2024-05-28 18:45:34 +02:00
|
|
|
import * as plugins from '../plugins.js';
|
2024-05-30 22:49:39 +02:00
|
|
|
|
|
|
|
import type { Cloudly } from '../classes.cloudly.js';
|
|
|
|
import { logger } from '../logger.js';
|
2024-05-28 18:45:34 +02:00
|
|
|
import { Authorization } from './classes.authorization.js';
|
|
|
|
import { User } from './classes.user.js';
|
|
|
|
|
2024-05-30 22:49:39 +02:00
|
|
|
export interface IJwtData {
|
|
|
|
userId: string;
|
|
|
|
status: 'loggedIn' | 'loggedOut';
|
2024-08-25 14:29:26 +02:00
|
|
|
expiresAt: number;
|
2024-05-30 22:49:39 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
export class CloudlyAuthManager {
|
2024-10-27 19:50:39 +01:00
|
|
|
cloudlyRef: Cloudly;
|
2024-05-28 18:45:34 +02:00
|
|
|
public get db() {
|
|
|
|
return this.cloudlyRef.mongodbConnector.smartdataDb;
|
|
|
|
}
|
|
|
|
public CUser = plugins.smartdata.setDefaultManagerForDoc(this, User);
|
|
|
|
public CAuthorization = plugins.smartdata.setDefaultManagerForDoc(this, Authorization);
|
|
|
|
|
2024-05-30 22:49:39 +02:00
|
|
|
public typedrouter = new plugins.typedrequest.TypedRouter();
|
|
|
|
public smartjwtInstance: plugins.smartjwt.SmartJwt<IJwtData>;
|
|
|
|
|
2024-05-28 18:45:34 +02:00
|
|
|
constructor(cloudlyRef: Cloudly) {
|
|
|
|
this.cloudlyRef = cloudlyRef;
|
2024-05-30 22:49:39 +02:00
|
|
|
this.cloudlyRef.typedrouter.addTypedRouter(this.typedrouter);
|
2024-05-28 18:45:34 +02:00
|
|
|
}
|
2024-05-30 22:49:39 +02:00
|
|
|
|
2024-10-16 14:35:38 +02:00
|
|
|
public async createNewSecureToken() {
|
|
|
|
return plugins.smartunique.uniSimple('secureToken', 64);
|
|
|
|
}
|
|
|
|
|
2024-05-30 22:49:39 +02:00
|
|
|
public async start() {
|
|
|
|
// lets setup the smartjwtInstance
|
|
|
|
this.smartjwtInstance = new plugins.smartjwt.SmartJwt();
|
2024-06-01 05:48:57 +02:00
|
|
|
await this.smartjwtInstance.init();
|
2024-05-30 22:49:39 +02:00
|
|
|
const kvStore = await this.cloudlyRef.config.appData.getKvStore();
|
|
|
|
|
2024-10-27 19:50:39 +01:00
|
|
|
const existingJwtKeys: plugins.tsclass.network.IJwtKeypair = (await kvStore.readKey(
|
|
|
|
'jwtKeypair',
|
|
|
|
)) as plugins.tsclass.network.IJwtKeypair;
|
2024-05-30 22:49:39 +02:00
|
|
|
|
|
|
|
if (!existingJwtKeys) {
|
|
|
|
await this.smartjwtInstance.createNewKeyPair();
|
|
|
|
const newJwtKeys = this.smartjwtInstance.getKeyPairAsJson();
|
2024-08-25 14:29:26 +02:00
|
|
|
await kvStore.writeKey('jwtKeypair', newJwtKeys);
|
2024-05-30 22:49:39 +02:00
|
|
|
} else {
|
|
|
|
this.smartjwtInstance.setKeyPairAsJson(existingJwtKeys);
|
|
|
|
}
|
|
|
|
|
|
|
|
this.typedrouter.addTypedHandler(
|
|
|
|
new plugins.typedrequest.TypedHandler<plugins.servezoneInterfaces.requests.secret.IReq_Admin_LoginWithUsernameAndPassword>(
|
|
|
|
'adminLoginWithUsernameAndPassword',
|
|
|
|
async (dataArg) => {
|
|
|
|
let jwt: string;
|
2024-08-25 14:29:26 +02:00
|
|
|
let expiresAtTimestamp: number = Date.now() + 3600 * 1000 * 24 * 7;
|
2024-05-30 22:49:39 +02:00
|
|
|
const user = await User.findUserByUsernameAndPassword(dataArg.username, dataArg.password);
|
|
|
|
if (!user) {
|
|
|
|
logger.log('warn', 'login failed');
|
2024-10-16 14:35:38 +02:00
|
|
|
throw new plugins.typedrequest.TypedResponseError('login failed');
|
2024-05-30 22:49:39 +02:00
|
|
|
} else {
|
2024-06-01 05:48:57 +02:00
|
|
|
jwt = await this.smartjwtInstance.createJWT({
|
2024-05-30 22:49:39 +02:00
|
|
|
userId: user.id,
|
|
|
|
status: 'loggedIn',
|
2024-08-25 14:29:26 +02:00
|
|
|
expiresAt: expiresAtTimestamp,
|
2024-05-30 22:49:39 +02:00
|
|
|
});
|
|
|
|
logger.log('success', 'login successful');
|
|
|
|
}
|
|
|
|
return {
|
2024-08-25 14:29:26 +02:00
|
|
|
identity: {
|
|
|
|
jwt,
|
|
|
|
userId: user.id,
|
|
|
|
name: user.data.username,
|
|
|
|
expiresAt: expiresAtTimestamp,
|
|
|
|
role: user.data.role,
|
|
|
|
type: user.data.type,
|
|
|
|
},
|
2024-05-30 22:49:39 +02:00
|
|
|
};
|
2024-10-27 19:50:39 +01:00
|
|
|
},
|
|
|
|
),
|
2024-05-30 22:49:39 +02:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2024-10-27 19:50:39 +01:00
|
|
|
public async stop() {}
|
2024-05-30 22:49:39 +02:00
|
|
|
|
2024-10-27 19:50:39 +01:00
|
|
|
public validIdentityGuard = new plugins.smartguard.Guard<{
|
|
|
|
identity: plugins.servezoneInterfaces.data.IIdentity;
|
|
|
|
}>(
|
|
|
|
async (dataArg) => {
|
|
|
|
const jwt = dataArg.identity.jwt;
|
|
|
|
const jwtData: IJwtData = await this.smartjwtInstance.verifyJWTAndGetData(jwt);
|
|
|
|
const expired = jwtData.expiresAt < Date.now();
|
|
|
|
plugins.smartexpect
|
|
|
|
.expect(jwtData.status)
|
|
|
|
.setFailMessage('user not logged in')
|
|
|
|
.toEqual('loggedIn');
|
|
|
|
plugins.smartexpect.expect(expired).setFailMessage(`jwt expired`).toBeFalse();
|
|
|
|
plugins.smartexpect
|
|
|
|
.expect(dataArg.identity.expiresAt)
|
|
|
|
.setFailMessage(
|
|
|
|
`expiresAt >>identity valid until:${dataArg.identity.expiresAt}, but jwt says: ${jwtData.expiresAt}<< has been tampered with`,
|
|
|
|
)
|
|
|
|
.toEqual(jwtData.expiresAt);
|
|
|
|
plugins.smartexpect
|
|
|
|
.expect(dataArg.identity.userId)
|
|
|
|
.setFailMessage('userId has been tampered with')
|
|
|
|
.toEqual(jwtData.userId);
|
|
|
|
if (expired) {
|
|
|
|
throw new Error('identity is expired');
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
},
|
|
|
|
{
|
|
|
|
failedHint: 'identity is not valid.',
|
|
|
|
name: 'validIdentityGuard',
|
|
|
|
},
|
|
|
|
);
|
2024-08-25 14:29:26 +02:00
|
|
|
|
2024-10-27 19:50:39 +01:00
|
|
|
public adminIdentityGuard = new plugins.smartguard.Guard<{
|
|
|
|
identity: plugins.servezoneInterfaces.data.IIdentity;
|
|
|
|
}>(
|
|
|
|
async (dataArg) => {
|
|
|
|
await plugins.smartguard.passGuardsOrReject(dataArg, [this.validIdentityGuard]);
|
|
|
|
const jwt = dataArg.identity.jwt;
|
|
|
|
const jwtData: IJwtData = await this.smartjwtInstance.verifyJWTAndGetData(jwt);
|
|
|
|
const user = await this.CUser.getInstance({ id: jwtData.userId });
|
|
|
|
const isAdminBool = user.data.role === 'admin';
|
|
|
|
console.log(`user is admin: ${isAdminBool}`);
|
|
|
|
return isAdminBool;
|
|
|
|
},
|
|
|
|
{
|
|
|
|
failedHint: 'user is not admin.',
|
|
|
|
name: 'adminIdentityGuard',
|
|
|
|
},
|
|
|
|
);
|
|
|
|
}
|