@sanvika/auth 2.5.7 → 2.5.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server.js +71 -0
- package/package.json +1 -1
package/dist/server.js
CHANGED
|
@@ -270,7 +270,78 @@ async function deleteAdminFromAuth(uid, authToken = "") {
|
|
|
270
270
|
return false;
|
|
271
271
|
}
|
|
272
272
|
}
|
|
273
|
+
const _adminCache = /* @__PURE__ */ new Map();
|
|
274
|
+
const _ADMIN_CACHE_TTL = 5 * 60 * 1e3;
|
|
275
|
+
const _buildUnauthorized = (message, code = "ADMIN_AUTH_REQUIRED") => ({
|
|
276
|
+
success: false,
|
|
277
|
+
status: 401,
|
|
278
|
+
body: { success: false, message, code }
|
|
279
|
+
});
|
|
280
|
+
const _buildForbidden = (message, code = "ADMIN_ROLE_UNAUTHORIZED") => ({
|
|
281
|
+
success: false,
|
|
282
|
+
status: 403,
|
|
283
|
+
body: { success: false, message, code }
|
|
284
|
+
});
|
|
285
|
+
async function authenticateAdmin(request) {
|
|
286
|
+
try {
|
|
287
|
+
const authorization = _resolveAuthHeader(request);
|
|
288
|
+
if (!authorization) {
|
|
289
|
+
return _buildUnauthorized("Authorization required for admin access.", "NO_AUTH_HEADER");
|
|
290
|
+
}
|
|
291
|
+
const [scheme, token] = authorization.split(" ");
|
|
292
|
+
if (scheme !== "Bearer" || !token) {
|
|
293
|
+
return _buildUnauthorized("Invalid token format.", "INVALID_TOKEN_FORMAT");
|
|
294
|
+
}
|
|
295
|
+
const cacheKey = `admin_${token.substring(0, 20)}`;
|
|
296
|
+
const cached = _adminCache.get(cacheKey);
|
|
297
|
+
if (cached && cached.expires > Date.now()) {
|
|
298
|
+
return { success: true, admin: cached.adminData };
|
|
299
|
+
}
|
|
300
|
+
const saPayload = await verifyAuthToken({ headers: { authorization } });
|
|
301
|
+
if (!saPayload) {
|
|
302
|
+
return _buildUnauthorized("Invalid or expired token.", "INVALID_TOKEN");
|
|
303
|
+
}
|
|
304
|
+
const uid = saPayload.sub;
|
|
305
|
+
const jwtRole = saPayload.role;
|
|
306
|
+
if (jwtRole === "superadmin" && uid) {
|
|
307
|
+
const adminData2 = {
|
|
308
|
+
uid,
|
|
309
|
+
adminId: null,
|
|
310
|
+
role: "superadmin",
|
|
311
|
+
mobile: saPayload.mobile || null
|
|
312
|
+
};
|
|
313
|
+
_adminCache.set(cacheKey, { adminData: adminData2, expires: Date.now() + _ADMIN_CACHE_TTL });
|
|
314
|
+
return { success: true, admin: adminData2 };
|
|
315
|
+
}
|
|
316
|
+
const admin = await verifyAdminFromAuth(uid);
|
|
317
|
+
if (!admin) {
|
|
318
|
+
return _buildUnauthorized("Unauthorized or admin account not found.", "ADMIN_NOT_FOUND");
|
|
319
|
+
}
|
|
320
|
+
if (admin.isBlocked) {
|
|
321
|
+
return _buildForbidden("Admin account is blocked.", "ADMIN_BLOCKED");
|
|
322
|
+
}
|
|
323
|
+
const effectiveRole = admin.role || (jwtRole && ["admin", "superadmin", "moderator"].includes(jwtRole) ? jwtRole : null);
|
|
324
|
+
if (!effectiveRole || !["admin", "superadmin", "moderator"].includes(effectiveRole)) {
|
|
325
|
+
return _buildForbidden("Invalid admin role.", "INVALID_ADMIN_ROLE");
|
|
326
|
+
}
|
|
327
|
+
const adminData = {
|
|
328
|
+
uid: admin.uid,
|
|
329
|
+
adminId: admin.adminId,
|
|
330
|
+
role: effectiveRole,
|
|
331
|
+
mobile: admin.mobile
|
|
332
|
+
};
|
|
333
|
+
_adminCache.set(cacheKey, { adminData, expires: Date.now() + _ADMIN_CACHE_TTL });
|
|
334
|
+
return { success: true, admin: adminData };
|
|
335
|
+
} catch {
|
|
336
|
+
return {
|
|
337
|
+
success: false,
|
|
338
|
+
status: 500,
|
|
339
|
+
body: { success: false, message: "Internal server error during admin verification." }
|
|
340
|
+
};
|
|
341
|
+
}
|
|
342
|
+
}
|
|
273
343
|
export {
|
|
344
|
+
authenticateAdmin,
|
|
274
345
|
batchGetUsersFromAuth,
|
|
275
346
|
createAdminInAuth,
|
|
276
347
|
deleteAdminFromAuth,
|