Gitiles
Code Review Sign In
review.jami.net / jami-web / 8a381dab490eb6e60bbcd4085d4a10578f1f8631 / . / server / src / middleware / auth.ts
blob: 715db0a5cd2868a0ab8425c1f4815fc10f59cde9 [file] [log] [blame]
Misha Krieger-Raynauld242560f2022-10-16 19:59:58 -0400[diff] [blame]1/*
2 * Copyright (C) 2022 Savoir-faire Linux Inc.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU Affero General Public License as
6 * published by the Free Software Foundation; either version 3 of the
7 * License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU Affero General Public License for more details.
13 *
14 * You should have received a copy of the GNU Affero General Public
15 * License along with this program. If not, see
16 * <https://www.gnu.org/licenses/>.
17 */
18import { NextFunction, Request, Response } from 'express';
Misha Krieger-Raynauld2f5d1ce2022-10-23 21:13:33 -0400[diff] [blame]19import { HttpStatusCode } from 'jami-web-common';
Misha Krieger-Raynauld242560f2022-10-16 19:59:58 -0400[diff] [blame]20import { jwtVerify } from 'jose';
21import { Container } from 'typedi';
22
Misha Krieger-Raynauld242560f2022-10-16 19:59:58 -0400[diff] [blame]23import { Vault } from '../vault.js';
24
Misha Krieger-Raynauld6f9c7ae2022-10-28 11:41:45 -0400[diff] [blame]25function createAuthenticationMiddleware(isAuthenticationRequired: boolean) {
26 return async (req: Request, res: Response, next: NextFunction) => {
27 const publicKey = Container.get(Vault).publicKey;
Misha Krieger-Raynauld242560f2022-10-16 19:59:58 -0400[diff] [blame]28
Misha Krieger-Raynauld6f9c7ae2022-10-28 11:41:45 -0400[diff] [blame]29 const authorizationHeader = req.headers.authorization;
30 if (!authorizationHeader) {
31 if (isAuthenticationRequired) {
32 res.status(HttpStatusCode.Unauthorized).send('Missing Authorization header');
33 } else {
34 // Skip authentication if it is optional, in which case the Authorization header should not have been set
35 res.locals.accountId = undefined;
36 next();
37 }
38 return;
39 }
Misha Krieger-Raynauld242560f2022-10-16 19:59:58 -0400[diff] [blame]40
Misha Krieger-Raynauld6f9c7ae2022-10-28 11:41:45 -0400[diff] [blame]41 const token = authorizationHeader.split(' ')[1];
42 if (token === undefined) {
43 res.status(HttpStatusCode.BadRequest).send('Missing JSON web token');
44 return;
45 }
Misha Krieger-Raynauld242560f2022-10-16 19:59:58 -0400[diff] [blame]46
Misha Krieger-Raynauld6f9c7ae2022-10-28 11:41:45 -0400[diff] [blame]47 try {
48 const { payload } = await jwtVerify(token, publicKey, {
49 issuer: 'urn:example:issuer',
50 audience: 'urn:example:audience',
51 });
Misha Krieger-Raynauld8a381da2022-11-03 17:37:51 -0400[diff] [blame^]52 res.locals.accountId = payload.id;
Misha Krieger-Raynauld6f9c7ae2022-10-28 11:41:45 -0400[diff] [blame]53 next();
Misha Krieger-Raynauld8a381da2022-11-03 17:37:51 -0400[diff] [blame^]54 } catch (e) {
Misha Krieger-Raynauld6f9c7ae2022-10-28 11:41:45 -0400[diff] [blame]55 res.sendStatus(HttpStatusCode.Unauthorized);
56 }
57 };
Misha Krieger-Raynauld242560f2022-10-16 19:59:58 -0400[diff] [blame]58}
Misha Krieger-Raynauld6f9c7ae2022-10-28 11:41:45 -0400[diff] [blame]59
60export const authenticateToken = createAuthenticationMiddleware(true);
61
62export const authenticateOptionalToken = createAuthenticationMiddleware(false);