return (req: express.Request, res: express.Response) => {
// Get bearer token
let authHeaderMatch = /^Bearer (.*)/i.exec(req.header("authorization"));
if (!authHeaderMatch) {
console.error("No Authorization token provided");
res.sendStatus(401);
return;
}
// Decode token and get signing key
const encodedToken = authHeaderMatch[1];
const decodedToken = jwt.decode(encodedToken, { complete: true });
msaOpenIdMetadata.getKey(decodedToken["header"].kid, (key) => {
if (!key) {
console.error("Invalid signing key or OpenId metadata document");
res.sendStatus(500);
}
// Verify token
const verifyOptions: jwt.VerifyOptions = {
algorithms: ["RS256", "RS384", "RS512"],
issuer: `https://sts.windows.net/${decodedToken["payload"].tid}/`,
audience: config.get("app.appId"),
clockTolerance: 300,
};
try {
let token = jwt.verify(encodedToken, key.key, verifyOptions);
res.status(200).send(token);
} catch (e) {
console.error("Invalid bearer token", e);
res.sendStatus(401);
}
});
};
router.post("/logout", auth, function(req: express.Request, res: express.Response) {
var token = getToken(req);
var dtoken = jwt.decode(token, { complete: true }) || {};
// Update user status online
var params = {
id: dtoken.payload.id,
status: ManagerModel.MANAGER_STATUS_OFFLINE
};
var managerModel = new ManagerModel();
managerModel.setStatus(params, function(error: any, result: any) {
if (error) {
return res.status(400).send({status: false, error: error});
}
res.json({
status: true
});
var msg = {
author: {
id: params.id
},
type: MessageModel.MESSAGE_TYPE_CHANGE_STATUS,
status: ManagerModel.MANAGER_STATUS_OFFLINE
};
server.io.emit( params.id, msg);
});
});
return (req: Request, res: Response) => {
const { cookies: { token: requestToken } } = req;
const decodedTokenPayload = jwt.decode(requestToken);
if (decodedTokenPayload) {
const { username } = decodedTokenPayload;
log.debug("Logout request for " + username);
}
res.status(204).clearCookie('token').end();
};
export const validateJWT = async function(req: ValidateRequest, res: Response) {
const decoded = jsonwebtoken.decode(req.query.jwt, { complete: true }) as JWTContent;
try {
const publicKey = await getPublicKey(decoded.header.kid);
jsonwebtoken.verify(req.query.jwt, publicKey); // throws
res.status(200).json({ is_valid: true });
} catch (e) {
res.status(200).json({ is_valid: false, error: e });
}
} as any as RequestHandler;
it('sets the subject authResult[entity][entityService.id]', async () => {
const { accessToken } = await app.service('authentication').create({
strategy: 'first',
username: '******'
});
const decoded = jwt.decode(accessToken);
assert.strictEqual(decoded.sub, Strategy1.result.user.id.toString());
});
function isAdmin(req): boolean {
if (config.server.admin == "") {
return true;
}
if (req.headers.authorization) {
var visitor = visitorFactory.getByEmail(jwt.decode(req.headers.authorization.substr(7)).email);
return visitor.isAdmin();
}
else
return false;
}
setRavenUserContext() {
if (this.cmd && this.cmd.env && this.cmd.env.cloudSessionKey) {
const data = jwt.decode(this.cmd.env.cloudSessionKey)
Raven.mergeContext({
user: {
fid: getFid(),
id: data.userId,
isGlobal: getIsGlobal(),
},
})
}
}
/**
* @summary decodes a signed JWT
* @param {string} signedToken
* @returns {{}|null} The JWT payload
*/
decode(signedToken) {
try {
return jwt.verify(signedToken, this.configuration.sharedSecret, {
ignoreExpiration: true,
issuer: 'urn:app:' + this.configuration.appId,
});
} catch (error) {
// tslint:disable-next-line
console.error(error, jwt.decode(signedToken));
return null;
}
}
it('does not override the subject if already set', async () => {
const subject = 'Davester';
const { accessToken } = await app.service('authentication').create({
strategy: 'first',
username: '******'
}, {
jwt: { subject }
});
const decoded = jwt.decode(accessToken);
assert.strictEqual(decoded.sub, subject);
});
export default function refreshToken(req: Request, res: Response, next: Function) {
const { cookies: { token: requestToken } } = req;
const decodedTokenPayload = jwt.decode(requestToken);
const { username } = decodedTokenPayload;
// TODO: verify the issuer and secret? (e.g. in multitenant setup)
const updatedToken = jwt.sign({ username: username }, secret, {
issuer: 'react-redux-starter-kit',
expiresIn: expiry,
});
res.cookie('token', updatedToken, { secure: false /* TODO: change this */, maxAge: 60 * 60 * 1000 });
next();
};
