propro-utils 1.4.23 → 1.4.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/server/index.js +150 -143
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "propro-utils",
3
- "version": "1.4.23",
3
+ "version": "1.4.25",
4
4
  "description": "Auth middleware for propro-auth",
5
5
  "main": "src/index.js",
6
6
  "scripts": {
package/src/server/index.js CHANGED
@@ -1,7 +1,10 @@
1
1
  require('dotenv').config();
2
- const {exchangeToken, formatRedirectUrl} = require('./middleware/verifyToken');
3
- const {checkIfUserExists} = require('../../middlewares/account_info');
4
- const {post} = require('axios');
2
+ const {
3
+ exchangeToken,
4
+ formatRedirectUrl,
5
+ } = require('./middleware/verifyToken');
6
+ const { checkIfUserExists } = require('../../middlewares/account_info');
7
+ const { post } = require('axios');
5
8
 
6
9
  /**
7
10
  * Middleware for handling authentication and authorization.
@@ -18,153 +21,150 @@ const {post} = require('axios');
18
21
  * @returns {Function} - Express middleware function.
19
22
  */
20
23
  function proproAuthMiddleware(options = {}, userSchema) {
21
- const {
22
- secret = 'RESTFULAPIs',
23
- authUrl = process.env.AUTH_URL,
24
- clientId = process.env.CLIENT_ID,
25
- clientSecret = process.env.CLIENT_SECRET,
26
- clientUrl = process.env.CLIENT_URL,
27
- redirectUri = process.env.REDIRECT_URI,
28
- appName = process.env.APP_NAME,
29
- } = options;
30
-
31
- let refreshToken;
32
-
33
- return async (req, res, next) => {
34
- try {
35
- if (
36
- !['/api/auth', '/api/callback', '/api/refreshToken'].includes(req.path)
37
- ) {
38
- return next();
39
- }
40
-
41
- if (req.path === '/api/auth') {
42
- const redirectUrl = constructRedirectUrl(clientUrl, appName, clientId, redirectUri);
43
- return res.status(200).json({redirectUrl});
44
- }
45
-
46
- console.log('req.path', req.path);
47
- if (req.path === '/api/refreshToken') {
48
- if (req.cookies) {
49
- console.log('req.cookies', req.cookies);
50
- refreshToken = req.cookies['x-refresh-token'];
51
- }
52
- // const refreshToken = req.cookies['x-refresh-token'];
53
- if (!refreshToken) {
54
- const redirectUrl = constructRedirectUrl(clientUrl, appName, clientId, redirectUri);
55
- return res
56
- .status(401)
57
- .json({redirectUrl, error: 'No refresh token provided'});
58
- }
59
-
60
- console.log('refreshToken', refreshToken);
61
-
62
- const response = await post(
63
- `${authUrl}/api/v1/auth/refreshTokens`,
64
- {
65
- refreshToken,
66
- },
67
- {
68
- params: {
69
- actionType: 'refresh',
70
- },
71
- }
72
- );
73
-
74
- const {account, access, refresh} = response.data;
75
-
76
- if (!account || !access || !refresh) {
77
- return res
78
- .status(401)
79
- .json({error: 'Invalid or expired refresh token'});
80
- }
81
-
82
- const currentDateTime = new Date();
83
-
84
- console.log('account', account);
85
- console.log('access', access);
86
- console.log('refresh', refresh);
87
-
88
- const refreshMaxAge =
89
- new Date(refresh.expires).getTime() - currentDateTime.getTime();
90
-
91
- res.cookie('x-refresh-token', refresh.token, {
92
- httpOnly: true,
93
- secure: process.env.NODE_ENV === 'production',
94
- maxAge: refreshMaxAge,
95
- });
96
-
97
- const accessMaxAge =
98
- new Date(access.expires).getTime() - currentDateTime.getTime();
99
-
100
- res.cookie('x-access-token', access.token, {
101
- httpOnly: true,
102
- secure: process.env.NODE_ENV === 'production',
103
- maxAge: accessMaxAge,
104
- });
105
-
106
- return res
107
- .status(200)
108
- .json({message: 'Token refreshed successfully'});
109
- }
110
-
111
-
112
- if (req.path === '/api/callback') {
113
- const code = req.query.code;
114
- if (!code) {
115
- return res.status(400).send('No code received');
116
- }
117
-
118
- const {tokens, account, redirectUrl} = await exchangeToken(
119
- authUrl,
120
- code,
121
- clientId,
122
- clientSecret,
123
- redirectUri
124
- );
125
-
126
- const user = await checkIfUserExists(userSchema, account.accountId);
24
+ const {
25
+ secret = 'RESTFULAPIs',
26
+ authUrl = process.env.AUTH_URL,
27
+ clientId = process.env.CLIENT_ID,
28
+ clientSecret = process.env.CLIENT_SECRET,
29
+ clientUrl = process.env.CLIENT_URL,
30
+ redirectUri = process.env.REDIRECT_URI,
31
+ appName = process.env.APP_NAME,
32
+ } = options;
33
+
34
+ let refreshToken;
35
+
36
+ return async (req, res, next) => {
37
+ try {
38
+ if (
39
+ !['/api/auth', '/api/callback', '/api/refreshToken'].includes(req.path)
40
+ ) {
41
+ return next();
42
+ }
43
+
44
+ if (req.path === '/api/auth') {
45
+ const redirectUrl = constructRedirectUrl(
46
+ clientUrl,
47
+ appName,
48
+ clientId,
49
+ redirectUri
50
+ );
51
+ return res.status(200).json({ redirectUrl });
52
+ }
53
+
54
+ if (req.path === '/api/refreshToken') {
55
+ if (req.cookies) {
56
+ refreshToken = req.cookies['x-refresh-token'];
57
+ }
58
+ // const refreshToken = req.cookies['x-refresh-token'];
59
+ if (!refreshToken) {
60
+ const redirectUrl = constructRedirectUrl(
61
+ clientUrl,
62
+ appName,
63
+ clientId,
64
+ redirectUri
65
+ );
66
+ return res
67
+ .status(401)
68
+ .json({ redirectUrl, error: 'No refresh token provided' });
69
+ }
127
70
 
128
- const currentDateTime = new Date();
71
+ const formatedAuthUrl = formatRedirectUrl(authUrl);
72
+
73
+ const response = await post(
74
+ `${formatedAuthUrl}/api/v1/auth/refreshTokens`,
75
+ {
76
+ refreshToken,
77
+ },
78
+ {
79
+ params: {
80
+ actionType: 'refresh',
81
+ },
82
+ }
83
+ );
84
+
85
+ const { account, access, refresh } = response.data;
86
+
87
+ if (!account || !access || !refresh) {
88
+ return res
89
+ .status(401)
90
+ .json({ error: 'Invalid or expired refresh token' });
91
+ }
129
92
 
130
- const refreshMaxAge =
131
- new Date(tokens.refresh.expires).getTime() -
132
- currentDateTime.getTime();
133
-
134
-
135
- res.cookie('x-refresh-token', tokens.refresh.token, {
136
- httpOnly: true,
137
- secure: process.env.NODE_ENV === 'production',
138
- maxAge: refreshMaxAge,
139
- });
93
+ const currentDateTime = new Date();
140
94
 
95
+ const refreshMaxAge =
96
+ new Date(refresh.expires).getTime() - currentDateTime.getTime();
141
97
 
142
- const accessMaxAge =
143
- new Date(tokens.access.expires).getTime() - currentDateTime.getTime();
98
+ res.cookie('x-refresh-token', refresh.token, {
99
+ httpOnly: true,
100
+ secure: process.env.NODE_ENV === 'production',
101
+ maxAge: refreshMaxAge,
102
+ });
144
103
 
145
- res.cookie('x-access-token', tokens.access.token, {
146
- httpOnly: true,
147
- secure: process.env.NODE_ENV === 'production',
148
- maxAge: accessMaxAge,
149
- });
104
+ const accessMaxAge =
105
+ new Date(access.expires).getTime() - currentDateTime.getTime();
150
106
 
107
+ res.cookie('x-access-token', access.token, {
108
+ httpOnly: true,
109
+ secure: process.env.NODE_ENV === 'production',
110
+ maxAge: accessMaxAge,
111
+ });
151
112
 
152
- res.cookie('user', JSON.stringify(user));
113
+ return res
114
+ .status(200)
115
+ .json({ message: 'Token refreshed successfully' });
116
+ }
153
117
 
118
+ if (req.path === '/api/callback') {
119
+ const code = req.query.code;
120
+ if (!code) {
121
+ return res.status(400).send('No code received');
122
+ }
154
123
 
155
- res.cookie('account', JSON.stringify(account));
124
+ const { tokens, account, redirectUrl } = await exchangeToken(
125
+ authUrl,
126
+ code,
127
+ clientId,
128
+ clientSecret,
129
+ redirectUri
130
+ );
156
131
 
132
+ const user = await checkIfUserExists(userSchema, account.accountId);
157
133
 
158
- const urlToRedirect = formatRedirectUrl(redirectUrl);
134
+ const currentDateTime = new Date();
159
135
 
136
+ const refreshMaxAge =
137
+ new Date(tokens.refresh.expires).getTime() -
138
+ currentDateTime.getTime();
160
139
 
161
- return res.redirect(urlToRedirect);
162
- }
163
- } catch (error) {
164
- // console.error("Error in proproAuthMiddleware:", error);
165
- res.status(401).send('Unauthorized: Invalid or expired token');
166
- }
167
- };
140
+ res.cookie('x-refresh-token', tokens.refresh.token, {
141
+ httpOnly: true,
142
+ secure: process.env.NODE_ENV === 'production',
143
+ maxAge: refreshMaxAge,
144
+ });
145
+
146
+ const accessMaxAge =
147
+ new Date(tokens.access.expires).getTime() - currentDateTime.getTime();
148
+
149
+ res.cookie('x-access-token', tokens.access.token, {
150
+ httpOnly: true,
151
+ secure: process.env.NODE_ENV === 'production',
152
+ maxAge: accessMaxAge,
153
+ });
154
+
155
+ res.cookie('user', JSON.stringify(user));
156
+
157
+ res.cookie('account', JSON.stringify(account));
158
+
159
+ const urlToRedirect = formatRedirectUrl(redirectUrl);
160
+
161
+ return res.redirect(urlToRedirect);
162
+ }
163
+ } catch (error) {
164
+ // console.error("Error in proproAuthMiddleware:", error);
165
+ res.status(401).send('Unauthorized: Invalid or expired token');
166
+ }
167
+ };
168
168
  }
169
169
 
170
170
  /**
@@ -177,12 +177,19 @@ function proproAuthMiddleware(options = {}, userSchema) {
177
177
  * @return {string} The constructed redirect URL.
178
178
  */
179
179
  function constructRedirectUrl(clientUrl, appName, clientId, redirectUri) {
180
- console.log('constructRedirectUrl', clientUrl, appName, clientId, redirectUri);
181
-
182
- const urlToRedirect = formatRedirectUrl(clientUrl)
183
-
184
- return `${urlToRedirect}/signin?response_type=code&appName=${appName}&client_id=${clientId}&redirect_uri=${encodeURIComponent(redirectUri)}`;
180
+ console.log(
181
+ 'constructRedirectUrl',
182
+ clientUrl,
183
+ appName,
184
+ clientId,
185
+ redirectUri
186
+ );
187
+
188
+ const urlToRedirect = formatRedirectUrl(clientUrl);
189
+
190
+ return `${urlToRedirect}/signin?response_type=code&appName=${appName}&client_id=${clientId}&redirect_uri=${encodeURIComponent(
191
+ redirectUri
192
+ )}`;
185
193
  }
186
194
 
187
-
188
195
  module.exports = proproAuthMiddleware;