@gandalan/weblibs 1.0.10 → 1.0.11

package/api/IDAS.js

@@ -1,82 +1,35 @@
+import { jwtTokenInvalid } from "./authUtils";
 import { RESTClient } from "./RESTClient";
-import jwt_decode from "jwt-decode";
 
-let appToken = localStorage.getItem("IDAS_AppToken") || "66B70E0B-F7C4-4829-B12A-18AD309E3970";
-let authToken = localStorage.getItem("IDAS_AuthToken");
-let apiBaseUrl = localStorage.getItem("IDAS_ApiBaseUrl") || "https://api.dev.idas-cloudservices.net/api/";
-let authJwtCallbackPath = localStorage.getItem("IDAS_AuthJwtCallbackPath") || "";
-let authJwtToken;
-
-export let IDASFactory = {
-    async create(settings = {
+export function IDASFactory(settings = {
         appToken : localStorage.getItem("IDAS_AppToken"),
         mandantGuid : localStorage.getItem("IDAS_MandantGuid"),
         apiBaseurl : localStorage.getItem("IDAS_ApiBaseUrl"),
         jwtRefreshToken : localStorage.getItem("IDAS_AuthJwtRefreshToken"),
         jwtCallbackPath : localStorage.getItem("IDAS_AuthJwtCallbackPath")
       }) 
-    {
-        apiBaseUrl = settings.apiBaseurl;
-        let idas = undefined;
-
-        if (settings.jwtToken) // it is JWT
-        { 
-            console.log("init: with JWT token");
-            idas = new IDAS();
-            idas.initWithJWTtoken(settings.jwtToken);
-        } 
-        else if (settings.jwtRefreshToken) // it is authToken
-        { 
-            console.log("init: with refresh/classic token");
-            let refreshClient = new RESTClient(apiBaseUrl, "");
-            await refreshClient.refreshToken();
-            idas = new IDAS();
-            await idas.authenticateWithJwt(authJwtCallbackPath);
-        }
-        
-        return idas;
-    }
+{
+    let idas = undefined;
+    if (!jwtTokenInvalid(settings)) 
+    { 
+        console.log("init: with JWT token");
+        idas = new IDAS(settings);
+    } 
+    else throw("Invalid settings: call setup first to obtain a valid JWT token!");
+    return idas;
 }
 
 class IDAS 
 {
     restClient = undefined;
+    mandantGuid = localStorage.getItem("IDAS_MandantGuid");
 
-    initWithJWTtoken(jwtToken) 
-    {
-        authJwtToken = jwtToken;
-        this.restClient = new RESTClient(apiBaseUrl, jwtToken, true);
-    }
-
-    async authenticateWithJwt(authPath) 
+    constructor(settings) 
     {
-        let refreshClient = new RESTClient(apiBaseUrl, "");
-        await refreshClient.checkRefreshToken(authJwtToken, () => {
-            authJwtToken = undefined;
-            // ... so repeat authenticate (should lead to /Session login page)
-            new IDAS().authenticateWithJwt(authPath);
-        });
-
-        // still not valid JWT -> authenticate
-        if (!refreshClient.token) {
-            localStorage.setItem("IDAS_AuthJwtCallbackPath", authPath || "");
-            const authEndpoint = (new URL(window.location.href).origin) + authPath;
-            let authUrlCallback = `${authEndpoint}?r=%target%&j=%jwt%&m=%mandant%`;
-            authUrlCallback = authUrlCallback.replace("%target%", encodeURIComponent(window.location.href));
-
-            const url = new URL(apiBaseUrl);
-            url.pathname = "/Session";
-            url.search = `?a=${appToken}&r=${encodeURIComponent(authUrlCallback)}`;
-            let jwtUrl = url.toString();
-
-            window.location = jwtUrl;
-        } else {
-            this.initWithJWTtoken(refreshClient.token);
-        }
+        this.settings = settings;
+        this.restClient = new RESTClient(settings);
     }
 
-    mandantGuid = localStorage.getItem("IDAS_MandantGuid");
-
     claims = {
         hasClaim(key) {
             if (!authJwtToken) {

package/api/RESTClient.js

@@ -1,123 +1,44 @@
 import axios from "axios";
-import jwt_decode from "jwt-decode";
-
-/*export let AppToken = "66B70E0B-F7C4-4829-B12A-18AD309E3970";
-export let AuthToken = localStorage.getItem("AuthToken");
-export let MandantGuid = localStorage.getItem("MandantGuid");
-export let ApiBaseUrl = localStorage.getItem("ApiBaseUrl") || "https://api.dev.idas-cloudservices.net/api";
-export let SiteBaseUrl = window.location.origin;
-export let SSOAuthUrl = ApiBaseUrl.replace("/api", '') + "/SSO?a=" + AppToken + "&r=%target%?t=%token%%26m=%mandant%";*/
-
-let authJwtRefreshToken = localStorage.getItem("IDAS_AuthJwtRefreshToken");
+import { jwtTokenInvalid, jwtTokenRenew } from './authUtils';
 
 export class RESTClient {
     lastError = "";
-    token = "";
-    baseurl = "";
-
-    constructor(url, token, isJWT = false) {
-        this.lastError = "";
-        this.baseurl = url;
-        this.token = token;
-        this.isJWT = isJWT;
-
-        axios.defaults.baseURL = url;
-
-        if (this.token && !isJWT) {
-            axios.defaults.headers.common["X-Gdl-AuthToken"] = this.token;
+    settings = {};
+
+    constructor(settings) 
+    {
+        this.settings = settings;
+        axios.defaults.baseURL = settings.apiBaseurl;
+        if (settings.jwtToken)
+        {
+            axios.defaults.headers.common["Authorization"] = "Bearer " + this.token;
+            axios.interceptors.request.use(async (config) => {
+                await this.checkTokenBeforeRequest(config);
+                return config;
+            });
+        } else {
+            // might contain the classic token for fallback
+            axios.defaults.headers.common["X-Gdl-AuthToken"] = settings.jwtRefreshToken;
         }
-
-        if (this.token && isJWT) {
-            this.updateJwtToken(token);
-        }
-
-        axios.interceptors.request.use(async (config) => {
-            await this.checkAuthorizationHeader(config);
-            return config;
-        });
     }
 
-    async checkAuthorizationHeader(config) {
+    async checkTokenBeforeRequest(config) {
         let authHeader = config.headers["Authorization"];
-        if (authHeader && authHeader.toString().startsWith("Bearer ")) {
+        if (authHeader && authHeader.toString().startsWith("Bearer ")) // only check requests containing a Bearer token
+        {
             let parts = authHeader.toString().split(" ");
             let jwt = parts[1];
-            if (!this.isJwtTokenExpired(jwt)) {
-                // JWT token is not expired
-                return;
-            }
-
-            // expired token - refresh
-            await this.checkRefreshToken(jwt);
-        }
-    }
-
-    async checkRefreshToken(jwt, authCallback) {
-        if (!jwt && authJwtRefreshToken) {
-            this.onError = (error, message) => {
-                // LoginJwt/Refresh failed, which means "refresh token" is expired/invalid...
-                if (message.indexOf("401") != -1 || message.indexOf("403") != -1) {
-                    authJwtRefreshToken = undefined;
-                    localStorage.removeItem("IDAS_AuthJwtRefreshToken");
-                    // ... so repeat authenticate
-                    authCallback && authCallback();
-                }
-            };
-
-            // fetch fresh JWT
-            await this.refreshToken();
-            return;
+            if (this.settings.jwtToken === jwt && jwtTokenInvalid(this.settings)) // ignore custom/different JWT tokens
+                await jwtTokenRenew(this.settings);
         }
-        this.token = jwt;
-        this.isJWT = true;
-    }
-
-    isJwtTokenExpired(jwt) {
-        if (!jwt) {
-            return true;
-        }
-
-        let decoded = jwt_decode(jwt);
-        const utcNow = Date.parse(new Date().toUTCString()) / 1000;
-
-        if (decoded && decoded.exp >= utcNow) {
-            return false;
-        }
-
-        return true;
-    }
-
-    updateJwtToken(jwt) {
-        let decoded = jwt_decode(jwt);
-        let refreshToken = decoded["refreshToken"] || "";
-        localStorage.setItem("IDAS_AuthJwtRefreshToken", refreshToken);
-        authJwtRefreshToken = refreshToken;
-        this.token = jwt;
-        this.isJWT = true;
-    }
-
-    async refreshToken() {
-        try {
-            await this.put("/LoginJwt/Refresh", { token: localStorage.getItem("IDAS_AuthJwtRefreshToken") })
-                .then(resp => {
-                    this.updateJwtToken(resp.data);
-                });
-        } catch (error) {
-            this.handleError(error);
-        }
-    }
-
-    updateToken(token) {
-        this.token = token;
     }
 
     getUrlOptions(noJWT = false) {
         let options = { withCredentials: false }
-        if (this.isJWT && !noJWT) {
+        /*if (this.isJWT && !noJWT) {
             options.headers = { Authorization: `Bearer ${this.token}` }
-        }
-
-        return options
+        }*/
+        return options;
     }
 
     async get(uri, noJWT = false) {

package/api/authUtils.js

@@ -0,0 +1,75 @@
+import { RESTClient } from "./RESTClient";
+import jwt_decode from "jwt-decode";
+
+export async function setup(settings)
+{
+    console.log("Setup");
+    if (settings.jwtRefreshToken && jwtTokenInvalid(settings))
+    {
+        const payload = { "Token" : settings.jwtRefreshToken };
+        // Fetch Token from IDAS API
+        let api = new RESTClient(settings);
+        const response = await api.put("Login/Update", payload);
+        const iat = response.data;
+        console.log("Got IDAS token: ", iat);
+
+        // If valid, check roles and authenticate against JWT API
+        if (iat)
+            await jwtTokenRenew(settings);
+        
+        if (jwtTokenInvalid(settings))
+            console.log("Attention: no valid JWT token!");
+
+    } else {
+        console.log("Settings already have a valid JWT token, nothing to do");
+    }
+    console.log("Setup finished", settings);
+}
+
+export function jwtTokenInvalid(settings)
+{
+    if (!settings.jwtToken) 
+        return true;
+    let decoded = jwt_decode(settings.jwtToken);
+    const utcNow = Date.parse(new Date().toUTCString()) / 1000;
+    if (decoded && decoded.exp > utcNow) 
+        return false;
+    return true;
+}
+
+export async function jwtTokenRenew(settings) 
+{
+    let api = new RESTClient(settings);
+    const payload = { "Token" : settings.jwtRefreshToken };
+    const response = await api.put("LoginJwt/Refresh", payload);
+    settings.jwtToken = response.data;
+    console.log("Got JWT token:", response.data);
+
+    let decoded = jwt_decode(settings.jwtToken);
+    let refreshToken = decoded["refreshToken"] || "";
+    if (refreshToken)
+    {
+        console.log("Got new refresh token:", refreshToken);
+        settings.jwtRefreshToken = refreshToken;
+    }
+
+    if (jwtTokenInvalid(settings))
+        console.log("Token is already expired!");
+}
+
+export function jwtAuthenticateOnBackend(settings, authPath) 
+{
+    localStorage.setItem("IDAS_AuthJwtCallbackPath", authPath || "");
+    const authEndpoint = (new URL(window.location.href).origin) + authPath;
+    let authUrlCallback = `${authEndpoint}?r=%target%&j=%jwt%&m=%mandant%`;
+    authUrlCallback = authUrlCallback.replace("%target%", encodeURIComponent(window.location.href));
+
+    const url = new URL(settings.apiBaseurl);
+    url.pathname = "/Session";
+    url.search = `?a=${settings.appToken}&r=${encodeURIComponent(authUrlCallback)}`;
+    let jwtUrl = url.toString();
+
+    window.location = jwtUrl;
+}
+
+    

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gandalan/weblibs",
-  "version": "1.0.10",
+  "version": "1.0.11",
   "description": "WebLibs for Gandalan JS/TS/Svelte projects",
   "keywords": [
     "gandalan"