swaf/src/auth/AuthComponent.ts

137 lines
4.1 KiB
TypeScript
Raw Normal View History

2020-04-24 12:12:27 +02:00
import ApplicationComponent from "../ApplicationComponent";
import {NextFunction, Request, Response} from "express";
2020-04-24 12:12:27 +02:00
import AuthGuard from "./AuthGuard";
import Controller from "../Controller";
import {ForbiddenHttpError} from "../HttpError";
import Middleware from "../Middleware";
import User from "./models/User";
import Application from "../Application";
import AuthMethod from "./AuthMethod";
import AuthProof from "./AuthProof";
2020-04-24 12:12:27 +02:00
export default class AuthComponent extends ApplicationComponent {
private readonly authGuard: AuthGuard;
2020-04-24 12:12:27 +02:00
public constructor(app: Application, ...authMethods: AuthMethod<AuthProof<User>>[]) {
2020-04-24 12:12:27 +02:00
super();
this.authGuard = new AuthGuard(app, ...authMethods);
2020-04-24 12:12:27 +02:00
}
public async init(): Promise<void> {
this.use(AuthMiddleware);
2020-04-24 12:12:27 +02:00
}
2020-09-23 08:46:37 +02:00
public getAuthGuard(): AuthGuard {
2020-09-23 08:46:37 +02:00
return this.authGuard;
}
2020-04-24 12:12:27 +02:00
}
export class AuthMiddleware extends Middleware {
private authGuard?: AuthGuard;
private user: User | null = null;
2020-06-16 11:12:58 +02:00
protected async handle(req: Request, res: Response, next: NextFunction): Promise<void> {
this.authGuard = this.app.as(AuthComponent).getAuthGuard();
const proofs = await this.authGuard.getProofsForSession(req.getSession());
if (proofs.length > 0) {
this.user = await proofs[0].getResource();
res.locals.user = this.user;
}
2020-04-24 12:12:27 +02:00
next();
}
public getUser(): User | null {
return this.user;
2020-04-24 12:12:27 +02:00
}
public getAuthGuard(): AuthGuard {
if (!this.authGuard) throw new Error('AuthGuard was not initialized.');
return this.authGuard;
2020-04-24 12:12:27 +02:00
}
}
export class RequireRequestAuthMiddleware extends Middleware {
private user?: User;
protected async handle(req: Request, res: Response, next: NextFunction): Promise<void> {
const proofs = await req.as(AuthMiddleware).getAuthGuard().getProofsForRequest(req);
const user = await proofs[0]?.getResource();
if (user) {
this.user = user;
next();
return;
}
2020-04-24 12:12:27 +02:00
req.flash('error', `You must be logged in to access ${req.url}.`);
res.redirect(Controller.route('auth', undefined, {
redirect_uri: req.url,
}));
}
public getUser(): User {
if (!this.user) throw new Error('user not initialized.');
return this.user;
2020-04-24 12:12:27 +02:00
}
}
export class RequireAuthMiddleware extends Middleware {
private user?: User;
protected async handle(req: Request, res: Response, next: NextFunction): Promise<void> {
const authGuard = req.as(AuthMiddleware).getAuthGuard();
// Via request
let proofs = await authGuard.getProofsForRequest(req);
let user = await proofs[0]?.getResource();
if (user) {
this.user = user;
next();
return;
}
// Via session
proofs = await authGuard.getProofsForSession(req.getSession());
user = await proofs[0]?.getResource();
if (user) {
this.user = user;
next();
return;
}
2020-04-24 12:12:27 +02:00
req.flash('error', `You must be logged in to access ${req.url}.`);
res.redirect(Controller.route('auth', undefined, {
redirect_uri: req.url,
}));
}
public getUser(): User {
if (!this.user) throw new Error('user not initialized.');
return this.user;
}
}
export class RequireGuestMiddleware extends Middleware {
protected async handle(req: Request, res: Response, next: NextFunction): Promise<void> {
const proofs = await req.as(AuthMiddleware).getAuthGuard().getProofsForSession(req.getSession());
if (proofs.length > 0) {
res.redirectBack();
return;
}
next();
}
}
export class RequireAdminMiddleware extends Middleware {
protected async handle(req: Request, res: Response, next: NextFunction): Promise<void> {
const user = req.as(AuthMiddleware).getUser();
if (!user || !user.is_admin) {
throw new ForbiddenHttpError('secret tool', req.url);
}
next();
}
}