Gitiles
Code Review Sign In
review.jami.net / jami-web / b933fbb75d802704301a4e4228f89b50ddfef71f / . / server / src / middleware / auth.ts
blob: 7bbd20c28209627153b5d4472cfa014cec1b773c [file] [log] [blame]
Misha Krieger-Raynauld242560f2022-10-16 19:59:58 -0400[diff] [blame]1/*
2 * Copyright (C) 2022 Savoir-faire Linux Inc.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU Affero General Public License as
6 * published by the Free Software Foundation; either version 3 of the
7 * License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU Affero General Public License for more details.
13 *
14 * You should have received a copy of the GNU Affero General Public
15 * License along with this program. If not, see
16 * <https://www.gnu.org/licenses/>.
17 */
18import { NextFunction, Request, Response } from 'express';
Misha Krieger-Raynauld2f5d1ce2022-10-23 21:13:33 -0400[diff] [blame]19import { HttpStatusCode } from 'jami-web-common';
Misha Krieger-Raynauld242560f2022-10-16 19:59:58 -0400[diff] [blame]20
Misha Krieger-Raynauldb933fbb2022-11-15 15:11:09 -0500[diff] [blame^]21import { verifyJwt } from '../utils/jwt.js';
Misha Krieger-Raynauld242560f2022-10-16 19:59:58 -0400[diff] [blame]22
Misha Krieger-Raynauld6f9c7ae2022-10-28 11:41:45 -0400[diff] [blame]23function createAuthenticationMiddleware(isAuthenticationRequired: boolean) {
24 return async (req: Request, res: Response, next: NextFunction) => {
Misha Krieger-Raynauld6f9c7ae2022-10-28 11:41:45 -0400[diff] [blame]25 const authorizationHeader = req.headers.authorization;
26 if (!authorizationHeader) {
27 if (isAuthenticationRequired) {
28 res.status(HttpStatusCode.Unauthorized).send('Missing Authorization header');
29 } else {
30 // Skip authentication if it is optional, in which case the Authorization header should not have been set
31 res.locals.accountId = undefined;
32 next();
33 }
34 return;
35 }
Misha Krieger-Raynauld242560f2022-10-16 19:59:58 -0400[diff] [blame]36
Misha Krieger-Raynauld6f9c7ae2022-10-28 11:41:45 -0400[diff] [blame]37 const token = authorizationHeader.split(' ')[1];
38 if (token === undefined) {
39 res.status(HttpStatusCode.BadRequest).send('Missing JSON web token');
40 return;
41 }
Misha Krieger-Raynauld242560f2022-10-16 19:59:58 -0400[diff] [blame]42
Misha Krieger-Raynauld6f9c7ae2022-10-28 11:41:45 -0400[diff] [blame]43 try {
Misha Krieger-Raynauldb933fbb2022-11-15 15:11:09 -0500[diff] [blame^]44 const { payload } = await verifyJwt(token);
45 res.locals.accountId = payload.accountId;
Misha Krieger-Raynauld6f9c7ae2022-10-28 11:41:45 -0400[diff] [blame]46 next();
Misha Krieger-Raynauld8a381da2022-11-03 17:37:51 -0400[diff] [blame]47 } catch (e) {
Misha Krieger-Raynauldcb11bba2022-11-11 18:08:33 -0500[diff] [blame]48 res.status(HttpStatusCode.Unauthorized).send('Invalid access token');
Misha Krieger-Raynauld6f9c7ae2022-10-28 11:41:45 -0400[diff] [blame]49 }
50 };
Misha Krieger-Raynauld242560f2022-10-16 19:59:58 -0400[diff] [blame]51}
Misha Krieger-Raynauld6f9c7ae2022-10-28 11:41:45 -0400[diff] [blame]52
53export const authenticateToken = createAuthenticationMiddleware(true);
54
55export const authenticateOptionalToken = createAuthenticationMiddleware(false);