { Application, Params } from '@feathersjs/feathers';
-import { IncomingMessage, ServerResponse } from 'http';
-import defaultOptions from './options';
+import merge from 'lodash/merge'
+import jsonwebtoken, { SignOptions, Secret, VerifyOptions, Algorithm } from 'jsonwebtoken'
+import { v4 as uuidv4 } from 'uuid'
+import { NotAuthenticated } from '@feathersjs/errors'
+import { createDebug } from '@feathersjs/commons'
+import { Application, Params } from '@feathersjs/feathers'
+import { IncomingMessage, ServerResponse } from 'http'
+import { AuthenticationConfiguration, defaultOptions } from './options'
 
-const debug = createDebug('@feathersjs/authentication/base');
+const debug = createDebug('@feathersjs/authentication/base')
 
 export interface AuthenticationResult {
-  [key: string]: any;
+  [key: string]: any
 }
 
 export interface AuthenticationRequest {
-  strategy?: string;
-  [key: string]: any;
+  strategy?: string
+  [key: string]: any
 }
 
-export type ConnectionEvent = 'login' | 'logout' | 'disconnect';
+export interface AuthenticationParams extends Params {
+  payload?: { [key: string]: any }
+  jwtOptions?: SignOptions
+  authStrategies?: string[]
+  secret?: string
+  [key: string]: any
+}
+
+export type ConnectionEvent = 'login' | 'logout' | 'disconnect'
 
 export interface AuthenticationStrategy {
   /**
@@ -26,24 +34,30 @@ export interface AuthenticationStrategy {
    *
    * @param auth The AuthenticationService
    */
-  setAuthentication? (auth: AuthenticationBase): void;
+  setAuthentication?(auth: AuthenticationBase): void
   /**
    * Implement this method to get access to the Feathers application
    *
    * @param app The Feathers application instance
    */
-  setApplication? (app: Application): void;
+  setApplication?(app: Application): void
   /**
    * Implement this method to get access to the strategy name
    *
    * @param name The name of the strategy
    */
-  setName? (name: string): void;
+  setName?(name: string): void
   /**
    * Implement this method to verify the current configuration
    * and throw an error if it is invalid.
    */
-  verifyConfiguration? (): void;
+  verifyConfiguration?(): void
+  /**
+   * Implement this method to setup this strategy
+   * @param auth The AuthenticationService
+   * @param name The name of the strategy
+   */
+  setup?(auth: AuthenticationBase, name: string): Promise<void>
   /**
    * Authenticate an authentication request with this strategy.
    * Should throw an error if the strategy did not succeed.
@@ -51,36 +65,38 @@ export interface AuthenticationStrategy {
    * @param authentication The authentication request
    * @param params The service call parameters
    */
-  authenticate? (authentication: AuthenticationRequest, params: Params): Promise<AuthenticationResult>;
+  authenticate?(
+    authentication: AuthenticationRequest,
+    params: AuthenticationParams
+  ): Promise<AuthenticationResult>
   /**
    * Update a real-time connection according to this strategy.
    *
    * @param connection The real-time connection
    * @param context The hook context
    */
-  handleConnection? (event: ConnectionEvent, connection: any, authResult?: AuthenticationResult): Promise<void>;
+  handleConnection?(event: ConnectionEvent, connection: any, authResult?: AuthenticationResult): Promise<void>
   /**
    * Parse a basic HTTP request and response for authentication request information.
    *
    * @param req The HTTP request
    * @param res The HTTP response
    */
-  parse? (req: IncomingMessage, res: ServerResponse): Promise<AuthenticationRequest | null>;
+  parse?(req: IncomingMessage, res: ServerResponse): Promise<AuthenticationRequest | null>
 }
 
 export interface JwtVerifyOptions extends VerifyOptions {
-  algorithm?: string | string[];
+  algorithm?: string | string[]
 }
 
 /**
  * A base class for managing authentication strategies and creating and verifying JWTs
  */
 export class AuthenticationBase {
-  app: Application;
-  configKey: string;
-  strategies: {
-    [key: string]: AuthenticationStrategy;
-  };
+  app: Application
+  strategies: { [key: string]: AuthenticationStrategy }
+  configKey: string
+  isReady: boolean
 
   /**
    * Create a new authentication service.
@@ -89,32 +105,33 @@ export class AuthenticationBase {
    * @param configKey The configuration key name in `app.get` (default: `authentication`)
    * @param options Optional initial options
    */
-  constructor (app: Application, configKey = 'authentication', options = {}) {
+  constructor(app: Application, configKey = 'authentication', options = {}) {
     if (!app || typeof app.use !== 'function') {
-      throw new Error('An application instance has to be passed to the authentication service');
+      throw new Error('An application instance has to be passed to the authentication service')
     }
 
-    this.app = app;
-    this.strategies = {};
-    this.configKey = configKey;
+    this.app = app
+    this.strategies = {}
+    this.configKey = configKey
+    this.isReady = false
 
-    app.set('defaultAuthentication', app.get('defaultAuthentication') || configKey);
-    app.set(configKey, merge({}, app.get(configKey), options));
+    app.set('defaultAuthentication', app.get('defaultAuthentication') || configKey)
+    app.set(configKey, merge({}, app.get(configKey), options))
   }
 
   /**
    * Return the current configuration from the application
    */
-  get configuration () {
+  get configuration(): AuthenticationConfiguration {
     // Always returns a copy of the authentication configuration
-    return Object.assign({}, defaultOptions, this.app.get(this.configKey));
+    return Object.assign({}, defaultOptions, this.app.get(this.configKey))
   }
 
   /**
    * A list of all registered strategy names
    */
-  get strategyNames () {
-    return Object.keys(this.strategies);
+  get strategyNames() {
+    return Object.keys(this.strategies)
   }
 
   /**
@@ -123,26 +140,30 @@ export class AuthenticationBase {
    * @param name The name to register the strategy under
    * @param strategy The authentication strategy instance
    */
-  register (name: string, strategy: AuthenticationStrategy) {
+  register(name: string, strategy: AuthenticationStrategy) {
     // Call the functions a strategy can implement
     if (typeof strategy.setName === 'function') {
-      strategy.setName(name);
+      strategy.setName(name)
     }
 
     if (typeof strategy.setApplication === 'function') {
-      strategy.setApplication(this.app);
+      strategy.setApplication(this.app)
     }
 
     if (typeof strategy.setAuthentication === 'function') {
-      strategy.setAuthentication(this);
+      strategy.setAuthentication(this)
     }
 
     if (typeof strategy.verifyConfiguration === 'function') {
-      strategy.verifyConfiguration();
+      strategy.verifyConfiguration()
     }
 
     // Register strategy as name
-    this.strategies[name] = strategy;
+    this.strategies[name] = strategy
+
+    if (this.isReady) {
+      strategy.setup?.(this, name)
+    }
   }
 
   /**
@@ -150,9 +171,18 @@ export class AuthenticationBase {
    *
    * @param names The list or strategy names
    */
-  getStrategies (...names: string[]) {
-    return names.map(name => this.strategies[name])
-      .filter(current => !!current);
+  getStrategies(...names: string[]) {
+    return names.map((name) => this.strategies[name]).filter((current) => !!current)
+  }
+
+  /**
+   * Returns a single strategy by name
+   *
+   * @param name The strategy name
+   * @returns The authentication strategy or undefined
+   */
+  getStrategy(name: string) {
+    return this.strategies[name]
   }
 
   /**
@@ -162,19 +192,23 @@ export class AuthenticationBase {
    * @param optsOverride The options to extend the defaults (`configuration.jwtOptions`) with
    * @param secretOverride Use a different secret instead
    */
-  async createAccessToken (payload: string | Buffer | object, optsOverride?: SignOptions, secretOverride?: Secret) {
-    const { secret, jwtOptions } = this.configuration;
+  async createAccessToken(
+    payload: string | Buffer | object,
+    optsOverride?: SignOptions,
+    secretOverride?: Secret
+  ) {
+    const { secret, jwtOptions } = this.configuration
     // Use configuration by default but allow overriding the secret
-    const jwtSecret = secretOverride || secret;
+    const jwtSecret = secretOverride || secret
     // Default jwt options merged with additional options
-    const options = merge({}, jwtOptions, optsOverride);
+    const options = merge({}, jwtOptions, optsOverride)
 
     if (!options.jwtid) {
       // Generate a UUID as JWT ID by default
-      options.jwtid = uuidv4();
+      options.jwtid = uuidv4()
     }
 
-    return jsonwebtoken.sign(payload, jwtSecret, options);
+    return jsonwebtoken.sign(payload, jwtSecret, options)
   }
 
   /**
@@ -184,24 +218,24 @@ export class AuthenticationBase {
    * @param optsOverride The options to extend the defaults (`configuration.jwtOptions`) with
    * @param secretOverride Use a different secret instead
    */
-  async verifyAccessToken (accessToken: string, optsOverride?: JwtVerifyOptions, secretOverride?: Secret) {
-    const { secret, jwtOptions } = this.configuration;
-    const jwtSecret = secretOverride || secret;
-    const options = merge({}, jwtOptions, optsOverride);
-    const { algorithm } = options;
+  async verifyAccessToken(accessToken: string, optsOverride?: JwtVerifyOptions, secretOverride?: Secret) {
+    const { secret, jwtOptions } = this.configuration
+    const jwtSecret = secretOverride || secret
+    const options = merge({}, jwtOptions, optsOverride)
+    const { algorithm } = options
 
     // Normalize the `algorithm` setting into the algorithms array
     if (algorithm && !options.algorithms) {
-      options.algorithms = Array.isArray(algorithm) ? algorithm : [ algorithm ];
-      delete options.algorithm;
+      options.algorithms = (Array.isArray(algorithm) ? algorithm : [algorithm]) as Algorithm[]
+      delete options.algorithm
     }
 
     try {
-      const verified = jsonwebtoken.verify(accessToken, jwtSecret, options);
+      const verified = jsonwebtoken.verify(accessToken, jwtSecret, options)
 
-      return verified as any;
-    } catch (error) {
-      throw new NotAuthenticated(error.message, error);
+      return verified as any
+    } catch (error: any) {
+      throw new NotAuthenticated(error.message, error)
     }
   }
 
@@ -212,33 +246,40 @@ export class AuthenticationBase {
    * @param params Service call parameters
    * @param allowed A list of allowed strategy names
    */
-  async authenticate (authentication: AuthenticationRequest, params: Params, ...allowed: string[]) {
-    const { strategy } = authentication || {};
-    const [ authStrategy ] = this.getStrategies(strategy);
-    const strategyAllowed = allowed.includes(strategy);
+  async authenticate(
+    authentication: AuthenticationRequest,
+    params: AuthenticationParams,
+    ...allowed: string[]
+  ) {
+    const { strategy } = authentication || {}
+    const [authStrategy] = this.getStrategies(strategy)
+    const strategyAllowed = allowed.includes(strategy)
 
-    debug('Running authenticate for strategy', strategy, allowed);
+    debug('Running authenticate for strategy', strategy, allowed)
 
     if (!authentication || !authStrategy || !strategyAllowed) {
-      const additionalInfo = (!strategy && ' (no `strategy` set)') ||
-        (!strategyAllowed && ' (strategy not allowed in authStrategies)') || '';
+      const additionalInfo =
+        (!strategy && ' (no `strategy` set)') ||
+        (!strategyAllowed && ' (strategy not allowed in authStrategies)') ||
+        ''
 
       // If there are no valid strategies or `authentication` is not an object
-      throw new NotAuthenticated('Invalid authentication information' + additionalInfo);
+      throw new NotAuthenticated('Invalid authentication information' + additionalInfo)
     }
 
     return authStrategy.authenticate(authentication, {
       ...params,
       authenticated: true
-    });
+    })
   }
 
-  async handleConnection (event: ConnectionEvent, connection: any, authResult?: AuthenticationResult) {
-    const strategies = this.getStrategies(...Object.keys(this.strategies))
-      .filter(current => typeof current.handleConnection === 'function');
+  async handleConnection(event: ConnectionEvent, connection: any, authResult?: AuthenticationResult) {
+    const strategies = this.getStrategies(...Object.keys(this.strategies)).filter(
+      (current) => typeof current.handleConnection === 'function'
+    )
 
     for (const strategy of strategies) {
-      await strategy.handleConnection(event, connection, authResult);
+      await strategy.handleConnection(event, connection, authResult)
     }
   }
 
@@ -249,20 +290,29 @@ export class AuthenticationBase {
    * @param res The HTTP response
    * @param names A list of strategies to use
    */
-  async parse (req: IncomingMessage, res: ServerResponse, ...names: string[]) {
-    const strategies = this.getStrategies(...names)
-      .filter(current => typeof current.parse === 'function');
+  async parse(req: IncomingMessage, res: ServerResponse, ...names: string[]) {
+    const strategies = this.getStrategies(...names).filter((current) => typeof current.parse === 'function')
 
-    debug('Strategies parsing HTTP header for authentication information', names);
+    debug('Strategies parsing HTTP header for authentication information', names)
 
     for (const authStrategy of strategies) {
-      const value = await authStrategy.parse(req, res);
+      const value = await authStrategy.parse(req, res)
 
       if (value !== null) {
-        return value;
+        return value
       }
     }
 
-    return null;
+    return null
+  }
+
+  async setup() {
+    this.isReady = true
+
+    for (const name of Object.keys(this.strategies)) {
+      const strategy = this.strategies[name]
+
+      await strategy.setup?.(this, name)
+    }
   }
 }

package/src/hooks/authenticate.ts

@@ -1,63 +1,67 @@
-import flatten from 'lodash/flatten';
-import omit from 'lodash/omit';
-import { HookContext, NextFunction } from '@feathersjs/feathers';
-import { NotAuthenticated } from '@feathersjs/errors';
-import { createDebug } from '@feathersjs/commons';
+import flatten from 'lodash/flatten'
+import omit from 'lodash/omit'
+import { HookContext, NextFunction } from '@feathersjs/feathers'
+import { NotAuthenticated } from '@feathersjs/errors'
+import { createDebug } from '@feathersjs/commons'
 
-const debug = createDebug('@feathersjs/authentication/hooks/authenticate');
+const debug = createDebug('@feathersjs/authentication/hooks/authenticate')
 
 export interface AuthenticateHookSettings {
-  service?: string;
-  strategies: string[];
+  service?: string
+  strategies?: string[]
 }
 
 export default (originalSettings: string | AuthenticateHookSettings, ...originalStrategies: string[]) => {
-  const settings = typeof originalSettings === 'string'
-    ? { strategies: flatten([ originalSettings, ...originalStrategies ]) }
-    : originalSettings;
+  const settings =
+    typeof originalSettings === 'string'
+      ? { strategies: flatten([originalSettings, ...originalStrategies]) }
+      : originalSettings
 
   if (!originalSettings || settings.strategies.length === 0) {
-    throw new Error('The authenticate hook needs at least one allowed strategy');
+    throw new Error('The authenticate hook needs at least one allowed strategy')
   }
 
-  return async (context: HookContext<any, any>, _next?: NextFunction) => {
-    const next = typeof _next === 'function' ? _next : async () => context;
-    const { app, params, type, path, service } = context;
-    const { strategies } = settings;
-    const { provider, authentication } = params;
-    const authService = app.defaultAuthentication(settings.service);
+  return async (context: HookContext, _next?: NextFunction) => {
+    const next = typeof _next === 'function' ? _next : async () => context
+    const { app, params, type, path, service } = context
+    const { strategies } = settings
+    const { provider, authentication } = params
+    const authService = app.defaultAuthentication(settings.service)
 
-    debug(`Running authenticate hook on '${path}'`);
+    debug(`Running authenticate hook on '${path}'`)
 
-    if (type && type !== 'before') {
-      throw new NotAuthenticated('The authenticate hook must be used as a before hook');
+    if (type && type !== 'before' && type !== 'around') {
+      throw new NotAuthenticated('The authenticate hook must be used as a before hook')
     }
 
     if (!authService || typeof authService.authenticate !== 'function') {
-      throw new NotAuthenticated('Could not find a valid authentication service');
+      throw new NotAuthenticated('Could not find a valid authentication service')
     }
 
-    // @ts-ignore
     if (service === authService) {
-      throw new NotAuthenticated('The authenticate hook does not need to be used on the authentication service');
+      throw new NotAuthenticated(
+        'The authenticate hook does not need to be used on the authentication service'
+      )
     }
 
     if (params.authenticated === true) {
-      return next();
+      return next()
     }
 
     if (authentication) {
-      const authParams = omit(params, 'provider', 'authentication');
+      const authParams = omit(params, 'provider', 'authentication')
 
-      debug('Authenticating with', authentication, strategies);
+      debug('Authenticating with', authentication, strategies)
 
-      const authResult = await authService.authenticate(authentication, authParams, ...strategies);
+      const authResult = await authService.authenticate(authentication, authParams, ...strategies)
 
-      context.params = Object.assign({}, params, omit(authResult, 'accessToken'), { authenticated: true });
+      context.params = Object.assign({}, params, omit(authResult, 'accessToken'), {
+        authenticated: true
+      })
     } else if (provider) {
-      throw new NotAuthenticated('Not authenticated');
+      throw new NotAuthenticated('Not authenticated')
     }
 
-    return next();
-  };
-};
+    return next()
+  }
+}

package/src/hooks/connection.ts

@@ -1,17 +1,17 @@
-import { HookContext, NextFunction } from '@feathersjs/feathers';
-import omit from 'lodash/omit';
-import { AuthenticationBase, ConnectionEvent } from '../core';
+import { HookContext, NextFunction } from '@feathersjs/feathers'
+import { AuthenticationBase, ConnectionEvent } from '../core'
 
 export default (event: ConnectionEvent) => async (context: HookContext, next: NextFunction) => {
-  await next();
+  await next()
 
-  const { result, params: { connection } } = context;
+  const {
+    result,
+    params: { connection }
+  } = context
 
   if (connection) {
-    const service = context.service as unknown as AuthenticationBase;
+    const service = context.service as unknown as AuthenticationBase
 
-    Object.assign(connection, omit(result, 'accessToken', 'authentication'));
-
-    await service.handleConnection(event, connection, result);
+    await service.handleConnection(event, connection, result)
   }
-};
+}

package/src/hooks/event.ts

@@ -1,16 +1,16 @@
-import { HookContext, NextFunction } from '@feathersjs/feathers';
-import { createDebug } from '@feathersjs/commons';
-import { ConnectionEvent } from '../core';
+import { HookContext, NextFunction } from '@feathersjs/feathers'
+import { createDebug } from '@feathersjs/commons'
+import { ConnectionEvent } from '../core'
 
-const debug = createDebug('@feathersjs/authentication/hooks/connection');
+const debug = createDebug('@feathersjs/authentication/hooks/connection')
 
 export default (event: ConnectionEvent) => async (context: HookContext, next: NextFunction) => {
-  await next();
+  await next()
 
-  const { app, result, params } = context;
+  const { app, result, params } = context
 
   if (params.provider && result) {
-    debug(`Sending authentication event '${event}'`);
-    app.emit(event, result, params, context);
+    debug(`Sending authentication event '${event}'`)
+    app.emit(event, result, params, context)
   }
-};
+}

package/src/hooks/index.ts

@@ -1,3 +1,3 @@
-export { default as authenticate } from './authenticate';
-export { default as connection } from './connection';
-export { default as event } from './event';
+export { default as authenticate } from './authenticate'
+export { default as connection } from './connection'
+export { default as event } from './event'

package/src/index.ts

@@ -1,16 +1,14 @@
-import * as hooks from './hooks';
-
-const { authenticate } = hooks;
-
-export { hooks };
-export { authenticate };
+export * as hooks from './hooks'
+export { authenticate } from './hooks'
 export {
   AuthenticationBase,
   AuthenticationRequest,
   AuthenticationResult,
   AuthenticationStrategy,
+  AuthenticationParams,
   ConnectionEvent
-} from './core';
-export { AuthenticationBaseStrategy } from './strategy';
-export { AuthenticationService } from './service';
-export { JWTStrategy } from './jwt';
+} from './core'
+export { AuthenticationBaseStrategy } from './strategy'
+export { AuthenticationService } from './service'
+export { JWTStrategy } from './jwt'
+export { authenticationSettingsSchema, AuthenticationConfiguration } from './options'