partey_workadventure/pusher/src/Services/JWTTokenManager.ts

112 lines
4.4 KiB
TypeScript
Raw Normal View History

2021-06-24 10:09:10 +02:00
import { ADMIN_API_URL, ALLOW_ARTILLERY, SECRET_KEY } from "../Enum/EnvironmentVariable";
import { uuid } from "uuidv4";
import Jwt from "jsonwebtoken";
2021-06-24 10:09:10 +02:00
import { TokenInterface } from "../Controller/AuthenticateController";
import { adminApi, AdminBannedData } from "../Services/AdminApi";
class JWTTokenManager {
public createJWTToken(userUuid: string) {
2021-06-24 10:09:10 +02:00
return Jwt.sign({ userUuid: userUuid }, SECRET_KEY, { expiresIn: "200d" }); //todo: add a mechanic to refresh or recreate token
}
2021-01-16 20:14:21 +01:00
public async getUserUuidFromToken(token: unknown, ipAddress?: string, room?: string): Promise<string> {
if (!token) {
2021-06-24 10:09:10 +02:00
throw new Error("An authentication error happened, a user tried to connect without a token.");
}
2021-06-24 10:09:10 +02:00
if (typeof token !== "string") {
throw new Error("Token is expected to be a string");
}
2021-06-24 10:09:10 +02:00
if (token === "test") {
if (ALLOW_ARTILLERY) {
return uuid();
} else {
2021-06-24 10:09:10 +02:00
throw new Error(
"In order to perform a load-testing test on this environment, you must set the ALLOW_ARTILLERY environment variable to 'true'"
);
}
}
return new Promise<string>((resolve, reject) => {
2021-06-24 10:09:10 +02:00
Jwt.verify(token, SECRET_KEY, {}, (err, tokenDecoded) => {
const tokenInterface = tokenDecoded as TokenInterface;
if (err) {
2021-06-24 10:09:10 +02:00
console.error("An authentication error happened, invalid JsonWebToken.", err);
reject(new Error("An authentication error happened, invalid JsonWebToken. " + err.message));
return;
}
if (tokenDecoded === undefined) {
2021-06-24 10:09:10 +02:00
console.error("Empty token found.");
reject(new Error("Empty token found."));
return;
}
//verify token
if (!this.isValidToken(tokenInterface)) {
2021-06-24 10:09:10 +02:00
reject(new Error("Authentication error, invalid token structure."));
return;
}
if (ADMIN_API_URL) {
//verify user in admin
2021-01-16 20:14:21 +01:00
let promise = new Promise((resolve) => resolve());
2021-06-24 10:09:10 +02:00
if (ipAddress && room) {
2021-01-16 20:14:21 +01:00
promise = this.verifyBanUser(tokenInterface.userUuid, ipAddress, room);
}
2021-06-24 10:09:10 +02:00
promise
.then(() => {
adminApi
.fetchCheckUserByToken(tokenInterface.userUuid)
.then(() => {
resolve(tokenInterface.userUuid);
})
.catch((err) => {
//anonymous user
if (err.response && err.response.status && err.response.status === 404) {
resolve(tokenInterface.userUuid);
return;
}
reject(err);
});
})
.catch((err) => {
2021-01-16 20:14:21 +01:00
reject(err);
});
} else {
resolve(tokenInterface.userUuid);
}
});
});
}
2021-01-16 20:14:21 +01:00
private verifyBanUser(userUuid: string, ipAddress: string, room: string): Promise<AdminBannedData> {
2021-06-24 10:09:10 +02:00
const parts = room.split("/");
if (parts.length < 3 || parts[0] !== "@") {
return Promise.resolve({
is_banned: false,
2021-06-24 10:09:10 +02:00
message: "",
});
}
const organization = parts[1];
const world = parts[2];
2021-06-24 10:09:10 +02:00
return adminApi
.verifyBanUser(userUuid, ipAddress, organization, world)
.then((data: AdminBannedData) => {
if (data && data.is_banned) {
throw new Error("User was banned");
}
return data;
})
.catch((err) => {
throw err;
});
2021-01-15 03:19:58 +01:00
}
private isValidToken(token: object): token is TokenInterface {
2021-06-24 10:09:10 +02:00
return !(typeof (token as TokenInterface).userUuid !== "string");
}
}
export const jwtTokenManager = new JWTTokenManager();