swaf/src/auth/AuthComponent.ts

import {NextFunction, Request, Response} from "express";

import Application from "../Application.js";
import ApplicationComponent from "../ApplicationComponent.js";
import {route} from "../common/Routing.js";
import {ForbiddenHttpError} from "../HttpError.js";
import Middleware from "../Middleware.js";
import AuthGuard from "./AuthGuard.js";
import AuthMethod from "./AuthMethod.js";
import AuthProof from "./AuthProof.js";
import User from "./models/User.js";

export default class AuthComponent extends ApplicationComponent {
    private readonly authGuard: AuthGuard;

    public constructor(app: Application, ...authMethods: AuthMethod<AuthProof<User>>[]) {
        super();
        this.authGuard = new AuthGuard(app, ...authMethods);
    }

    public async initRoutes(): Promise<void> {
        this.use(AuthMiddleware);
    }

    public getAuthGuard(): AuthGuard {
        return this.authGuard;
    }
}

export class AuthMiddleware extends Middleware {
    private authGuard?: AuthGuard;
    private user: User | null = null;

    protected async handle(req: Request, res: Response, next: NextFunction): Promise<void> {
        this.authGuard = this.app.as(AuthComponent).getAuthGuard();

        const proofs = await this.authGuard.getProofsForSession(req.getSession());
        if (proofs.length > 0) {
            this.user = await proofs[0].getResource();
            res.locals.user = this.user;
        }

        next();
    }

    public getUser(): User | null {
        return this.user;
    }

    public getAuthGuard(): AuthGuard {
        if (!this.authGuard) throw new Error('AuthGuard was not initialized.');
        return this.authGuard;
    }
}

export class RequireRequestAuthMiddleware extends Middleware {
    private user?: User;

    protected async handle(req: Request, res: Response, next: NextFunction): Promise<void> {
        const proofs = await req.as(AuthMiddleware).getAuthGuard().getProofsForRequest(req);
        const user = await proofs[0]?.getResource();
        if (user) {
            this.user = user;
            next();
            return;
        }

        req.flash('error', `You must be logged in to access ${req.url}.`);
        res.redirect(route('auth', undefined, {
            redirect_uri: req.url,
        }));
    }

    public getUser(): User {
        if (!this.user) throw new Error('user not initialized.');
        return this.user;
    }
}

export class RequireAuthMiddleware extends Middleware {
    private user?: User;

    protected async handle(req: Request, res: Response, next: NextFunction): Promise<void> {
        const authGuard = req.as(AuthMiddleware).getAuthGuard();
        // Via request

        let proofs = await authGuard.getProofsForRequest(req);
        let user = await proofs[0]?.getResource();
        if (user) {
            this.user = user;
            next();
            return;
        }

        // Via session
        proofs = await authGuard.getProofsForSession(req.getSession());
        user = await proofs[0]?.getResource();
        if (user) {
            this.user = user;
            next();
            return;
        }

        req.flash('error', `You must be logged in to access ${req.url}.`);
        res.redirect(route('auth', undefined, {
            redirect_uri: req.url,
        }));
    }

    public getUser(): User {
        if (!this.user) throw new Error('user not initialized.');
        return this.user;
    }
}

export class RequireGuestMiddleware extends Middleware {
    protected async handle(req: Request, res: Response, next: NextFunction): Promise<void> {
        const proofs = await req.as(AuthMiddleware).getAuthGuard().getProofsForSession(req.getSession());
        if (proofs.length > 0) {
            res.redirect(route('home'));
            return;
        }

        next();
    }
}

export class RequireAdminMiddleware extends Middleware {
    protected async handle(req: Request, res: Response, next: NextFunction): Promise<void> {
        const user = req.as(AuthMiddleware).getUser();
        if (!user || !user.is_admin) {
            throw new ForbiddenHttpError('secret tool', req.url);
        }

        next();
    }
}
Improve middleware definition and cleanup code 2020-09-25 22:03:22 +02:00			`import {NextFunction, Request, Response} from "express";`
Switch to esm and add import auto format 2021-05-03 19:29:22 +02:00
			`import Application from "../Application.js";`
			`import ApplicationComponent from "../ApplicationComponent.js";`
Move route building to common subproject, fix Time export 2021-06-01 14:34:04 +02:00			`import {route} from "../common/Routing.js";`
Switch to esm and add import auto format 2021-05-03 19:29:22 +02:00			`import {ForbiddenHttpError} from "../HttpError.js";`
			`import Middleware from "../Middleware.js";`
			`import AuthGuard from "./AuthGuard.js";`
			`import AuthMethod from "./AuthMethod.js";`
			`import AuthProof from "./AuthProof.js";`
			`import User from "./models/User.js";`
Add auth utils parts 2020-04-24 12:12:27 +02:00
Improve middleware definition and cleanup code 2020-09-25 22:03:22 +02:00			`export default class AuthComponent extends ApplicationComponent {`
Auth: refactor to support multiple auth factors and add password factor 2020-11-11 19:08:33 +01:00			`private readonly authGuard: AuthGuard;`
Add auth utils parts 2020-04-24 12:12:27 +02:00
Auth: refactor to support multiple auth factors and add password factor 2020-11-11 19:08:33 +01:00			`public constructor(app: Application, ...authMethods: AuthMethod<AuthProof<User>>[]) {`
Add auth utils parts 2020-04-24 12:12:27 +02:00			`super();`
Auth: refactor to support multiple auth factors and add password factor 2020-11-11 19:08:33 +01:00			`this.authGuard = new AuthGuard(app, ...authMethods);`
Add auth utils parts 2020-04-24 12:12:27 +02:00			`}`

Add ApplicationComponent init lifecycle step and unstatic globals This renames ApplicationComponent (previous) init to initRoutes and handle to handleRoutes 2021-05-13 16:03:59 +02:00			`public async initRoutes(): Promise<void> {`
Improve middleware definition and cleanup code 2020-09-25 22:03:22 +02:00			`this.use(AuthMiddleware);`
Add auth utils parts 2020-04-24 12:12:27 +02:00			`}`
Add AuthComponent.getAuthGuard() 2020-09-23 08:46:37 +02:00
Auth: refactor to support multiple auth factors and add password factor 2020-11-11 19:08:33 +01:00			`public getAuthGuard(): AuthGuard {`
Add AuthComponent.getAuthGuard() 2020-09-23 08:46:37 +02:00			`return this.authGuard;`
			`}`
Add auth utils parts 2020-04-24 12:12:27 +02:00			`}`

Improve middleware definition and cleanup code 2020-09-25 22:03:22 +02:00			`export class AuthMiddleware extends Middleware {`
Auth: refactor to support multiple auth factors and add password factor 2020-11-11 19:08:33 +01:00			`private authGuard?: AuthGuard;`
Improve middleware definition and cleanup code 2020-09-25 22:03:22 +02:00			`private user: User \| null = null;`
Add optional user approval mode 2020-06-16 11:12:58 +02:00
Improve middleware definition and cleanup code 2020-09-25 22:03:22 +02:00			`protected async handle(req: Request, res: Response, next: NextFunction): Promise<void> {`
			`this.authGuard = this.app.as(AuthComponent).getAuthGuard();`

Auth: refactor to support multiple auth factors and add password factor 2020-11-11 19:08:33 +01:00			`const proofs = await this.authGuard.getProofsForSession(req.getSession());`
			`if (proofs.length > 0) {`
			`this.user = await proofs[0].getResource();`
Improve middleware definition and cleanup code 2020-09-25 22:03:22 +02:00			`res.locals.user = this.user;`
			`}`
Add auth utils parts 2020-04-24 12:12:27 +02:00
Add support for authenticating user against custom request-proof matching 2020-06-14 11:59:02 +02:00			`next();`
Reduce the amount of SQL requests made for authentication 2020-07-28 11:47:20 +02:00			`}`
Add support for authenticating user against custom request-proof matching 2020-06-14 11:59:02 +02:00
Improve middleware definition and cleanup code 2020-09-25 22:03:22 +02:00			`public getUser(): User \| null {`
			`return this.user;`
Add auth utils parts 2020-04-24 12:12:27 +02:00			`}`
Reduce the amount of SQL requests made for authentication 2020-07-28 11:47:20 +02:00
Auth: refactor to support multiple auth factors and add password factor 2020-11-11 19:08:33 +01:00			`public getAuthGuard(): AuthGuard {`
Improve middleware definition and cleanup code 2020-09-25 22:03:22 +02:00			`if (!this.authGuard) throw new Error('AuthGuard was not initialized.');`
			`return this.authGuard;`
Add auth utils parts 2020-04-24 12:12:27 +02:00			`}`
Improve middleware definition and cleanup code 2020-09-25 22:03:22 +02:00			`}`

			`export class RequireRequestAuthMiddleware extends Middleware {`
Add user model to RequireAuth middlewares 2020-10-01 13:59:19 +02:00			`private user?: User;`

Improve middleware definition and cleanup code 2020-09-25 22:03:22 +02:00			`protected async handle(req: Request, res: Response, next: NextFunction): Promise<void> {`
Auth: refactor to support multiple auth factors and add password factor 2020-11-11 19:08:33 +01:00			`const proofs = await req.as(AuthMiddleware).getAuthGuard().getProofsForRequest(req);`
			`const user = await proofs[0]?.getResource();`
Add user model to RequireAuth middlewares 2020-10-01 13:59:19 +02:00			`if (user) {`
			`this.user = user;`
			`next();`
Improve middleware definition and cleanup code 2020-09-25 22:03:22 +02:00			`return;`
			`}`
Add auth utils parts 2020-04-24 12:12:27 +02:00
Add user model to RequireAuth middlewares 2020-10-01 13:59:19 +02:00			req.flash('error', `You must be logged in to access ${req.url}.`);
Move route building to common subproject, fix Time export 2021-06-01 14:34:04 +02:00			`res.redirect(route('auth', undefined, {`
Add user model to RequireAuth middlewares 2020-10-01 13:59:19 +02:00			`redirect_uri: req.url,`
			`}));`
			`}`

			`public getUser(): User {`
			`if (!this.user) throw new Error('user not initialized.');`
			`return this.user;`
Add auth utils parts 2020-04-24 12:12:27 +02:00			`}`
Improve middleware definition and cleanup code 2020-09-25 22:03:22 +02:00			`}`

			`export class RequireAuthMiddleware extends Middleware {`
Add user model to RequireAuth middlewares 2020-10-01 13:59:19 +02:00			`private user?: User;`

Improve middleware definition and cleanup code 2020-09-25 22:03:22 +02:00			`protected async handle(req: Request, res: Response, next: NextFunction): Promise<void> {`
			`const authGuard = req.as(AuthMiddleware).getAuthGuard();`
			`// Via request`

Auth: refactor to support multiple auth factors and add password factor 2020-11-11 19:08:33 +01:00			`let proofs = await authGuard.getProofsForRequest(req);`
			`let user = await proofs[0]?.getResource();`
Add user model to RequireAuth middlewares 2020-10-01 13:59:19 +02:00			`if (user) {`
			`this.user = user;`
Improve middleware definition and cleanup code 2020-09-25 22:03:22 +02:00			`next();`
			`return;`
			`}`

			`// Via session`
Auth: refactor to support multiple auth factors and add password factor 2020-11-11 19:08:33 +01:00			`proofs = await authGuard.getProofsForSession(req.getSession());`
			`user = await proofs[0]?.getResource();`
Add user model to RequireAuth middlewares 2020-10-01 13:59:19 +02:00			`if (user) {`
			`this.user = user;`
			`next();`
Improve middleware definition and cleanup code 2020-09-25 22:03:22 +02:00			`return;`
			`}`
Add auth utils parts 2020-04-24 12:12:27 +02:00
Add user model to RequireAuth middlewares 2020-10-01 13:59:19 +02:00			req.flash('error', `You must be logged in to access ${req.url}.`);
Move route building to common subproject, fix Time export 2021-06-01 14:34:04 +02:00			`res.redirect(route('auth', undefined, {`
Add user model to RequireAuth middlewares 2020-10-01 13:59:19 +02:00			`redirect_uri: req.url,`
			`}));`
			`}`

			`public getUser(): User {`
			`if (!this.user) throw new Error('user not initialized.');`
			`return this.user;`
Improve middleware definition and cleanup code 2020-09-25 22:03:22 +02:00			`}`
			`}`

			`export class RequireGuestMiddleware extends Middleware {`
			`protected async handle(req: Request, res: Response, next: NextFunction): Promise<void> {`
Auth: refactor to support multiple auth factors and add password factor 2020-11-11 19:08:33 +01:00			`const proofs = await req.as(AuthMiddleware).getAuthGuard().getProofsForSession(req.getSession());`
			`if (proofs.length > 0) {`
Move route building to common subproject, fix Time export 2021-06-01 14:34:04 +02:00			`res.redirect(route('home'));`
Improve middleware definition and cleanup code 2020-09-25 22:03:22 +02:00			`return;`
			`}`

			`next();`
			`}`
			`}`

			`export class RequireAdminMiddleware extends Middleware {`
			`protected async handle(req: Request, res: Response, next: NextFunction): Promise<void> {`
			`const user = req.as(AuthMiddleware).getUser();`
			`if (!user \|\| !user.is_admin) {`
			`throw new ForbiddenHttpError('secret tool', req.url);`
			`}`

			`next();`
			`}`
			`}`