@sanvika/auth 2.5.6 → 2.5.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server.js +75 -0
- package/package.json +1 -1
package/dist/server.js
CHANGED
|
@@ -255,9 +255,84 @@ async function createAdminInAuth(payload, authToken = "") {
|
|
|
255
255
|
return null;
|
|
256
256
|
}
|
|
257
257
|
}
|
|
258
|
+
async function deleteAdminFromAuth(uid, authToken = "") {
|
|
259
|
+
try {
|
|
260
|
+
const res = await fetch(`${_authUrl()}/api/admin/admin-users/${encodeURIComponent(uid)}`, {
|
|
261
|
+
method: "DELETE",
|
|
262
|
+
headers: {
|
|
263
|
+
..._s2sHeaders(),
|
|
264
|
+
...authToken ? { Authorization: `Bearer ${authToken}` } : {}
|
|
265
|
+
},
|
|
266
|
+
signal: AbortSignal.timeout(5e3)
|
|
267
|
+
});
|
|
268
|
+
return res.ok;
|
|
269
|
+
} catch {
|
|
270
|
+
return false;
|
|
271
|
+
}
|
|
272
|
+
}
|
|
273
|
+
const _adminCache = /* @__PURE__ */ new Map();
|
|
274
|
+
const _ADMIN_CACHE_TTL = 5 * 60 * 1e3;
|
|
275
|
+
const _buildUnauthorized = (message, code = "ADMIN_AUTH_REQUIRED") => ({
|
|
276
|
+
success: false,
|
|
277
|
+
status: 401,
|
|
278
|
+
body: { success: false, message, code }
|
|
279
|
+
});
|
|
280
|
+
const _buildForbidden = (message, code = "ADMIN_ROLE_UNAUTHORIZED") => ({
|
|
281
|
+
success: false,
|
|
282
|
+
status: 403,
|
|
283
|
+
body: { success: false, message, code }
|
|
284
|
+
});
|
|
285
|
+
async function authenticateAdmin(request) {
|
|
286
|
+
try {
|
|
287
|
+
const authorization = _resolveAuthHeader(request);
|
|
288
|
+
if (!authorization) {
|
|
289
|
+
return _buildUnauthorized("Authorization required for admin access.", "NO_AUTH_HEADER");
|
|
290
|
+
}
|
|
291
|
+
const [scheme, token] = authorization.split(" ");
|
|
292
|
+
if (scheme !== "Bearer" || !token) {
|
|
293
|
+
return _buildUnauthorized("Invalid token format.", "INVALID_TOKEN_FORMAT");
|
|
294
|
+
}
|
|
295
|
+
const cacheKey = `admin_${token.substring(0, 20)}`;
|
|
296
|
+
const cached = _adminCache.get(cacheKey);
|
|
297
|
+
if (cached && cached.expires > Date.now()) {
|
|
298
|
+
return { success: true, admin: cached.adminData };
|
|
299
|
+
}
|
|
300
|
+
const saPayload = await verifyAuthToken({ headers: { authorization } });
|
|
301
|
+
if (!saPayload) {
|
|
302
|
+
return _buildUnauthorized("Invalid or expired token.", "INVALID_TOKEN");
|
|
303
|
+
}
|
|
304
|
+
const uid = saPayload.sub;
|
|
305
|
+
const admin = await verifyAdminFromAuth(uid);
|
|
306
|
+
if (!admin) {
|
|
307
|
+
return _buildUnauthorized("Unauthorized or admin account not found.", "ADMIN_NOT_FOUND");
|
|
308
|
+
}
|
|
309
|
+
if (admin.isBlocked) {
|
|
310
|
+
return _buildForbidden("Admin account is blocked.", "ADMIN_BLOCKED");
|
|
311
|
+
}
|
|
312
|
+
if (!["admin", "superadmin", "moderator"].includes(admin.role)) {
|
|
313
|
+
return _buildForbidden("Invalid admin role.", "INVALID_ADMIN_ROLE");
|
|
314
|
+
}
|
|
315
|
+
const adminData = {
|
|
316
|
+
uid: admin.uid,
|
|
317
|
+
adminId: admin.adminId,
|
|
318
|
+
role: admin.role,
|
|
319
|
+
mobile: admin.mobile
|
|
320
|
+
};
|
|
321
|
+
_adminCache.set(cacheKey, { adminData, expires: Date.now() + _ADMIN_CACHE_TTL });
|
|
322
|
+
return { success: true, admin: adminData };
|
|
323
|
+
} catch {
|
|
324
|
+
return {
|
|
325
|
+
success: false,
|
|
326
|
+
status: 500,
|
|
327
|
+
body: { success: false, message: "Internal server error during admin verification." }
|
|
328
|
+
};
|
|
329
|
+
}
|
|
330
|
+
}
|
|
258
331
|
export {
|
|
332
|
+
authenticateAdmin,
|
|
259
333
|
batchGetUsersFromAuth,
|
|
260
334
|
createAdminInAuth,
|
|
335
|
+
deleteAdminFromAuth,
|
|
261
336
|
deleteUserFromAuth,
|
|
262
337
|
ensureSuperAdminInAuth,
|
|
263
338
|
extractAuthUid,
|