2024-10-01 13:49:18 +02:00
|
|
|
import * as plugins from '../plugins.js';
|
2024-09-29 13:56:38 +02:00
|
|
|
import { Reception } from './classes.reception.js';
|
|
|
|
|
import { Jwt } from './classes.jwt.js';
|
|
|
|
|
|
|
|
|
|
export class JwtManager {
|
|
|
|
|
public receptionRef: Reception;
|
|
|
|
|
public get db() {
|
|
|
|
|
return this.receptionRef.db.smartdataDb;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public smartjwtInstance = new plugins.smartjwt.SmartJwt();
|
|
|
|
|
public jwtManagerEasyStore: plugins.smartdata.EasyStore<{
|
|
|
|
|
jwtJsonKeypair: plugins.tsclass.network.IJwtKeypair;
|
|
|
|
|
}>;
|
|
|
|
|
public blockedJwtIdList: string[] = [];
|
|
|
|
|
|
|
|
|
|
public typedrouter = new plugins.typedrequest.TypedRouter();
|
|
|
|
|
|
|
|
|
|
public CJwt = plugins.smartdata.setDefaultManagerForDoc(this, Jwt);
|
|
|
|
|
|
|
|
|
|
constructor(receptionRefArg: Reception) {
|
|
|
|
|
this.receptionRef = receptionRefArg;
|
|
|
|
|
this.receptionRef.typedrouter.addTypedRouter(this.typedrouter);
|
2024-10-07 10:26:21 +02:00
|
|
|
this.typedrouter.addTypedHandler<plugins.idpInterfaces.request.IReq_RefreshJwt>(
|
2024-09-29 13:56:38 +02:00
|
|
|
new plugins.typedrequest.TypedHandler(
|
|
|
|
|
'refreshJwt',
|
|
|
|
|
async (requestArg) => {
|
2026-04-20 08:12:07 +00:00
|
|
|
const sessionLookup =
|
|
|
|
|
await this.receptionRef.loginSessionManager.findLoginSessionByRefreshToken(
|
|
|
|
|
requestArg.refreshToken
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (!sessionLookup || sessionLookup.validationStatus === 'invalid') {
|
|
|
|
|
return {
|
|
|
|
|
status: 'not found',
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (sessionLookup.validationStatus === 'invalidated') {
|
|
|
|
|
return {
|
|
|
|
|
status: 'invalidated',
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (sessionLookup.validationStatus === 'reused') {
|
|
|
|
|
await sessionLookup.loginSession.invalidate();
|
|
|
|
|
return {
|
|
|
|
|
status: 'invalidated',
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const rotatedRefreshToken = await sessionLookup.loginSession.getRefreshToken();
|
|
|
|
|
const resultJwt = await Jwt.createJwtForLoginSession(this, sessionLookup.loginSession);
|
|
|
|
|
if (!rotatedRefreshToken || !resultJwt) {
|
|
|
|
|
return {
|
|
|
|
|
status: 'invalidated',
|
|
|
|
|
};
|
|
|
|
|
}
|
2024-09-29 13:56:38 +02:00
|
|
|
return {
|
|
|
|
|
status: 'loggedIn',
|
|
|
|
|
jwt: resultJwt,
|
2026-04-20 08:12:07 +00:00
|
|
|
refreshToken: rotatedRefreshToken,
|
2024-09-29 13:56:38 +02:00
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
this.typedrouter.addTypedHandler(
|
2024-10-07 10:26:21 +02:00
|
|
|
new plugins.typedrequest.TypedHandler<plugins.idpInterfaces.request.IReq_GetPublicKeyForValidation>(
|
2024-09-29 13:56:38 +02:00
|
|
|
'getPublicKeyForValidation',
|
|
|
|
|
async (requestArg) => {
|
|
|
|
|
// TODO control backend token
|
|
|
|
|
return {
|
|
|
|
|
publicKeyPem: this.smartjwtInstance.getKeyPairAsJson().publicPem,
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
this.typedrouter.addTypedHandler(
|
2024-10-07 10:26:21 +02:00
|
|
|
new plugins.typedrequest.TypedHandler<plugins.idpInterfaces.request.IReq_PushOrGetJwtIdBlocklist>(
|
2024-09-29 13:56:38 +02:00
|
|
|
'pushOrGetJwtIdBlocklist',
|
|
|
|
|
async (requestArg) => {
|
|
|
|
|
// TODO control backend token
|
|
|
|
|
return {
|
|
|
|
|
blockedJwtIds: this.blockedJwtIdList
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public async pushPublicKeyToClients() {
|
|
|
|
|
const targetConnections =
|
2024-10-07 10:26:21 +02:00
|
|
|
await this.receptionRef.options.websiteServer.typedserver.typedsocket.findAllTargetConnectionsByTag<plugins.idpInterfaces.tags.ITag_LolePubapi>(
|
2024-09-29 13:56:38 +02:00
|
|
|
'lole-reception',
|
|
|
|
|
{
|
|
|
|
|
backendToken: '',
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
for (const targetConnection of targetConnections) {
|
|
|
|
|
const pushPublicKeyTr =
|
2024-10-07 10:26:21 +02:00
|
|
|
this.receptionRef.options.websiteServer.typedserver.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_PushPublicKeyForValidation>(
|
2024-09-29 13:56:38 +02:00
|
|
|
'pushPublicKeyForValidation',
|
|
|
|
|
targetConnection
|
|
|
|
|
);
|
|
|
|
|
await pushPublicKeyTr.fire({
|
|
|
|
|
publicKeyPem: this.smartjwtInstance.getKeyPairAsJson().publicPem,
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public async pushBlockedJwtIdListToClients() {
|
|
|
|
|
const targetConnections =
|
2024-10-07 10:26:21 +02:00
|
|
|
await this.receptionRef.options.websiteServer.typedserver.typedsocket.findAllTargetConnectionsByTag<plugins.idpInterfaces.tags.ITag_LolePubapi>(
|
2024-09-29 13:56:38 +02:00
|
|
|
'lole-reception',
|
|
|
|
|
{
|
|
|
|
|
backendToken: '',
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
for (const targetConnection of targetConnections) {
|
|
|
|
|
const pushPublicKeyTr =
|
2024-10-07 10:26:21 +02:00
|
|
|
this.receptionRef.options.websiteServer.typedserver.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_PushOrGetJwtIdBlocklist>(
|
2024-09-29 13:56:38 +02:00
|
|
|
'pushOrGetJwtIdBlocklist',
|
|
|
|
|
targetConnection
|
|
|
|
|
);
|
|
|
|
|
await pushPublicKeyTr.fire({
|
|
|
|
|
blockedJwtIds: this.blockedJwtIdList
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public async start() {
|
|
|
|
|
this.jwtManagerEasyStore = await this.receptionRef.db.smartdataDb.createEasyStore(
|
|
|
|
|
'jwtManagerEasyStore'
|
|
|
|
|
);
|
|
|
|
|
await this.smartjwtInstance.init();
|
|
|
|
|
let existingKeyPair = await this.jwtManagerEasyStore.readKey('jwtJsonKeypair');
|
|
|
|
|
if (!existingKeyPair) {
|
|
|
|
|
await this.rotateKeyPair();
|
|
|
|
|
}
|
|
|
|
|
existingKeyPair = await this.jwtManagerEasyStore.readKey('jwtJsonKeypair');
|
|
|
|
|
this.smartjwtInstance.setKeyPairAsJson(existingKeyPair);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public async rotateKeyPair() {
|
|
|
|
|
await this.smartjwtInstance.createNewKeyPair();
|
|
|
|
|
await this.jwtManagerEasyStore.writeKey(
|
|
|
|
|
'jwtJsonKeypair',
|
|
|
|
|
this.smartjwtInstance.getKeyPairAsJson()
|
|
|
|
|
);
|
|
|
|
|
await this.pushPublicKeyToClients();
|
|
|
|
|
}
|
|
|
|
|
|
2026-04-20 08:12:07 +00:00
|
|
|
public async verifyJWTAndGetData(jwtArg: string): Promise<Jwt | null> {
|
2024-10-07 10:26:21 +02:00
|
|
|
const jwtData: plugins.idpInterfaces.data.IJwt = await this.smartjwtInstance.verifyJWTAndGetData(jwtArg);
|
2025-12-01 18:07:34 +00:00
|
|
|
const jwt = await this.CJwt.getInstance({
|
2024-09-29 13:56:38 +02:00
|
|
|
id: jwtData.id,
|
|
|
|
|
});
|
2026-04-20 08:12:07 +00:00
|
|
|
if (!jwt) {
|
|
|
|
|
return null;
|
|
|
|
|
}
|
2024-09-29 13:56:38 +02:00
|
|
|
if (jwt.blocked) {
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
if (jwt) {
|
|
|
|
|
const loginSession = await jwt.getLoginSession();
|
2026-04-20 08:12:07 +00:00
|
|
|
if (!loginSession || loginSession.data.invalidated) {
|
2024-09-29 13:56:38 +02:00
|
|
|
await jwt.block();
|
2026-04-20 08:12:07 +00:00
|
|
|
if (!this.blockedJwtIdList.includes(jwt.id)) {
|
|
|
|
|
this.blockedJwtIdList.push(jwt.id);
|
|
|
|
|
}
|
2024-09-29 13:56:38 +02:00
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return jwt;
|
|
|
|
|
}
|
|
|
|
|
}
|
