chyz 1.0.13-rc.4 → 1.0.13-rc.5

package/filters/auth/AuthInterface.ts

@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2021. Chy Bilgisayar Bilisim
+ * Author: Cihan Ozturk
+ * E-mail: cihan@chy.com.tr
+ * Github:https://github.com/cihan53/
+ */
+import {Request, Response} from "express";
+
+export interface AuthInterface{
+    /**
+     * Authenticates the current user.
+     * @param User $user
+     * @param Request $request
+     * @param Response $response
+     * @return IdentityInterface the authenticated user identity. If authentication information is not provided, null will be returned.
+     * @throws UnauthorizedHttpException if authentication information is provided but is invalid.
+     */
+     authenticate(user:any, request:Request, response:Response):any;
+
+    /**
+     * Generates challenges upon authentication failure.
+     * For example, some appropriate HTTP headers may be generated.
+     * @param Response $response
+     */
+     challenge(response:Response):Response;
+
+    /**
+     * Handles authentication failure.
+     * The implementation should normally throw UnauthorizedHttpException to indicate authentication failure.
+     * @param Response $response
+     * @throws UnauthorizedHttpException
+     */
+     handleFailure(response:Response):Response;
+}

package/filters/auth/AuthMethod.ts

@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2021. Chy Bilgisayar Bilisim
+ * Author: Cihan Ozturk
+ * E-mail: cihan@chy.com.tr
+ * Github:https://github.com/cihan53/
+ */
+
+import {ActionFilter} from "../../base/ActionFilter";
+import {AuthInterface} from "./AuthInterface";
+import {UnauthorizedHttpException} from "../../base/UnauthorizedHttpException";
+import {WebUser} from "../../web/WebUser";
+import {Request, Response} from "express";
+
+export abstract class AuthMethod extends ActionFilter implements AuthInterface {
+
+    /**
+     * @var User the user object representing the user authentication status. If not set, the `user` application component will be used.
+     */
+    public user: WebUser | undefined;
+
+    /**
+     * @var Request the current request. If not set, the `request` application component will be used.
+     */
+    public request: Request | undefined;
+
+    /**
+     * @var Response the response to be sent. If not set, the `response` application component will be used.
+     */
+    public response: Response | undefined;
+
+
+    public optional = [];
+
+    public async beforeAction(action: any, request: Request, response: Response) {
+        let identity = await this.authenticate(
+            this.user ?? new WebUser(),
+            request,
+            response
+        )
+
+
+        // @ts-ignore
+        request.identity = identity;
+
+        if (identity !== null) {
+            return true;
+        }
+
+        this.challenge(response);
+        this.handleFailure(response);
+        return false;
+    }
+
+    authenticate(user: WebUser, request: Request, response: Response) {
+
+    }
+
+    // @ts-ignore
+    challenge(response: Response): void {
+    }
+
+    // @ts-ignore
+    handleFailure(response: Response) {
+        throw new UnauthorizedHttpException('Your request was made with invalid credentials.');
+    }
+
+    getHeaderByKey(headers: any, findKey: any) {
+        let key = Object.keys(headers).find(key => key.toLowerCase() === findKey.toLowerCase())
+        if (key) {
+            return headers[key];
+        }
+
+        return null
+    }
+
+    patternCheck(headerText:any, pattern:RegExp) {
+        if (pattern) {
+            let matches = headerText.match(pattern)
+            if (matches && matches.length > 0) {
+                return matches;
+            } else {
+                return null
+            }
+        }
+
+        return null
+    }
+}

package/filters/auth/HttpBasicAuth.ts

@@ -0,0 +1,7 @@
+/*
+ * Copyright (c) 2021. Chy Bilgisayar Bilisim
+ * Author: Cihan Ozturk
+ * E-mail: cihan@chy.com.tr
+ * Github:https://github.com/cihan53/
+ */
+

package/filters/auth/HttpBearerAuth.ts

@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2021. Chy Bilgisayar Bilisim
+ * Author: Cihan Ozturk
+ * E-mail: cihan@chy.com.tr
+ * Github:https://github.com/cihan53/
+ */
+
+import {HttpHeaderAuth} from "./HttpHeaderAuth";
+import {Request, Response} from "express";
+
+export class HttpBearerAuth extends HttpHeaderAuth {
+
+    /**
+     * {@inheritdoc}
+     */
+    public header = 'Authorization';
+    // @ts-ignore
+    public pattern = /^Bearer\s+(.*?)$/;
+    /**
+     * @var string the HTTP authentication realm
+     */
+    public realm = 'api';
+
+
+    /**
+     * {@inheritdoc}
+     */
+    public challenge(response:Response) {
+        response.set('WWW-Authenticate', `Bearer realm="${this.realm}"`);
+    }
+}

package/filters/auth/HttpHeaderAuth.ts

@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2021. Chy Bilgisayar Bilisim
+ * Author: Cihan Ozturk
+ * E-mail: cihan@chy.com.tr
+ * Github:https://github.com/cihan53/
+ */
+
+import {AuthMethod} from "./AuthMethod";
+import {WebUser} from "../../web/WebUser";
+import Utils from "../../requiments/Utils";
+import {Request, Response} from "express";
+
+export class HttpHeaderAuth extends AuthMethod {
+    /**
+     * @var string the HTTP header name
+     */
+    public header = 'X-Api-Key';
+
+
+    /**
+     * @var string a pattern to use to extract the HTTP authentication value
+     */
+
+    public pattern!: string;
+
+
+    async authenticate(user: WebUser, request:Request, response:Response) {
+        let key = Object.keys(request.headers).find(key => key.toLowerCase() === this.header.toLowerCase())
+        if (key) {
+            let authHeader:any = request.headers[key];
+            if (!Utils.isEmpty(authHeader)) {
+                if (this.pattern) {
+                    //preg_match
+                    let matches = authHeader.match(this.pattern)
+                    if (matches && matches.length > 0) {
+                        authHeader = matches[1];
+                    } else {
+                        return null;
+                    }
+                }
+
+                let identity = await user.loginByAccessToken(authHeader, "HttpHeaderAuth");
+                if (identity === null) {
+                    this.challenge(response);
+                    this.handleFailure(response);
+                }
+
+                return identity;
+            }
+        }
+        return null;
+    }
+}

package/filters/auth/JwtHttpBearerAuth.ts

@@ -0,0 +1,80 @@
+/*
+ * Copyright (c) 2021. Chy Bilgisayar Bilisim
+ * Author: Cihan Ozturk
+ * E-mail: cihan@chy.com.tr
+ * Github:https://github.com/cihan53/
+ */
+import BaseChyz from "../../BaseChyz";
+import {HttpBearerAuth} from "./HttpBearerAuth";
+import {InvalidConfigException} from "../../base/InvalidConfigException";
+import {UnauthorizedHttpException} from "../../base/UnauthorizedHttpException";
+import {Response,Request} from "express";
+import {WebUser} from "../../web/WebUser";
+
+const JsonWebToken = require("jsonwebtoken");
+
+export class JwtHttpBearerAuth extends HttpBearerAuth {
+    /**
+     * @var string|array<string, mixed>|Jwt application component ID of the JWT handler, configuration array, or JWT handler object
+     * itself. By default it's assumes that component of ID "jwt" has been configured.
+     */
+    public jwt = 'jwt'
+    public auth:any = null;
+
+
+    /**
+     * @throws InvalidConfigException
+     */
+    public init(): void {
+        super.init();
+
+        if (!this.pattern) {
+            throw new InvalidConfigException('You must provide pattern to use to extract the HTTP authentication value!');
+        }
+
+        this.user = BaseChyz.getComponent("user") ?? null;
+    }
+
+
+    public async authenticate(user:WebUser, request:Request, response:Response) // BC signature
+    {
+
+        let autHeader = this.getHeaderByKey(request.headers, this.header)
+        if (autHeader == null || (autHeader = this.patternCheck(autHeader, this.pattern)) == null) {
+            return null;
+        }
+
+        BaseChyz.debug("JSON Web Token.",autHeader);
+        let identity = null;
+        let token = null;
+
+        token = JsonWebToken.decode(autHeader[1], {complete: true})
+        if (!token) {
+            BaseChyz.warning("Your request was made with invalid or expired JSON Web Token.");
+            this.fail(response);
+        }
+
+        if (token !== null) {
+            if (this.auth != null) {
+                identity = await this.auth(autHeader[1])
+            } else {
+                identity = await user.loginByAccessToken(autHeader[1], "JwtHttpBearerAuth")
+            }
+        }
+
+        if (identity == null) this.fail(response)
+
+
+        return identity;
+    }
+
+
+    /**
+     * @throws UnauthorizedHttpException
+     */
+    public fail(response:Response): void {
+        this.challenge(response)
+        this.handleFailure(response);
+    }
+
+}

package/filters/auth/KeyCloakHttpBearerAuth.ts

@@ -0,0 +1,115 @@
+/*
+ * Copyright (c) 2021. Chy Bilgisayar Bilisim
+ * Author: Cihan Ozturk
+ * E-mail: cihan@chy.com.tr
+ * Github:https://github.com/cihan53/
+ */
+import BaseChyz from "../../BaseChyz";
+import {HttpBearerAuth} from "./HttpBearerAuth";
+import {InvalidConfigException} from "../../base/InvalidConfigException";
+import {UnauthorizedHttpException} from "../../base/UnauthorizedHttpException";
+import {Response, Request} from "express";
+import {WebUser} from "../../web/WebUser";
+
+const JsonWebToken = require("jsonwebtoken");
+
+export class KeyCloakHttpBearerAuth extends HttpBearerAuth {
+    /**
+     * @var string|array<string, mixed>|Jwt application component ID of the JWT handler, configuration array, or JWT handler object
+     * itself. By default it's assumes that component of ID "jwt" has been configured.
+     */
+    public jwt = 'jwt'
+    public auth: any = null;
+    public keycloak: any = null;
+
+
+    /**
+     * @throws InvalidConfigException
+     */
+    public init(): void {
+        super.init();
+
+        if (!this.pattern) {
+            throw new InvalidConfigException('You must provide pattern to use to extract the HTTP authentication value!');
+        }
+
+        this.keycloak = BaseChyz.getMiddlewares("keycloak").keycloak ?? null;
+        this.user = BaseChyz.getComponent("user") ?? null;
+        this.auth = this.KeyCloakCheck;
+
+
+    }
+
+    public async KeyCloakCheck(token: string, request: Request, response: Response,) {
+        if (this.keycloak == null) return false;
+        // return await this.keycloak.protect('realm:user')(request, response, () => true /*next*/)
+        return await this.keycloak.protect()(request, response, () => true /*next*/);
+    }
+
+
+    public async authenticate(user: WebUser, request: Request, response: Response) // BC signature
+    {
+
+        let identity = null;
+        let token = null;
+
+        let autHeader = this.getHeaderByKey(request.headers, this.header)
+        if (autHeader == null || (autHeader = this.patternCheck(autHeader, this.pattern)) == null) {
+            return null;
+        }
+
+        token = JsonWebToken.decode(autHeader[1], {complete: true})
+        if (!token) {
+            BaseChyz.warning("Your request was made with invalid or expired JSON Web Token.");
+            this.fail(response);
+        }
+
+        if (token !== null) {
+            identity = await this.KeyCloakCheck(autHeader[1], request, response)
+            BaseChyz.debug("KeyCloakCheck Result:", identity)
+        }
+
+        if (identity == null || identity == false) this.fail(response)
+
+        return identity;
+
+        /* let autHeader = this.getHeaderByKey(request.headers, this.header)
+         if (autHeader == null || (autHeader = this.patternCheck(autHeader, this.pattern)) == null) {
+             return null;
+         }
+
+         BaseChyz.debug("JSON Web Token.",autHeader);
+         let identity = null;
+         let token = null;
+
+         token = JsonWebToken.decode(autHeader[1], {complete: true})
+         if (!token) {
+             BaseChyz.warning("Your request was made with invalid or expired JSON Web Token.");
+             this.fail(response);
+         }
+
+         if (token !== null) {
+             if (this.auth != null) {
+                 identity = await this.auth(autHeader[1])
+             } else {
+                 identity = await user.loginByAccessToken(autHeader[1], "JwtHttpBearerAuth")
+             }
+         }
+
+         if (identity == null) this.fail(response)
+
+
+
+         return identity;*/
+    }
+
+
+    /**
+     * @throws UnauthorizedHttpException
+     */
+    public fail(response: Response): void {
+        // this.challenge(response)
+        // this.handleFailure(response);
+    }
+
+}

package/filters/auth/index.ts

@@ -0,0 +1,3 @@
+export * from "./JwtHttpBearerAuth"
+export * from "./HttpBearerAuth"
+export * from "./HttpHeaderAuth"

package/filters/index.ts

@@ -0,0 +1,2 @@
+export * from "./AccessControl"
+export * from "./AccessRule"

package/index.ts

@@ -0,0 +1,14 @@
+export {Request, Response, NextFunction} from "express";
+export * from "./base";
+export * from "./filters";
+export * from "./filters/auth";
+export * from "./decorator";
+export * from "./requiments/Utils";
+export {RouteDefinition} from "./model/RouteDefinition";
+export {WebUser} from "./web/WebUser";
+
+import BaseChyz from "./BaseChyz";
+export {BaseChyz}
+
+const Chyz = new BaseChyz();
+export default Chyz;

package/model/RouteDefinition.ts

@@ -0,0 +1,18 @@
+/*
+ * Copyright (c) 2021. Chy Bilgisayar Bilisim
+ * Author: Cihan Ozturk
+ * E-mail: cihan@chy.com.tr
+ * Github:https://github.com/cihan53/
+ */
+
+export interface RouteDefinition {
+    //id
+    id:string;
+    // Path to our route
+    path: string;
+    // HTTP Request method (get, post, ...)
+    requestMethod: 'get' | 'post' | 'delete' | 'options' | 'put';
+    // Method name within our class responsible for this route
+    methodName: string;
+}
+