@kevisual/auth 1.0.4

package/package.json

@@ -0,0 +1,63 @@
+{
+  "name": "@kevisual/auth",
+  "version": "1.0.4",
+  "description": "",
+  "main": "dist/index.js",
+  "type": "module",
+  "typings": "dist/index.d.js",
+  "private": false,
+  "scripts": {
+    "build": "npm run clean &&rollup -c",
+    "clean": "rimraf dist"
+  },
+  "files": [
+    "src",
+    "dist"
+  ],
+  "keywords": [
+    "router",
+    "auth"
+  ],
+  "author": "",
+  "license": "ISC",
+  "peerDependencies": {
+    "@kevisual/router": "^0.0.4"
+  },
+  "devDependencies": {
+    "@rollup/plugin-commonjs": "^28.0.1",
+    "@rollup/plugin-node-resolve": "^15.3.0",
+    "@rollup/plugin-typescript": "^12.1.1",
+    "@types/crypto-js": "^4.2.2",
+    "@types/jsonwebtoken": "^9.0.7",
+    "crypto-js": "^4.2.0",
+    "jsonwebtoken": "^9.0.2",
+    "rollup": "^4.27.2",
+    "rollup-plugin-dts": "^6.1.1",
+    "tslib": "^2.8.1"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/abearxiong/kevisual-router.git"
+  },
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "require": "./dist/index.js"
+    },
+    "./token": {
+      "import": "./dist/create-token.js",
+      "require": "./dist/create-token.js"
+    },
+    "./salt": {
+      "import": "./dist/create-token.js",
+      "require": "./dist/create-token.js"
+    },
+    "./proxy": {
+      "import": "./dist/proxy.js",
+      "require": "./dist/proxy.js"
+    }
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}

package/readme.md

@@ -0,0 +1,26 @@
+# router query auth
+
+for kevisual/router
+
+配置项
+
+```json5
+{
+  tokenSercet: 'xx'
+}
+```
+
+## use
+
+```ts
+import { App } from '@kevisual/router';
+import { createAuthRoute } from '@kevisual/auth';
+
+const app = new App();
+createAuthRoute({
+  app: app,
+  addToApp: true
+});
+app.listen(3000);
+// curl http://localhost:3000/api/router?path=auth
+```

package/src/create-token.ts

@@ -0,0 +1,29 @@
+import jwt from 'jsonwebtoken';
+
+// https://www.robinwieruch.de/graphql-apollo-server-tutorial#apollo-server-authentication
+/**
+ *
+ * @param user
+ * @param secret
+ *
+ * @param expiresIn default 7d expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js).  Eg: 60, "2 days", "10h", "7d"
+ * @returns
+ */
+export const createToken = async (
+  user: {
+    id: string;
+    username: string;
+    [key: string]: any;
+  },
+  secret: string,
+  expiresIn = '7d'
+) => {
+  const { id, username, ...rest } = user;
+  return jwt.sign({ id, username, ...rest }, secret, {
+    expiresIn
+  });
+};
+
+export const checkToken = async (token: string, secret: string) => {
+  return jwt.verify(token, secret, { complete: true });
+};

package/src/index.ts

@@ -0,0 +1,6 @@
+import { getRandomSalt, cryptPwd, checkPwd } from './salt.ts';
+import { createToken, checkToken } from './create-token.ts';
+
+export { getRandomSalt, cryptPwd, checkPwd, createToken, checkToken };
+
+export { createAuthRoute } from './route.ts';

package/src/proxy.ts

@@ -0,0 +1,99 @@
+export const proxyFetch = async (url: string, data: any) => {
+  const res = await fetch(url, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json'
+    },
+    body: JSON.stringify(data)
+  });
+  const _res = await res.json();
+  return _res;
+};
+type AuthProxyOptions = {
+  host: string;
+  path?: string;
+  protol?: string;
+};
+/**
+ * Auth Query 轻量级代理
+ */
+export class AuthQuery {
+  url: string;
+  host: string;
+  path: string;
+  constructor(opts?: AuthProxyOptions) {
+    this.host = opts?.host || 'localhost:114000';
+    this.path = opts?.path || '/api/auth';
+    const protol = opts?.protol || 'http';
+    this.url = `${protol}://${this.host}${this.path}`;
+  }
+  async queryMe(token: string) {
+    return proxyFetch(this.url, {
+      path: 'user',
+      key: 'me',
+      token
+    });
+  }
+  async login(username: string, password: string) {
+    return proxyFetch(this.url, {
+      path: 'user',
+      key: 'login',
+      data: {
+        username,
+        password
+      }
+    });
+  }
+  async query(data: any) {
+    return proxyFetch(this.url, data);
+  }
+}
+type AuthProxy = {
+  queryMe: (token: string) => Promise<any>;
+  /**
+   * 代理设置token用户
+   * @param ctx
+   * @param data
+   * @returns
+   */
+  setTokenUser?: (ctx: any, data: any) => Promise<any>;
+};
+type CreateAuthRouteOptions = {
+  app?: any;
+  addToApp?: boolean;
+  proxy: AuthProxy;
+};
+export const createAuthRoute = ({ app, addToApp = true, proxy }: CreateAuthRouteOptions) => {
+  /**
+   * 中间件执行函数
+   * @param ctx
+   */
+  const authRouteFn = async (ctx: any) => {
+    const token = ctx.query.token;
+    if (!token) {
+      app.throw(401, 'Token is Unauthorized');
+    }
+    try {
+      const result = await proxy?.queryMe?.(token);
+      if (result.code === 200) {
+        result.payload = result.data;
+      }
+      if (proxy?.setTokenUser) {
+        await proxy?.setTokenUser?.(ctx, result.data);
+      } else {
+        ctx.state['tokenUser'] = result.payload;
+      }
+    } catch (e) {
+      app.throw(401, 'Token is invalid');
+    }
+  };
+  let authRoute;
+  if (app) {
+    authRoute = app.route('auth', '', { id: 'auth' });
+    authRoute.run = authRouteFn;
+    if (addToApp) {
+      authRoute.addTo(app);
+    }
+  }
+  return { route: authRoute, authRouteFn };
+};

package/src/route.ts

@@ -0,0 +1,44 @@
+import { checkToken } from './create-token.ts';
+
+type CreateAuthRouteOptions = {
+  secret: string;
+  app?: any;
+  addToApp?: boolean;
+};
+export const createAuthRoute = ({ secret, app, addToApp = true }: CreateAuthRouteOptions) => {
+  /**
+   * 中间件执行函数
+   * @param ctx
+   */
+  const authRouteFn = async (ctx: any) => {
+    const token = ctx.query.token;
+    if (!token) {
+      // throw new CustomError(401, 'Token is Unauthorized');
+      app.throw(401, 'Token is Unauthorized');
+    }
+    try {
+      const result = await checkToken(token, secret);
+      ctx.state['tokenUser'] = result.payload;
+    } catch (e) {
+      if (e.name === 'TokenExpiredError') {
+        app.throw(401, 'Token is expired');
+      } else if (e.name === 'JsonWebTokenError') {
+        app.throw(401, 'Token is invalid');
+      } else if (e.name === 'NotBeforeError') {
+        app.throw(401, 'Token is not active');
+      } else {
+        console.error('checkToken error', e);
+        app.throw(401, 'Token is invalid');
+      }
+    }
+  };
+  let authRoute;
+  if (app) {
+    authRoute = app.route('auth', '', { id: 'auth' });
+    authRoute.run = authRouteFn;
+    if (addToApp) {
+      authRoute.addTo(app);
+    }
+  }
+  return { route: authRoute, authRouteFn };
+};

package/src/salt.ts

@@ -0,0 +1,32 @@
+import MD5 from 'crypto-js/md5.js';
+
+/**
+ * 生成随机盐
+ * @returns
+ */
+export const getRandomSalt = () => {
+  return Math.random().toString().slice(2, 7);
+};
+
+/**
+ * 加密密码
+ * @param password
+ * @param salt
+ * @returns
+ */
+export const cryptPwd = (password: string, salt = '') => {
+  const saltPassword = password + ':' + salt;
+  const md5 = MD5(saltPassword);
+  return md5.toString();
+};
+
+/**
+ * Check password
+ * @param password
+ * @param salt
+ * @param md5
+ * @returns
+ */
+export const checkPwd = (password: string, salt: string, md5: string) => {
+  return cryptPwd(password, salt) === md5;
+};