diff options
author | Ricardo <ricardo@cino.io> | 2023-10-13 14:12:03 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-10-13 13:12:03 +0100 |
commit | e503468660a13760010a94ecda5f0625c6f47f87 (patch) | |
tree | fa532f54fc5f091de08d55405ec6339bd2440a02 /app/Middleware/Auth.ts | |
parent | 1.3.16 [skip ci] (diff) | |
download | ferdium-server-e503468660a13760010a94ecda5f0625c6f47f87.tar.gz ferdium-server-e503468660a13760010a94ecda5f0625c6f47f87.tar.zst ferdium-server-e503468660a13760010a94ecda5f0625c6f47f87.zip |
Server re-build with latest AdonisJS framework & Typescript (#47)
* chore: setup first basis structure
* chore: ensure styling is loaded correctly
* chore: comply to new routing syntax by replace . with / in routes/resource locations
* chore: add login controller
* chore: correctly use views with slash instead of dot
* chore: working login + tests
* chore: clean up tests
* chore: add password-forgot endpoint and matching test
* chore: add delete page test
* chore: add logout test
* chore: add reset-password route and tests
* chore: remove obsolete comment
* chore: add account-page and tests
* chore: add data page & first step of the test
* chore: add transfer/import data feature and tests
* chore: add export and basic test
* chore: add all static api routes with tests
* Regenerate 'pnpm-lock.json' and fix bad merge conflict
WIP:
- Tests have been commented out since they dont work
- Server doesn't start
* easier dev and test runs
* - remove --require-pragma from reformat-files so formatting works properly
- run pnpm reformat-files over codebase
- remove .json files from .eslintignore
- add invalid.json file to .eslintignore
- configure prettier properly in eslint config
- add type jsdoc to prettier config
- run adonis generate:manifest command to regenerate ace-manifest.json
- specify volta in package.json
- introduce typecheck npm script
- remove unused .mjs extension from npm scripts
- install missing type definition dependencies
- add pnpm.allowedDeprecatedVersions to package.json
- fix invalid extends in tsconfig.json causing TS issues throughout codebase
- remove @ts-ignore throughout codebase which is not relevant anymore
- enable some of the tsconfig options
- remove outdated eslint-disable from codebase
- change deprecated faker.company.companyName() to faker.company.name()
- fix TS issues inside transfer.spec.ts
* - update to latest node and pnpm versions
- upgrade all non-major dependencies to latest
- install missing @types/luxon dependency
- add cuid to pnpm.allowedDeprecatedVersions
- add esModuleInterop config option to tsconfig
- migrate more deprecated faker methods to new ones
- add more temporary ts-ignore to code
* - update eslint config
- remove trailingComma: all since default in prettier v3
- add typecheck command to prepare-code npm script
- upgrade various dependencies to latest major version
- update tsconfig to include only useful config options
- disable some lint issues and fix others
* - add test command to prepare-code
- disable strictPropertyInitialization flag in tsconfig which creates issues with adonis models
- update precommit hook to excute pnpm prepare-code
- remove ts-ignore statements from all models
* fix node and pnpm dependency update
* add cross env (so that we can develop on windows)
* add signup endpoint (TODO: JWT auth)
* Add login endpoint
* Add me and updateMe endpoints
* Add service endpoint
* refactor: change endpoints to use jwt
* add recipes endpoint
* add workspaces endpoint
* fix web controllors for login and post import
* Update node deps
* Change auth middleware (for web) and exempt api from CSRF
* Add import endpoint (franz import)
* Fix export/import logic
* Fix service and workspace data in user/data
* Fix partial lint
* chore: workaround lint issues
* fix: migration naming had two .
* Sync back node with recipes repo
* Temporarily ignore typescript
* Fix adonisrc to handle public folder static assets
* Fix issue with production database
* add Legacy Password Provider
* Fix lint errors
* Fix issue on login errors frontend
* add Legacy Password Provider
* Fix issue with customIcons
* Fix issue with auth tokens
* Update 'node' to '18.18.0'
* make docker work
* improve docker entrypoint (test api performance)
* Add migration database script
* NODE_ENV on recipes
* prefer @ts-expect-error over @ts-ignore
* small fixes
* Update 'pnpm' to '8.7.6'
* fix error catch
* Automatically generate JWT Public and Private keys
* Use custom Adonis5-jwt
* Update code to use secret (old way, no breaking changes)
* Normalize appKey
* Trick to make JWT tokens on client work with new version
* Fix error with new JWT logic
* Change migration and how we store JWT
* Fix 500 response code (needs to be 401)
* Improve logic and fix bugs
* Fix build and entrypoint logic
* Catch error if appKey changes
* Add newToken logic
* Fix lint (ignore any errors)
* Add build for PRs
* pnpm reformat-files result
* Fix some tests
* Fix reset password not working (test failing)
* Restore csrfTokens (disabled by accident)
* Fix pnpm start command with .env
* Disable failing tests on the transfer endpoint (TODO)
* Add tests to PR build
* Fix build
* Remove unnecessary assertStatus
* Add typecheck
* hash password on UserFactory (fix build)
* Add JWT_USE_PEM true by default (increase security)
* fix name of github action
---------
Co-authored-by: Vijay A <vraravam@users.noreply.github.com>
Co-authored-by: Balaji Vijayakumar <kuttibalaji.v6@gmail.com>
Co-authored-by: MCMXC <16797721+mcmxcdev@users.noreply.github.com>
Co-authored-by: André Oliveira <oliveira.andrerodrigues95@gmail.com>
Diffstat (limited to 'app/Middleware/Auth.ts')
-rw-r--r-- | app/Middleware/Auth.ts | 118 |
1 files changed, 118 insertions, 0 deletions
diff --git a/app/Middleware/Auth.ts b/app/Middleware/Auth.ts new file mode 100644 index 0000000..d0b212c --- /dev/null +++ b/app/Middleware/Auth.ts | |||
@@ -0,0 +1,118 @@ | |||
1 | import { GuardsList } from '@ioc:Adonis/Addons/Auth'; | ||
2 | import { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'; | ||
3 | import { AuthenticationException } from '@adonisjs/auth/build/standalone'; | ||
4 | import * as jose from 'jose'; | ||
5 | import { appKey } from 'Config/app'; | ||
6 | import User from 'App/Models/User'; | ||
7 | |||
8 | /** | ||
9 | * Auth middleware is meant to restrict un-authenticated access to a given route | ||
10 | * or a group of routes. | ||
11 | * | ||
12 | * You must register this middleware inside `start/kernel.ts` file under the list | ||
13 | * of named middleware. | ||
14 | */ | ||
15 | export default class AuthMiddleware { | ||
16 | /** | ||
17 | * The URL to redirect to when request is Unauthorized | ||
18 | */ | ||
19 | protected redirectTo = '/user/login'; | ||
20 | |||
21 | /** | ||
22 | * Authenticates the current HTTP request against a custom set of defined | ||
23 | * guards. | ||
24 | * | ||
25 | * The authentication loop stops as soon as the user is authenticated using any | ||
26 | * of the mentioned guards and that guard will be used by the rest of the code | ||
27 | * during the current request. | ||
28 | */ | ||
29 | protected async authenticate( | ||
30 | auth: HttpContextContract['auth'], | ||
31 | guards: (keyof GuardsList)[], | ||
32 | request: HttpContextContract['request'], | ||
33 | ) { | ||
34 | /** | ||
35 | * Hold reference to the guard last attempted within the for loop. We pass | ||
36 | * the reference of the guard to the "AuthenticationException", so that | ||
37 | * it can decide the correct response behavior based upon the guard | ||
38 | * driver | ||
39 | */ | ||
40 | let guardLastAttempted: string | undefined; | ||
41 | |||
42 | for (const guard of guards) { | ||
43 | guardLastAttempted = guard; | ||
44 | |||
45 | let isLoggedIn = false; | ||
46 | try { | ||
47 | // eslint-disable-next-line no-await-in-loop | ||
48 | isLoggedIn = await auth.use(guard).check(); | ||
49 | } catch { | ||
50 | // Silent fail to allow the rest of the code to handle the error | ||
51 | } | ||
52 | |||
53 | if (isLoggedIn) { | ||
54 | /** | ||
55 | * Instruct auth to use the given guard as the default guard for | ||
56 | * the rest of the request, since the user authenticated | ||
57 | * succeeded here | ||
58 | */ | ||
59 | auth.defaultGuard = guard; | ||
60 | return; | ||
61 | } | ||
62 | } | ||
63 | |||
64 | // Manually try authenticating using the JWT (verfiy signature required) | ||
65 | // Legacy support for JWTs so that the client still works (older than 2.0.0) | ||
66 | const authToken = request.headers().authorization?.split(' ')[1]; | ||
67 | if (authToken) { | ||
68 | try { | ||
69 | const jwt = await jose.jwtVerify( | ||
70 | authToken, | ||
71 | new TextEncoder().encode(appKey), | ||
72 | ); | ||
73 | const { uid } = jwt.payload; | ||
74 | |||
75 | // @ts-expect-error | ||
76 | request.user = await User.findOrFail(uid); | ||
77 | return; | ||
78 | } catch { | ||
79 | // Silent fail to allow the rest of the code to handle the error | ||
80 | } | ||
81 | } | ||
82 | |||
83 | /** | ||
84 | * Unable to authenticate using any guard | ||
85 | */ | ||
86 | throw new AuthenticationException( | ||
87 | 'Unauthorized access', | ||
88 | 'E_UNAUTHORIZED_ACCESS', | ||
89 | guardLastAttempted, | ||
90 | this.redirectTo, | ||
91 | ); | ||
92 | } | ||
93 | |||
94 | /** | ||
95 | * Handle request | ||
96 | */ | ||
97 | public async handle( | ||
98 | { request, auth, response }: HttpContextContract, | ||
99 | next: () => Promise<void>, | ||
100 | customGuards: (keyof GuardsList)[], | ||
101 | ) { | ||
102 | /** | ||
103 | * Uses the user defined guards or the default guard mentioned in | ||
104 | * the config file | ||
105 | */ | ||
106 | const guards = customGuards.length > 0 ? customGuards : [auth.name]; | ||
107 | try { | ||
108 | await this.authenticate(auth, guards, request); | ||
109 | } catch (error) { | ||
110 | // If the user is not authenticated and it is a web endpoint, redirect to the login page | ||
111 | if (guards.includes('web')) { | ||
112 | return response.redirect(error.redirectTo); | ||
113 | } | ||
114 | throw error; | ||
115 | } | ||
116 | await next(); | ||
117 | } | ||
118 | } | ||