111 lines
2.5 KiB
JavaScript
111 lines
2.5 KiB
JavaScript
const JWT = require('jsonwebtoken');
|
|
const KEY = 'Th1s is THE s3cr3t kEy. It secures the t0ken!';
|
|
|
|
const Token = {
|
|
create: (payload, expires = '1h', callback) => {
|
|
JWT.sign(payload, KEY, { expiresIn: expires }, callback);
|
|
},
|
|
verify: (token, callback) => {
|
|
JWT.verify(token, KEY, callback);
|
|
}
|
|
};
|
|
|
|
function createAnonymousToken (e) {
|
|
Token.create({ username: null, can: ['view'] }, (err, token) => {
|
|
if (err) {
|
|
e.emit('token:create', err, null);
|
|
}
|
|
|
|
if (token) {
|
|
e.emit('token:create', null, token);
|
|
}
|
|
});
|
|
}
|
|
|
|
function createAuthenticatedToken (e, user, expires = '1h', event = 'token:create') {
|
|
Token.create({ username: user.name, can: user.can }, expires, (err, token) => {
|
|
if (err) {
|
|
e.emit(event, err, null);
|
|
}
|
|
|
|
if (token) {
|
|
e.emit(event, null, token);
|
|
}
|
|
});
|
|
}
|
|
|
|
function refreshToken (e, token) {
|
|
Token.verify(e, token, (err, decoded) => {
|
|
if (err) {
|
|
e.emit('token:refresh', err, null);
|
|
}
|
|
|
|
if (decoded) {
|
|
createAuthenticatedToken(
|
|
e,
|
|
{ username: decoded.username, can: decoded.can },
|
|
'token:refresh'
|
|
);
|
|
}
|
|
});
|
|
}
|
|
|
|
function validateToken (e, token, callback) {
|
|
if (token) {
|
|
token = token.replace(/(bearer|basic)\s/i, '');
|
|
|
|
Token.verify(token, (err, decoded) => {
|
|
var result = { valid: !!decoded, data: decoded };
|
|
|
|
if (e) {
|
|
if (err || !result.valid) {
|
|
e.emit('token:validate', (err || result), null);
|
|
}
|
|
|
|
e.emit('token:validate', null, result);
|
|
}
|
|
|
|
else if (typeof callback === 'function') {
|
|
if (err) {
|
|
callback(err, null);
|
|
}
|
|
|
|
callback(null, result);
|
|
}
|
|
});
|
|
} else {
|
|
if (e) {
|
|
e.emit('token:validate', 'No session token passed.', null);
|
|
}
|
|
|
|
else if (typeof callback === 'function') {
|
|
callback('No session token passed.', null);
|
|
}
|
|
}
|
|
}
|
|
|
|
function verifyTokenThen (token, action, callback) {
|
|
if (action === 'view') {
|
|
callback(null, { hasPermission: true });
|
|
} else {
|
|
validateToken(null, token, (err, decoded) => {
|
|
if (err) {
|
|
callback('Session could not be validated.', null);
|
|
}
|
|
|
|
if (decoded) {
|
|
callback(null, { hasPermission: (decoded.valid && (decoded.can.indexOf(action) > -1)) });
|
|
}
|
|
});
|
|
}
|
|
}
|
|
|
|
|
|
module.exports = {
|
|
anonymous: createAnonymousToken,
|
|
create: createAuthenticatedToken,
|
|
refresh: refreshToken,
|
|
validate: validateToken,
|
|
verifyThen: verifyTokenThen
|
|
};
|