104 lines
2.5 KiB
JavaScript
104 lines
2.5 KiB
JavaScript
// @flow
|
|
import httpErrors from 'http-errors';
|
|
import JWT from 'jsonwebtoken';
|
|
import { type Context } from 'koa';
|
|
|
|
import { User, ApiKey } from '../../models';
|
|
|
|
export default function auth({ require = true }: { require?: boolean } = {}) {
|
|
return async function authMiddleware(
|
|
ctx: Context,
|
|
next: () => Promise<void>
|
|
) {
|
|
let token;
|
|
|
|
const authorizationHeader = ctx.request.get('authorization');
|
|
if (authorizationHeader) {
|
|
const parts = authorizationHeader.split(' ');
|
|
if (parts.length === 2) {
|
|
const scheme = parts[0];
|
|
const credentials = parts[1];
|
|
|
|
if (/^Bearer$/i.test(scheme)) {
|
|
token = credentials;
|
|
}
|
|
} else {
|
|
if (require) {
|
|
throw httpErrors.Unauthorized(
|
|
`Bad Authorization header format. \
|
|
Format is "Authorization: Bearer <token>"\n`
|
|
);
|
|
}
|
|
}
|
|
// $FlowFixMe
|
|
} else if (ctx.body.token) {
|
|
token = ctx.body.token;
|
|
} else if (ctx.request.query.token) {
|
|
token = ctx.request.query.token;
|
|
}
|
|
|
|
if (!token && require) {
|
|
throw httpErrors.Unauthorized('Authentication required');
|
|
}
|
|
|
|
if (token) {
|
|
let user;
|
|
|
|
if (String(token).match(/^[\w]{38}$/)) {
|
|
// API key
|
|
let apiKey;
|
|
try {
|
|
apiKey = await ApiKey.findOne({
|
|
where: {
|
|
secret: token,
|
|
},
|
|
});
|
|
} catch (e) {
|
|
throw httpErrors.Unauthorized('Invalid API key');
|
|
}
|
|
|
|
if (!apiKey) throw httpErrors.Unauthorized('Invalid token');
|
|
|
|
user = await User.findOne({
|
|
where: { id: apiKey.userId },
|
|
});
|
|
|
|
if (!user) throw httpErrors.Unauthorized('Invalid token');
|
|
} else {
|
|
// JWT
|
|
// Get user without verifying payload signature
|
|
let payload;
|
|
try {
|
|
payload = JWT.decode(token);
|
|
} catch (e) {
|
|
throw httpErrors.Unauthorized('Unable to decode JWT token');
|
|
}
|
|
|
|
if (!payload) throw httpErrors.Unauthorized('Invalid token');
|
|
|
|
user = await User.findOne({
|
|
where: { id: payload.id },
|
|
});
|
|
|
|
try {
|
|
JWT.verify(token, user.jwtSecret);
|
|
} catch (e) {
|
|
throw httpErrors.Unauthorized('Invalid token');
|
|
}
|
|
}
|
|
|
|
ctx.state.token = token;
|
|
ctx.state.user = user;
|
|
// $FlowFixMe
|
|
ctx.cache[user.id] = user;
|
|
}
|
|
|
|
return next();
|
|
};
|
|
}
|
|
|
|
// Export JWT methods as a convenience
|
|
export const sign = JWT.sign;
|
|
export const verify = JWT.verify;
|
|
export const decode = JWT.decode;
|