bjx-auth 1.0.3 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bjx-auth-api.esm.js +2 -2
- package/dist/bjx-auth-api.umd.js +2 -2
- package/package.json +1 -1
- package/src/config.js +1 -1
- package/src/strategy/handle.js +11 -1
- package/src/strategy/strategy.js +96 -21
- package/src/strategy/utils.js +3 -0
package/package.json
CHANGED
package/src/config.js
CHANGED
package/src/strategy/handle.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
const {
|
|
2
2
|
setConfig,
|
|
3
|
+
getConfig,
|
|
3
4
|
getToken: getTokenApi,
|
|
4
5
|
getUserInfo: getUserInfoApi,
|
|
5
6
|
} = require('../request')
|
|
@@ -31,12 +32,20 @@ async function getToken(cookies, isRefresh, { headers, ctx }) {
|
|
|
31
32
|
}
|
|
32
33
|
|
|
33
34
|
async function getUserInfo(token, type, { headers, ctx }) {
|
|
35
|
+
// 兼容老的token 以支持老版本APP嵌入页面
|
|
36
|
+
const tokenHeader = {}
|
|
37
|
+
if (token.startsWith('Bearer ')) {
|
|
38
|
+
tokenHeader['Authorization'] = token
|
|
39
|
+
} else {
|
|
40
|
+
tokenHeader['AuthToken'] = token
|
|
41
|
+
}
|
|
42
|
+
|
|
34
43
|
return getUserInfoApi(
|
|
35
44
|
{
|
|
36
45
|
__type__: type,
|
|
37
46
|
headers: {
|
|
38
|
-
AuthToken: token,
|
|
39
47
|
...headers,
|
|
48
|
+
...tokenHeader,
|
|
40
49
|
},
|
|
41
50
|
},
|
|
42
51
|
{
|
|
@@ -51,6 +60,7 @@ async function getUserInfo(token, type, { headers, ctx }) {
|
|
|
51
60
|
|
|
52
61
|
module.exports = {
|
|
53
62
|
setConfig,
|
|
63
|
+
getConfig,
|
|
54
64
|
getToken,
|
|
55
65
|
getUserInfo,
|
|
56
66
|
}
|
package/src/strategy/strategy.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
const { Strategy } = require('passport')
|
|
2
|
-
const { setConfig, getToken, getUserInfo } = require('./handle')
|
|
2
|
+
const { setConfig, getConfig, getToken, getUserInfo } = require('./handle')
|
|
3
3
|
const { errorLogger, debugLogger } = require('../logger')
|
|
4
4
|
|
|
5
5
|
class BjxStrategy extends Strategy {
|
|
@@ -13,11 +13,14 @@ class BjxStrategy extends Strategy {
|
|
|
13
13
|
this.loadUserInfo = options.loadUserInfo || false
|
|
14
14
|
this.userInfoDuration = this.normalizeDuration(options.loadUserInfo)
|
|
15
15
|
this.userInfoType = options.userInfoType || ''
|
|
16
|
-
this.
|
|
16
|
+
this.handleHeadrToken = options.handleHeadrToken || false
|
|
17
17
|
this.verify = verify || ((user, done) => done(null, user))
|
|
18
18
|
|
|
19
19
|
// 设置配置缓存
|
|
20
|
-
setConfig(
|
|
20
|
+
setConfig(options.authConfig)
|
|
21
|
+
if (options.authConfig.debug) {
|
|
22
|
+
debugLogger('配置项', getConfig())
|
|
23
|
+
}
|
|
21
24
|
}
|
|
22
25
|
|
|
23
26
|
normalizeDuration(val) {
|
|
@@ -35,27 +38,99 @@ class BjxStrategy extends Strategy {
|
|
|
35
38
|
req.cookies.get('idsrv.session') &&
|
|
36
39
|
req.cookies.get('.AspNetCore.Identity.Application')
|
|
37
40
|
|
|
41
|
+
// 检查必要的header
|
|
42
|
+
const hasRequiredHeaders =
|
|
43
|
+
req.headers && (req.headers.authtoken || req.headers.authorization)
|
|
44
|
+
|
|
38
45
|
// 假如不存在 则认证失败
|
|
39
|
-
if (!hasRequiredCookies) {
|
|
40
|
-
return this.fail(new Error('Missing required cookies'))
|
|
41
|
-
}
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
46
|
+
if (!hasRequiredCookies && !(this.handleHeadrToken && hasRequiredHeaders)) {
|
|
47
|
+
return this.fail(new Error('Missing required cookies or headers'))
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
if (this.handleHeadrToken && hasRequiredHeaders) {
|
|
51
|
+
this.executeCosplayAuthentication(req)
|
|
52
|
+
.then((user) => {
|
|
53
|
+
this.success(user)
|
|
54
|
+
})
|
|
55
|
+
.catch((err) => {
|
|
56
|
+
if (err.message === '__goto_next__') {
|
|
57
|
+
this.pass()
|
|
58
|
+
} else {
|
|
59
|
+
this.error(err)
|
|
60
|
+
}
|
|
61
|
+
})
|
|
62
|
+
} else if (hasRequiredCookies) {
|
|
63
|
+
// 否则 执行认证流程
|
|
64
|
+
this.executeAuthentication(req)
|
|
65
|
+
.then((user) =>
|
|
66
|
+
// 创建策略时 可传入回调函数 已追加认证逻辑
|
|
67
|
+
this.verify(user, (err, verifiedUser) => {
|
|
68
|
+
if (err) return this.error(err)
|
|
69
|
+
this.success(verifiedUser)
|
|
70
|
+
}),
|
|
71
|
+
)
|
|
72
|
+
.catch((err) => {
|
|
73
|
+
if (err.message === '__goto_next__') {
|
|
74
|
+
this.pass()
|
|
75
|
+
} else {
|
|
76
|
+
this.error(err)
|
|
77
|
+
}
|
|
78
|
+
})
|
|
79
|
+
} else {
|
|
80
|
+
this.pass()
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
|
|
84
|
+
async executeCosplayAuthentication(req) {
|
|
85
|
+
// 以Bearer开始的 为Authorization头 否则为Authtoken头
|
|
86
|
+
let token = ''
|
|
87
|
+
let isAuthorization = false
|
|
88
|
+
if (req.headers?.authtoken) {
|
|
89
|
+
token = req.headers.authtoken
|
|
90
|
+
} else if (req.headers?.authorization) {
|
|
91
|
+
token = req.headers.authorization.replace('Bearer ', '')
|
|
92
|
+
isAuthorization = true
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
const su = req?.session?.passport?.user || {}
|
|
96
|
+
if (su.token?.access_token === token) {
|
|
97
|
+
throw new Error('__goto_next__')
|
|
98
|
+
}
|
|
99
|
+
|
|
100
|
+
// 假如session里面没有不是该token说明换了 需要重新获取
|
|
101
|
+
su.info = null
|
|
102
|
+
const userInfo = await this.getUserInfoWithRefresh(
|
|
103
|
+
(isAuthorization ? 'Bearer ' : '') + token,
|
|
104
|
+
req,
|
|
105
|
+
{},
|
|
106
|
+
)
|
|
107
|
+
if (userInfo) {
|
|
108
|
+
debugLogger(
|
|
109
|
+
`通过${isAuthorization ? 'Authorization' : 'Authtoken'}头信息登录系统`,
|
|
51
110
|
)
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
111
|
+
if (isAuthorization) {
|
|
112
|
+
return {
|
|
113
|
+
token: {
|
|
114
|
+
token_type: 'Bearer',
|
|
115
|
+
access_token: token,
|
|
116
|
+
expires_at: (Date.now() / 1000 + 4 * 600) | 0,
|
|
117
|
+
},
|
|
118
|
+
info: userInfo,
|
|
57
119
|
}
|
|
58
|
-
}
|
|
120
|
+
} else {
|
|
121
|
+
return {
|
|
122
|
+
token: {
|
|
123
|
+
bjx_token_flag: 'This token from authtoken/authorization header',
|
|
124
|
+
token_type: '',
|
|
125
|
+
access_token: token,
|
|
126
|
+
expires_at: (Date.now() / 1000 + 4 * 600) | 0,
|
|
127
|
+
},
|
|
128
|
+
info: userInfo,
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
} else {
|
|
132
|
+
throw new Error('Invalid headers token')
|
|
133
|
+
}
|
|
59
134
|
}
|
|
60
135
|
|
|
61
136
|
async executeAuthentication(req) {
|
package/src/strategy/utils.js
CHANGED
|
@@ -188,13 +188,16 @@ function getLoginCenterUrl(opts, type = '') {
|
|
|
188
188
|
} = opts || {}
|
|
189
189
|
if (!site && !ctx) throw new Error('site is required')
|
|
190
190
|
if (!returnUrl && !ctx) throw new Error('returnUrl is required')
|
|
191
|
+
|
|
191
192
|
const { clientId, login: loginCenter } = config
|
|
193
|
+
|
|
192
194
|
const pp = objToQs({
|
|
193
195
|
BA: BA || ctx?.query?.ba || config.ba || '',
|
|
194
196
|
BP: BP || ctx?.query?.bp || config.bp || '',
|
|
195
197
|
OS: OS || config.os || 1,
|
|
196
198
|
EQP: EQP || config.eqp || '',
|
|
197
199
|
})
|
|
200
|
+
|
|
198
201
|
let sr
|
|
199
202
|
if (ctx && (!site || !returnUrl)) {
|
|
200
203
|
sr = handleCtx(ctx, !site)
|