@things-factory/auth-base 4.0.23 → 4.0.27
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist-server/middlewares/authenticate-401-middleware.js +2 -2
- package/dist-server/middlewares/authenticate-401-middleware.js.map +1 -1
- package/dist-server/router/oauth2/oauth2-router.js +42 -7
- package/dist-server/router/oauth2/oauth2-router.js.map +1 -1
- package/package.json +6 -6
- package/server/middlewares/authenticate-401-middleware.ts +2 -2
- package/server/router/oauth2/oauth2-router.ts +47 -7
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.authenticate401Middleware = void 0;
|
|
4
|
-
const auth_error_1 = require("../errors/auth-error");
|
|
5
4
|
const error_code_1 = require("../constants/error-code");
|
|
5
|
+
const auth_error_1 = require("../errors/auth-error");
|
|
6
6
|
const accepts_1 = require("../utils/accepts");
|
|
7
7
|
const debug = require('debug')('things-factory:auth-base:authenticate-401-middleware');
|
|
8
8
|
async function authenticate401Middleware(context, next) {
|
|
@@ -16,7 +16,7 @@ async function authenticate401Middleware(context, next) {
|
|
|
16
16
|
debug(`auth error(${err.errorCode})`, message);
|
|
17
17
|
}
|
|
18
18
|
else {
|
|
19
|
-
if (err
|
|
19
|
+
if ((err === null || err === void 0 ? void 0 : err.status) !== 401) {
|
|
20
20
|
throw err;
|
|
21
21
|
}
|
|
22
22
|
message = err.message;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authenticate-401-middleware.js","sourceRoot":"","sources":["../../server/middlewares/authenticate-401-middleware.ts"],"names":[],"mappings":";;;AAAA,qDAAgD;AAChD,
|
|
1
|
+
{"version":3,"file":"authenticate-401-middleware.js","sourceRoot":"","sources":["../../server/middlewares/authenticate-401-middleware.ts"],"names":[],"mappings":";;;AAAA,wDAA6F;AAC7F,qDAAgD;AAChD,8CAA0C;AAE1C,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,sDAAsD,CAAC,CAAA;AAE/E,KAAK,UAAU,yBAAyB,CAAC,OAAO,EAAE,IAAI;IAC3D,IAAI;QACF,MAAM,IAAI,EAAE,CAAA;KACb;IAAC,OAAO,GAAG,EAAE;QACZ,IAAI,OAAO,CAAA;QAEX,IAAI,GAAG,YAAY,sBAAS,EAAE;YAC5B,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,SAAS,EAAE,EAAE,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC,CAAA;YAC/D,KAAK,CAAC,cAAc,GAAG,CAAC,SAAS,GAAG,EAAE,OAAO,CAAC,CAAA;SAC/C;aAAM;YACL,IAAI,CAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,MAAM,MAAK,GAAG,EAAE;gBACvB,MAAM,GAAG,CAAA;aACV;YAED,OAAO,GAAG,GAAG,CAAC,OAAO,CAAA;SACtB;QAED,KAAK,CAAC,WAAW,EAAE,OAAO,CAAC,CAAA;QAE3B,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,OAAO,CAAA;QAEtB;;;;WAIG;QAEH,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,OAAO,CAAA;QAErD,IAAI,MAAM,IAAI,MAAM,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE;YACnD,KAAK,CAAC,eAAe,EAAE,MAAM,EAAE,IAAI,EAAE,8BAA8B,CAAC,CAAA;YACpE,IAAI,GAAG,CAAC,SAAS,IAAI,+BAAkB,EAAE;gBACvC,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;aACrB;YACD,OAAM;SACP;QAED,IAAI,CAAC,IAAA,iBAAO,EAAC,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE;YACjD,KAAK,CAAC,eAAe,EAAE,MAAM,EAAE,IAAI,EAAE,0CAA0C,CAAC,CAAA;YAChF,OAAM;SACP;QAED,MAAM,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;QACrC,MAAM,EAAE,UAAU,GAAG,WAAW,IAAI,WAAW,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAA;QAC9E,KAAK,CAAC,qBAAqB,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,CAAC,CAAA;QAE/D,QAAQ,GAAG,CAAC,SAAS,EAAE;YACrB,KAAK,+BAAkB;gBACrB,OAAO,CAAC,QAAQ,CAAC,6BAA6B,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAAC,CAAA;gBAC/E,MAAK;YAEP,KAAK,wBAAW;gBACd,OAAO,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;oBACvC,WAAW,EAAE,eAAe;oBAC5B,aAAa,EAAE,mBAAmB;oBAClC,IAAI,EAAE;wBACJ,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;wBACvB,OAAO;wBACP,UAAU;qBACX;iBACF,CAAC,CAAA;YAEJ,KAAK,+BAAkB;gBACrB,OAAO,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;oBACvC,WAAW,EAAE,eAAe;oBAC5B,aAAa,EAAE,mBAAmB;oBAClC,IAAI,EAAE;wBACJ,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;wBACvB,OAAO;wBACP,UAAU;qBACX;iBACF,CAAC,CAAA;YAEJ;gBACE,OAAO,MAAM,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;oBACvC,WAAW,EAAE,aAAa;oBAC1B,aAAa,EAAE,iBAAiB;oBAChC,IAAI,EAAE;wBACJ,OAAO,EAAE,GAAG,YAAY,sBAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;wBAChD,UAAU;qBACX;iBACF,CAAC,CAAA;SACL;KACF;AACH,CAAC;AArFD,8DAqFC"}
|
|
@@ -4,13 +4,17 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.oauth2Router = void 0;
|
|
7
|
+
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
7
8
|
const koa_compose_1 = __importDefault(require("koa-compose"));
|
|
8
9
|
const koa_passport_1 = __importDefault(require("koa-passport"));
|
|
9
10
|
const koa_router_1 = __importDefault(require("koa-router"));
|
|
10
11
|
const typeorm_1 = require("typeorm");
|
|
11
|
-
const
|
|
12
|
-
const application_1 = require("../../service/application/application");
|
|
12
|
+
const shell_1 = require("@things-factory/shell");
|
|
13
13
|
const middlewares_1 = require("../../middlewares");
|
|
14
|
+
const application_1 = require("../../service/application/application");
|
|
15
|
+
const user_1 = require("../../service/user/user");
|
|
16
|
+
const access_token_cookie_1 = require("../../utils/access-token-cookie");
|
|
17
|
+
const get_secret_1 = require("../../utils/get-secret");
|
|
14
18
|
const oauth2_server_1 = require("./oauth2-server");
|
|
15
19
|
const passport_oauth2_client_password_1 = require("./passport-oauth2-client-password");
|
|
16
20
|
const debug = require('debug')('things-factory:auth-base:oauth2-router');
|
|
@@ -47,6 +51,42 @@ exports.oauth2Router.post('/decision', middlewares_1.jwtAuthenticateMiddleware,
|
|
|
47
51
|
// exchange middleware will be invoked to handle the request. Clients must
|
|
48
52
|
// authenticate when making requests to this endpoint.
|
|
49
53
|
exports.oauth2Router.post('/access-token', koa_passport_1.default.authenticate('oauth2-client-password', { session: false }), oauth2_server_1.server.token(), oauth2_server_1.server.errorHandler());
|
|
54
|
+
exports.oauth2Router.post('/refresh-token', async (context, next) => {
|
|
55
|
+
var _a, _b;
|
|
56
|
+
const refreshToken = (_b = (_a = context.request) === null || _a === void 0 ? void 0 : _a.body) === null || _b === void 0 ? void 0 : _b.refreshToken;
|
|
57
|
+
if (!refreshToken)
|
|
58
|
+
throw new Error('Missing refresh token');
|
|
59
|
+
const appUser = await (0, typeorm_1.getRepository)(user_1.User).findOne({
|
|
60
|
+
password: refreshToken
|
|
61
|
+
});
|
|
62
|
+
if (!appUser)
|
|
63
|
+
throw new Error('App user is not found');
|
|
64
|
+
try {
|
|
65
|
+
jsonwebtoken_1.default.verify(refreshToken, get_secret_1.SECRET);
|
|
66
|
+
const decoded = jsonwebtoken_1.default.decode(refreshToken);
|
|
67
|
+
const subdomain = decoded.domain.subdomain;
|
|
68
|
+
const domain = await (0, typeorm_1.getRepository)(shell_1.Domain).findOne({
|
|
69
|
+
where: { subdomain }
|
|
70
|
+
});
|
|
71
|
+
if (!domain)
|
|
72
|
+
throw new Error('Domain is not found');
|
|
73
|
+
const appKey = decoded.application.appKey;
|
|
74
|
+
const scopes = decoded.scope;
|
|
75
|
+
const newAccessToken = application_1.Application.generateAccessToken(domain, appUser, appKey, scopes);
|
|
76
|
+
const newRefreshToken = application_1.Application.generateRefreshToken(domain, appUser, appKey, scopes);
|
|
77
|
+
appUser.password = newRefreshToken;
|
|
78
|
+
await (0, typeorm_1.getRepository)(user_1.User).save(appUser);
|
|
79
|
+
(0, access_token_cookie_1.setAccessTokenCookie)(context, newAccessToken);
|
|
80
|
+
context.body = {
|
|
81
|
+
accessToken: newAccessToken,
|
|
82
|
+
refreshToken: newRefreshToken
|
|
83
|
+
};
|
|
84
|
+
}
|
|
85
|
+
catch (e) {
|
|
86
|
+
context.status = 401;
|
|
87
|
+
context.body = e.message;
|
|
88
|
+
}
|
|
89
|
+
});
|
|
50
90
|
exports.oauth2Router.get('/profile', middlewares_1.jwtAuthenticateMiddleware, async (context, next) => {
|
|
51
91
|
const { user, domain } = context.state;
|
|
52
92
|
debug('getting user/application profile', user, domain);
|
|
@@ -93,10 +133,5 @@ exports.oauth2Router.post('/disconnect', middlewares_1.jwtAuthenticateMiddleware
|
|
|
93
133
|
catch (e) {
|
|
94
134
|
throw e;
|
|
95
135
|
}
|
|
96
|
-
try {
|
|
97
|
-
}
|
|
98
|
-
catch (e) {
|
|
99
|
-
throw e;
|
|
100
|
-
}
|
|
101
136
|
});
|
|
102
137
|
//# sourceMappingURL=oauth2-router.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth2-router.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-router.ts"],"names":[],"mappings":";;;;;;AAAA,8DAAiC;AACjC,gEAAmC;AACnC,4DAA+B;AAC/B,qCAAuC;
|
|
1
|
+
{"version":3,"file":"oauth2-router.js","sourceRoot":"","sources":["../../../server/router/oauth2/oauth2-router.ts"],"names":[],"mappings":";;;;;;AAAA,gEAA8B;AAC9B,8DAAiC;AACjC,gEAAmC;AACnC,4DAA+B;AAC/B,qCAAuC;AAEvC,iDAA8C;AAE9C,mDAA6D;AAC7D,uEAAmE;AACnE,kDAA0D;AAC1D,yEAAsE;AACtE,uDAA+C;AAC/C,mDAA6D;AAC7D,uFAAsF;AAUtF,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,wCAAwC,CAAC,CAAA;AAE3D,QAAA,YAAY,GAAG,IAAI,oBAAM,EAAE,CAAA;AAExC,sBAAQ,CAAC,GAAG,CACV,wBAAwB,EACxB,IAAI,0CAAsB,CAAC,EAAE,EAAE,CAAC,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,EAAE;IAC9D,KAAK,CAAC,wBAAwB,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAA;IAEvD,IAAA,uBAAa,EAAC,yBAAW,CAAC;SACvB,OAAO,CAAC;QACP,MAAM,EAAE,QAAQ;KACjB,CAAC;SACD,IAAI,CAAC,MAAM,CAAC,EAAE;QACb,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,IAAI,YAAY,EAAE;YAC/C,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;YACjB,OAAM;SACP;QAED,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IACpB,CAAC,CAAC;SACD,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;AAC5B,CAAC,CAAC,CACH,CAAA;AAED,yBAAyB;AACzB,EAAE;AACF,4EAA4E;AAC5E,+EAA+E;AAC/E,8EAA8E;AAC9E,cAAc;AAEd,oBAAY,CAAC,IAAI,CACf,WAAW,EACX,uCAAyB,EACzB,IAAA,qBAAO,EACL,sBAAiB,CAAC,QAAQ,CAAC,KAAK,WAAW,OAAO;IAChD,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAE3B,OAAO,OAAO,CAAC,IAAI,CAAA;AACrB,CAAC,CAAC,CACH,CACF,CAAA;AAED,iBAAiB;AACjB,EAAE;AACF,8EAA8E;AAC9E,yEAAyE;AACzE,2EAA2E;AAC3E,sDAAsD;AAEtD,oBAAY,CAAC,IAAI,CACf,eAAe,EACf,sBAAQ,CAAC,YAAY,CAAC,wBAAwB,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EACnE,sBAAiB,CAAC,KAAK,EAAE,EACzB,sBAAiB,CAAC,YAAY,EAAE,CACjC,CAAA;AAED,oBAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;;IAC1D,MAAM,YAAY,GAAuB,MAAA,MAAA,OAAO,CAAC,OAAO,0CAAE,IAAI,0CAAE,YAAY,CAAA;IAC5E,IAAI,CAAC,YAAY;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;IAE3D,MAAM,OAAO,GAAqB,MAAM,IAAA,uBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC;QAClE,QAAQ,EAAE,YAAY;KACvB,CAAC,CAAA;IAEF,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;IAEtD,IAAI;QACF,sBAAG,CAAC,MAAM,CAAC,YAAY,EAAE,mBAAM,CAAC,CAAA;QAChC,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,YAAY,CAAQ,CAAA;QAC/C,MAAM,SAAS,GAAW,OAAO,CAAC,MAAM,CAAC,SAAS,CAAA;QAClD,MAAM,MAAM,GAAuB,MAAM,IAAA,uBAAa,EAAC,cAAM,CAAC,CAAC,OAAO,CAAC;YACrE,KAAK,EAAE,EAAE,SAAS,EAAE;SACrB,CAAC,CAAA;QACF,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;QACnD,MAAM,MAAM,GAAW,OAAO,CAAC,WAAW,CAAC,MAAM,CAAA;QACjD,MAAM,MAAM,GAAU,OAAO,CAAC,KAAK,CAAA;QAEnC,MAAM,cAAc,GAAW,yBAAW,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;QAC/F,MAAM,eAAe,GAAW,yBAAW,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;QAEjG,OAAO,CAAC,QAAQ,GAAG,eAAe,CAAA;QAClC,MAAM,IAAA,uBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAEvC,IAAA,0CAAoB,EAAC,OAAO,EAAE,cAAc,CAAC,CAAA;QAE7C,OAAO,CAAC,IAAI,GAAG;YACb,WAAW,EAAE,cAAc;YAC3B,YAAY,EAAE,eAAe;SAC9B,CAAA;KACF;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,OAAO,CAAA;KACzB;AACH,CAAC,CAAC,CAAA;AAEF,oBAAY,CAAC,GAAG,CAAC,UAAU,EAAE,uCAAyB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAC9E,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAA;IAEtC,KAAK,CAAC,kCAAkC,EAAE,IAAI,EAAE,MAAM,CAAC,CAAA;IAEvD,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;IACjE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,EAAE,CAAA;IAEnG,IAAI,WAAW,GAAG,EAAE,CAAA;IACpB,IAAI,IAAI,IAAI,aAAa,EAAE;QACzB,wDAAwD;QACxD,WAAW,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAA;KAChE;IAED,OAAO,CAAC,IAAI,GAAG;QACb,OAAO,EAAE;YACP,IAAI;YACJ,WAAW;YACX,KAAK;YACL,IAAI,CAAC,wCAAwC;YAC7C,MAAM,EAAE;gBACN,IAAI,EAAE,UAAU;gBAChB,SAAS;gBACT,SAAS;gBACT,UAAU;gBACV,YAAY;gBACZ,QAAQ;aACT;YACD,WAAW;SACZ;KACF,CAAA;AACH,CAAC,CAAC,CAAA;AAEF,oBAAY,CAAC,IAAI,CAAC,aAAa,EAAE,uCAAyB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IAClF,IAAI;QACF,IAAI,EAAE,IAAI,EAAE,GAAmB,OAAO,CAAC,KAAK,CAAA;QAE5C,IAAI,OAAO,OAAO,CAAC,eAAe,KAAK,UAAU,EAAE;YACjD,MAAM,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,CAAA;SACpC;aAAM;YACL,IAAI,CAAC,OAAO,GAAG,EAAE,CAAA;YACjB,IAAI,CAAC,KAAK,GAAG,EAAE,CAAA;YACf,IAAI,CAAC,MAAM,GAAG,iBAAU,CAAC,OAAO,CAAA;YAChC,MAAM,IAAA,uBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;SACrC;QACD,OAAO,CAAC,MAAM,GAAG,GAAG,CAAA;QACpB,OAAO,CAAC,IAAI,GAAG,IAAI,CAAA;KACpB;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,CAAC,CAAA;KACR;AACH,CAAC,CAAC,CAAA"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@things-factory/auth-base",
|
|
3
|
-
"version": "4.0.
|
|
3
|
+
"version": "4.0.27",
|
|
4
4
|
"main": "dist-server/index.js",
|
|
5
5
|
"browser": "client/index.js",
|
|
6
6
|
"things-factory": true,
|
|
@@ -27,10 +27,10 @@
|
|
|
27
27
|
"migration:create": "node ../../node_modules/typeorm/cli.js migration:create -d ./server/migrations"
|
|
28
28
|
},
|
|
29
29
|
"dependencies": {
|
|
30
|
-
"@things-factory/email-base": "^4.0.
|
|
31
|
-
"@things-factory/env": "^4.0.
|
|
32
|
-
"@things-factory/i18n-base": "^4.0.
|
|
33
|
-
"@things-factory/shell": "^4.0.
|
|
30
|
+
"@things-factory/email-base": "^4.0.27",
|
|
31
|
+
"@things-factory/env": "^4.0.27",
|
|
32
|
+
"@things-factory/i18n-base": "^4.0.27",
|
|
33
|
+
"@things-factory/shell": "^4.0.27",
|
|
34
34
|
"jsonwebtoken": "^8.5.1",
|
|
35
35
|
"koa-passport": "^4.1.4",
|
|
36
36
|
"koa-session": "^6.0.0",
|
|
@@ -40,5 +40,5 @@
|
|
|
40
40
|
"passport-local": "^1.0.0",
|
|
41
41
|
"uuid": "^3.4.0"
|
|
42
42
|
},
|
|
43
|
-
"gitHead": "
|
|
43
|
+
"gitHead": "276eaface2890c8f229ce6c9f64cde9c6b1e0083"
|
|
44
44
|
}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
+
import { SUBDOMAIN_NOTFOUND, USER_LOCKED, USER_NOT_ACTIVATED } from '../constants/error-code'
|
|
1
2
|
import { AuthError } from '../errors/auth-error'
|
|
2
|
-
import { USER_LOCKED, SUBDOMAIN_NOTFOUND, USER_NOT_ACTIVATED } from '../constants/error-code'
|
|
3
3
|
import { accepts } from '../utils/accepts'
|
|
4
4
|
|
|
5
5
|
const debug = require('debug')('things-factory:auth-base:authenticate-401-middleware')
|
|
@@ -14,7 +14,7 @@ export async function authenticate401Middleware(context, next) {
|
|
|
14
14
|
message = context.t(`error.${err.errorCode}`, err.detail || {})
|
|
15
15
|
debug(`auth error(${err.errorCode})`, message)
|
|
16
16
|
} else {
|
|
17
|
-
if (err
|
|
17
|
+
if (err?.status !== 401) {
|
|
18
18
|
throw err
|
|
19
19
|
}
|
|
20
20
|
|
|
@@ -1,10 +1,16 @@
|
|
|
1
|
+
import jwt from 'jsonwebtoken'
|
|
1
2
|
import compose from 'koa-compose'
|
|
2
3
|
import passport from 'koa-passport'
|
|
3
4
|
import Router from 'koa-router'
|
|
4
5
|
import { getRepository } from 'typeorm'
|
|
5
|
-
|
|
6
|
-
import {
|
|
6
|
+
|
|
7
|
+
import { Domain } from '@things-factory/shell'
|
|
8
|
+
|
|
7
9
|
import { jwtAuthenticateMiddleware } from '../../middlewares'
|
|
10
|
+
import { Application } from '../../service/application/application'
|
|
11
|
+
import { User, UserStatus } from '../../service/user/user'
|
|
12
|
+
import { setAccessTokenCookie } from '../../utils/access-token-cookie'
|
|
13
|
+
import { SECRET } from '../../utils/get-secret'
|
|
8
14
|
import { server as oauth2orizeServer } from './oauth2-server'
|
|
9
15
|
import { Strategy as ClientPasswordStrategy } from './passport-oauth2-client-password'
|
|
10
16
|
|
|
@@ -74,6 +80,45 @@ oauth2Router.post(
|
|
|
74
80
|
oauth2orizeServer.errorHandler()
|
|
75
81
|
)
|
|
76
82
|
|
|
83
|
+
oauth2Router.post('/refresh-token', async (context, next) => {
|
|
84
|
+
const refreshToken: string | undefined = context.request?.body?.refreshToken
|
|
85
|
+
if (!refreshToken) throw new Error('Missing refresh token')
|
|
86
|
+
|
|
87
|
+
const appUser: User | undefined = await getRepository(User).findOne({
|
|
88
|
+
password: refreshToken
|
|
89
|
+
})
|
|
90
|
+
|
|
91
|
+
if (!appUser) throw new Error('App user is not found')
|
|
92
|
+
|
|
93
|
+
try {
|
|
94
|
+
jwt.verify(refreshToken, SECRET)
|
|
95
|
+
const decoded = jwt.decode(refreshToken) as any
|
|
96
|
+
const subdomain: string = decoded.domain.subdomain
|
|
97
|
+
const domain: Domain | undefined = await getRepository(Domain).findOne({
|
|
98
|
+
where: { subdomain }
|
|
99
|
+
})
|
|
100
|
+
if (!domain) throw new Error('Domain is not found')
|
|
101
|
+
const appKey: string = decoded.application.appKey
|
|
102
|
+
const scopes: any[] = decoded.scope
|
|
103
|
+
|
|
104
|
+
const newAccessToken: string = Application.generateAccessToken(domain, appUser, appKey, scopes)
|
|
105
|
+
const newRefreshToken: string = Application.generateRefreshToken(domain, appUser, appKey, scopes)
|
|
106
|
+
|
|
107
|
+
appUser.password = newRefreshToken
|
|
108
|
+
await getRepository(User).save(appUser)
|
|
109
|
+
|
|
110
|
+
setAccessTokenCookie(context, newAccessToken)
|
|
111
|
+
|
|
112
|
+
context.body = {
|
|
113
|
+
accessToken: newAccessToken,
|
|
114
|
+
refreshToken: newRefreshToken
|
|
115
|
+
}
|
|
116
|
+
} catch (e) {
|
|
117
|
+
context.status = 401
|
|
118
|
+
context.body = e.message
|
|
119
|
+
}
|
|
120
|
+
})
|
|
121
|
+
|
|
77
122
|
oauth2Router.get('/profile', jwtAuthenticateMiddleware, async (context, next) => {
|
|
78
123
|
const { user, domain } = context.state
|
|
79
124
|
|
|
@@ -124,9 +169,4 @@ oauth2Router.post('/disconnect', jwtAuthenticateMiddleware, async (context, next
|
|
|
124
169
|
} catch (e) {
|
|
125
170
|
throw e
|
|
126
171
|
}
|
|
127
|
-
|
|
128
|
-
try {
|
|
129
|
-
} catch (e) {
|
|
130
|
-
throw e
|
|
131
|
-
}
|
|
132
172
|
})
|