From 6026037aa8540c72804b28969ef3995c3a0fe8d4 Mon Sep 17 00:00:00 2001
From: Alice Gaudon <alice@gaudon.pro>
Date: Sun, 14 Jun 2020 11:59:02 +0200
Subject: [PATCH] Add support for authenticating user against custom
 request-proof matching

---
 package.json              |  2 +-
 src/auth/AuthComponent.ts | 19 ++++++++++++-------
 src/auth/AuthGuard.ts     | 20 ++++++++++++++++++++
 3 files changed, 33 insertions(+), 8 deletions(-)

diff --git a/package.json b/package.json
index d3742b2..fda519d 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "wms-core",
-  "version": "0.7.0",
+  "version": "0.7.1",
   "description": "Node web framework",
   "repository": "git@gitlab.com:ArisuOngaku/wms-core.git",
   "author": "Alice Gaudon <alice@gaudon.pro>",
diff --git a/src/auth/AuthComponent.ts b/src/auth/AuthComponent.ts
index 1a99e48..a28895e 100644
--- a/src/auth/AuthComponent.ts
+++ b/src/auth/AuthComponent.ts
@@ -26,14 +26,19 @@ export default class AuthComponent extends ApplicationComponent<void> {
 
 
 export const REQUIRE_AUTH_MIDDLEWARE = async (req: Request, res: Response, next: NextFunction): Promise<void> => {
-    if (!await req.authGuard.isAuthenticated(req.session!)) {
-        req.flash('error', `You must be logged in to access ${req.url}.`);
-        res.redirect(Controller.route('auth') || '/');
-        return;
-    }
+    if (await req.authGuard.isAuthenticatedViaRequest(req)) {
+        req.models.user = await req.authGuard.getUserForRequest(req);
+        next();
+    } else {
+        if (!await req.authGuard.isAuthenticated(req.session!)) {
+            req.flash('error', `You must be logged in to access ${req.url}.`);
+            res.redirect(Controller.route('auth') || '/');
+            return;
+        }
 
-    req.models.user = await req.authGuard.getUserForSession(req.session!);
-    next();
+        req.models.user = await req.authGuard.getUserForSession(req.session!);
+        next();
+    }
 };
 export const REQUIRE_GUEST_MIDDLEWARE = async (req: Request, res: Response, next: NextFunction): Promise<void> => {
     if (await req.authGuard.isAuthenticated(req.session!)) {
diff --git a/src/auth/AuthGuard.ts b/src/auth/AuthGuard.ts
index 0cde25a..0d4c327 100644
--- a/src/auth/AuthGuard.ts
+++ b/src/auth/AuthGuard.ts
@@ -3,10 +3,15 @@ import MysqlConnectionManager from "../db/MysqlConnectionManager";
 import User from "./models/User";
 import UserEmail from "./models/UserEmail";
 import {Connection} from "mysql";
+import {Request} from "express";
 
 export default abstract class AuthGuard<P extends AuthProof> {
     public abstract async getProofForSession(session: Express.Session): Promise<P | null>;
 
+    public async getProofForRequest(req: Request): Promise<P | null> {
+        return null;
+    }
+
     public async getUserForSession(session: Express.Session): Promise<User | null> {
         if (!await this.isAuthenticated(session)) return null;
         return await User.getById<User>(`${session.auth_id}`);
@@ -77,6 +82,21 @@ export default abstract class AuthGuard<P extends AuthProof> {
 
         return true;
     }
+
+    public async isAuthenticatedViaRequest(req: Request): Promise<boolean> {
+        const proof = await this.getProofForRequest(req);
+        if (proof && await proof.isValid() && await proof.isAuthorized()) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    public async getUserForRequest(req: Request): Promise<User | null> {
+        const proof = await this.getProofForRequest(req);
+        return proof ? await proof.getUser() : null;
+    }
+
 }
 
 export class AuthError extends Error {