swaf/src/auth/AuthGuard.ts

import AuthProof from "./AuthProof";
import MysqlConnectionManager from "../db/MysqlConnectionManager";
import User from "./models/User";
import UserEmail from "./models/UserEmail";
import {Connection} from "mysql";

export default abstract class AuthGuard<P extends AuthProof> {
    public abstract async getProofForSession(session: Express.Session): Promise<P | null>;

    public async getUserForSession(session: Express.Session): Promise<User | null> {
        if (!await this.isAuthenticated(session)) return null;
        return await User.getById<User>(`${session.auth_id}`);
    }

    public async authenticateOrRegister(session: Express.Session, proof: P, registerCallback?: (connection: Connection, userID: number) => Promise<(() => Promise<void>)[]>): Promise<void> {
        if (!await proof.isAuthorized()) {
            throw new AuthError('Invalid argument: cannot authenticate with an unauthorized proof.');
        }

        let user = await proof.getUser();
        if (!user) { // Register
            const callbacks: (() => Promise<void>)[] = [];

            await MysqlConnectionManager.wrapTransaction(async connection => {
                const email = await proof.getEmail();
                user = new User({
                    name: email.split('@')[0],
                });
                await user.save(connection, c => callbacks.push(c));

                const userEmail = new UserEmail({
                    user_id: user.id,
                    email: email,
                    main: true,
                });
                await userEmail.save(connection, c => callbacks.push(c));
                if (registerCallback) {
                    (await registerCallback(connection, user.id!)).forEach(c => callbacks.push(c));
                }
            });

            for (const callback of callbacks) {
                await callback();
            }

            if (!user) {
                throw new Error('Unable to register user.');
            }
        } else if (registerCallback) {
            throw new UserAlreadyExistsAuthError(await proof.getEmail());
        }

        session.auth_id = user.id;
    }

    public async isAuthenticated(session: Express.Session): Promise<boolean> {
        return await this.checkCurrentSessionProofValidity(session);
    }

    public async logout(session: Express.Session): Promise<void> {
        const proof = await this.getProofForSession(session);
        if (proof) {
            await proof.revoke(session);
        }
        session.auth_id = undefined;
    }

    private async checkCurrentSessionProofValidity(session: Express.Session): Promise<boolean> {
        if (typeof session.auth_id !== 'number') return false;

        const proof = await this.getProofForSession(session);

        if (!proof || !await proof.isValid() || !await proof.isAuthorized() || !await proof.isOwnedBy(session.auth_id)) {
            await this.logout(session);
            return false;
        }

        return true;
    }
}

export class AuthError extends Error {
    constructor(message: string) {
        super(message);
    }
}

export class UserAlreadyExistsAuthError extends AuthError {
    public readonly email: string;

    constructor(userEmail: string) {
        super(`User with email ${userEmail} already exists.`);
        this.email = userEmail;
    }
}
Add auth utils parts 2020-04-24 12:12:27 +02:00			`import AuthProof from "./AuthProof";`
			`import MysqlConnectionManager from "../db/MysqlConnectionManager";`
			`import User from "./models/User";`
			`import UserEmail from "./models/UserEmail";`
Pass session to auth methods 2020-04-25 09:35:49 +02:00			`import {Connection} from "mysql";`
Add auth utils parts 2020-04-24 12:12:27 +02:00
			`export default abstract class AuthGuard<P extends AuthProof> {`
Pass session to auth methods 2020-04-25 09:35:49 +02:00			`public abstract async getProofForSession(session: Express.Session): Promise<P \| null>;`
Add auth utils parts 2020-04-24 12:12:27 +02:00
			`public async getUserForSession(session: Express.Session): Promise<User \| null> {`
			`if (!await this.isAuthenticated(session)) return null;`
Make model primaryKey dynamic (allows for composite primary keys) 2020-06-04 14:59:23 +02:00			return await User.getById<User>(`${session.auth_id}`);
Add auth utils parts 2020-04-24 12:12:27 +02:00			`}`

Add register callback to optionally save more models 2020-04-25 09:36:20 +02:00			`public async authenticateOrRegister(session: Express.Session, proof: P, registerCallback?: (connection: Connection, userID: number) => Promise<(() => Promise<void>)[]>): Promise<void> {`
Add auth utils parts 2020-04-24 12:12:27 +02:00			`if (!await proof.isAuthorized()) {`
			`throw new AuthError('Invalid argument: cannot authenticate with an unauthorized proof.');`
			`}`

			`let user = await proof.getUser();`
			`if (!user) { // Register`
			`const callbacks: (() => Promise<void>)[] = [];`

			`await MysqlConnectionManager.wrapTransaction(async connection => {`
			`const email = await proof.getEmail();`
			`user = new User({`
			`name: email.split('@')[0],`
			`});`
			`await user.save(connection, c => callbacks.push(c));`

			`const userEmail = new UserEmail({`
			`user_id: user.id,`
			`email: email,`
			`main: true,`
			`});`
			`await userEmail.save(connection, c => callbacks.push(c));`
Add register callback to optionally save more models 2020-04-25 09:36:20 +02:00			`if (registerCallback) {`
			`(await registerCallback(connection, user.id!)).forEach(c => callbacks.push(c));`
			`}`
Add auth utils parts 2020-04-24 12:12:27 +02:00			`});`

			`for (const callback of callbacks) {`
			`await callback();`
			`}`

			`if (!user) {`
			`throw new Error('Unable to register user.');`
			`}`
Add register callback to optionally save more models 2020-04-25 09:36:20 +02:00			`} else if (registerCallback) {`
Improve verbosity of auth error 2020-04-25 16:08:20 +02:00			`throw new UserAlreadyExistsAuthError(await proof.getEmail());`
Add auth utils parts 2020-04-24 12:12:27 +02:00			`}`

			`session.auth_id = user.id;`
			`}`

			`public async isAuthenticated(session: Express.Session): Promise<boolean> {`
			`return await this.checkCurrentSessionProofValidity(session);`
			`}`

			`public async logout(session: Express.Session): Promise<void> {`
Pass session to auth methods 2020-04-25 09:35:49 +02:00			`const proof = await this.getProofForSession(session);`
Add auth utils parts 2020-04-24 12:12:27 +02:00			`if (proof) {`
Pass session to auth methods 2020-04-25 09:35:49 +02:00			`await proof.revoke(session);`
Add auth utils parts 2020-04-24 12:12:27 +02:00			`}`
			`session.auth_id = undefined;`
			`}`

			`private async checkCurrentSessionProofValidity(session: Express.Session): Promise<boolean> {`
			`if (typeof session.auth_id !== 'number') return false;`

Pass session to auth methods 2020-04-25 09:35:49 +02:00			`const proof = await this.getProofForSession(session);`
Add auth utils parts 2020-04-24 12:12:27 +02:00
			`if (!proof \|\| !await proof.isValid() \|\| !await proof.isAuthorized() \|\| !await proof.isOwnedBy(session.auth_id)) {`
			`await this.logout(session);`
			`return false;`
			`}`

			`return true;`
			`}`
			`}`

			`export class AuthError extends Error {`
			`constructor(message: string) {`
			`super(message);`
			`}`
Improve verbosity of auth error 2020-04-25 16:08:20 +02:00			`}`

			`export class UserAlreadyExistsAuthError extends AuthError {`
			`public readonly email: string;`

			`constructor(userEmail: string) {`
			super(`User with email ${userEmail} already exists.`);
			`this.email = userEmail;`
			`}`
Add auth utils parts 2020-04-24 12:12:27 +02:00			`}`