diff options
Diffstat (limited to 'app/Middleware')
-rw-r--r-- | app/Middleware/AllowGuestOnly.ts | 33 | ||||
-rw-r--r-- | app/Middleware/Auth.ts | 61 | ||||
-rw-r--r-- | app/Middleware/Dashboard.ts | 15 | ||||
-rw-r--r-- | app/Middleware/SilentAuth.ts | 11 |
4 files changed, 54 insertions, 66 deletions
diff --git a/app/Middleware/AllowGuestOnly.ts b/app/Middleware/AllowGuestOnly.ts index ee43571..5ef5c34 100644 --- a/app/Middleware/AllowGuestOnly.ts +++ b/app/Middleware/AllowGuestOnly.ts | |||
@@ -1,6 +1,6 @@ | |||
1 | import { GuardsList } from '@ioc:Adonis/Addons/Auth'; | 1 | import { GuardsList } from '@ioc:Adonis/Addons/Auth' |
2 | import { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'; | 2 | import { HttpContext } from '@adonisjs/core/http' |
3 | import { AuthenticationException } from '@adonisjs/auth/build/standalone'; | 3 | import { AuthenticationException } from '@adonisjs/auth/build/standalone' |
4 | 4 | ||
5 | /** | 5 | /** |
6 | * This is actually a reverted a reverted auth middleware available in ./Auth.ts | 6 | * This is actually a reverted a reverted auth middleware available in ./Auth.ts |
@@ -10,27 +10,24 @@ export default class GuestMiddleware { | |||
10 | /** | 10 | /** |
11 | * The URL to redirect to when request is authorized | 11 | * The URL to redirect to when request is authorized |
12 | */ | 12 | */ |
13 | protected redirectTo = '/dashboard'; | 13 | protected redirectTo = '/dashboard' |
14 | 14 | ||
15 | protected async authenticate( | 15 | protected async authenticate(auth: HttpContext['auth'], guards: (keyof GuardsList)[]) { |
16 | auth: HttpContextContract['auth'], | 16 | let guardLastAttempted: string | undefined |
17 | guards: (keyof GuardsList)[], | ||
18 | ) { | ||
19 | let guardLastAttempted: string | undefined; | ||
20 | 17 | ||
21 | for (const guard of guards) { | 18 | for (const guard of guards) { |
22 | guardLastAttempted = guard; | 19 | guardLastAttempted = guard |
23 | 20 | ||
24 | // eslint-disable-next-line no-await-in-loop | 21 | // eslint-disable-next-line no-await-in-loop |
25 | if (await auth.use(guard).check()) { | 22 | if (await auth.use(guard).check()) { |
26 | auth.defaultGuard = guard; | 23 | auth.defaultGuard = guard |
27 | 24 | ||
28 | throw new AuthenticationException( | 25 | throw new AuthenticationException( |
29 | 'Unauthorized access', | 26 | 'Unauthorized access', |
30 | 'E_UNAUTHORIZED_ACCESS', | 27 | 'E_UNAUTHORIZED_ACCESS', |
31 | guardLastAttempted, | 28 | guardLastAttempted, |
32 | this.redirectTo, | 29 | this.redirectTo |
33 | ); | 30 | ) |
34 | } | 31 | } |
35 | } | 32 | } |
36 | } | 33 | } |
@@ -39,18 +36,18 @@ export default class GuestMiddleware { | |||
39 | * Handle request | 36 | * Handle request |
40 | */ | 37 | */ |
41 | public async handle( | 38 | public async handle( |
42 | { auth }: HttpContextContract, | 39 | { auth }: HttpContext, |
43 | next: () => Promise<void>, | 40 | next: () => Promise<void>, |
44 | customGuards: (keyof GuardsList)[], | 41 | customGuards: (keyof GuardsList)[] |
45 | ) { | 42 | ) { |
46 | /** | 43 | /** |
47 | * Uses the user defined guards or the default guard mentioned in | 44 | * Uses the user defined guards or the default guard mentioned in |
48 | * the config file | 45 | * the config file |
49 | */ | 46 | */ |
50 | const guards = customGuards.length > 0 ? customGuards : [auth.name]; | 47 | const guards = customGuards.length > 0 ? customGuards : [auth.name] |
51 | 48 | ||
52 | await this.authenticate(auth, guards); | 49 | await this.authenticate(auth, guards) |
53 | 50 | ||
54 | await next(); | 51 | await next() |
55 | } | 52 | } |
56 | } | 53 | } |
diff --git a/app/Middleware/Auth.ts b/app/Middleware/Auth.ts index d0b212c..29620bb 100644 --- a/app/Middleware/Auth.ts +++ b/app/Middleware/Auth.ts | |||
@@ -1,9 +1,9 @@ | |||
1 | import { GuardsList } from '@ioc:Adonis/Addons/Auth'; | 1 | import { GuardsList } from '@ioc:Adonis/Addons/Auth' |
2 | import { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'; | 2 | import { HttpContext } from '@adonisjs/core/http' |
3 | import { AuthenticationException } from '@adonisjs/auth/build/standalone'; | 3 | import { AuthenticationException } from '@adonisjs/auth/build/standalone' |
4 | import * as jose from 'jose'; | 4 | import * as jose from 'jose' |
5 | import { appKey } from 'Config/app'; | 5 | import { appKey } from '#config/app' |
6 | import User from 'App/Models/User'; | 6 | import User from '#app/Models/User' |
7 | 7 | ||
8 | /** | 8 | /** |
9 | * Auth middleware is meant to restrict un-authenticated access to a given route | 9 | * Auth middleware is meant to restrict un-authenticated access to a given route |
@@ -16,7 +16,7 @@ export default class AuthMiddleware { | |||
16 | /** | 16 | /** |
17 | * The URL to redirect to when request is Unauthorized | 17 | * The URL to redirect to when request is Unauthorized |
18 | */ | 18 | */ |
19 | protected redirectTo = '/user/login'; | 19 | protected redirectTo = '/user/login' |
20 | 20 | ||
21 | /** | 21 | /** |
22 | * Authenticates the current HTTP request against a custom set of defined | 22 | * Authenticates the current HTTP request against a custom set of defined |
@@ -27,9 +27,9 @@ export default class AuthMiddleware { | |||
27 | * during the current request. | 27 | * during the current request. |
28 | */ | 28 | */ |
29 | protected async authenticate( | 29 | protected async authenticate( |
30 | auth: HttpContextContract['auth'], | 30 | auth: HttpContext['auth'], |
31 | guards: (keyof GuardsList)[], | 31 | guards: (keyof GuardsList)[], |
32 | request: HttpContextContract['request'], | 32 | request: HttpContext['request'] |
33 | ) { | 33 | ) { |
34 | /** | 34 | /** |
35 | * Hold reference to the guard last attempted within the for loop. We pass | 35 | * Hold reference to the guard last attempted within the for loop. We pass |
@@ -37,15 +37,15 @@ export default class AuthMiddleware { | |||
37 | * it can decide the correct response behavior based upon the guard | 37 | * it can decide the correct response behavior based upon the guard |
38 | * driver | 38 | * driver |
39 | */ | 39 | */ |
40 | let guardLastAttempted: string | undefined; | 40 | let guardLastAttempted: string | undefined |
41 | 41 | ||
42 | for (const guard of guards) { | 42 | for (const guard of guards) { |
43 | guardLastAttempted = guard; | 43 | guardLastAttempted = guard |
44 | 44 | ||
45 | let isLoggedIn = false; | 45 | let isLoggedIn = false |
46 | try { | 46 | try { |
47 | // eslint-disable-next-line no-await-in-loop | 47 | // eslint-disable-next-line no-await-in-loop |
48 | isLoggedIn = await auth.use(guard).check(); | 48 | isLoggedIn = await auth.use(guard).check() |
49 | } catch { | 49 | } catch { |
50 | // Silent fail to allow the rest of the code to handle the error | 50 | // Silent fail to allow the rest of the code to handle the error |
51 | } | 51 | } |
@@ -56,25 +56,22 @@ export default class AuthMiddleware { | |||
56 | * the rest of the request, since the user authenticated | 56 | * the rest of the request, since the user authenticated |
57 | * succeeded here | 57 | * succeeded here |
58 | */ | 58 | */ |
59 | auth.defaultGuard = guard; | 59 | auth.defaultGuard = guard |
60 | return; | 60 | return |
61 | } | 61 | } |
62 | } | 62 | } |
63 | 63 | ||
64 | // Manually try authenticating using the JWT (verfiy signature required) | 64 | // Manually try authenticating using the JWT (verfiy signature required) |
65 | // Legacy support for JWTs so that the client still works (older than 2.0.0) | 65 | // Legacy support for JWTs so that the client still works (older than 2.0.0) |
66 | const authToken = request.headers().authorization?.split(' ')[1]; | 66 | const authToken = request.headers().authorization?.split(' ')[1] |
67 | if (authToken) { | 67 | if (authToken) { |
68 | try { | 68 | try { |
69 | const jwt = await jose.jwtVerify( | 69 | const jwt = await jose.jwtVerify(authToken, new TextEncoder().encode(appKey)) |
70 | authToken, | 70 | const { uid } = jwt.payload |
71 | new TextEncoder().encode(appKey), | ||
72 | ); | ||
73 | const { uid } = jwt.payload; | ||
74 | 71 | ||
75 | // @ts-expect-error | 72 | // @ts-expect-error |
76 | request.user = await User.findOrFail(uid); | 73 | request.user = await User.findOrFail(uid) |
77 | return; | 74 | return |
78 | } catch { | 75 | } catch { |
79 | // Silent fail to allow the rest of the code to handle the error | 76 | // Silent fail to allow the rest of the code to handle the error |
80 | } | 77 | } |
@@ -87,32 +84,32 @@ export default class AuthMiddleware { | |||
87 | 'Unauthorized access', | 84 | 'Unauthorized access', |
88 | 'E_UNAUTHORIZED_ACCESS', | 85 | 'E_UNAUTHORIZED_ACCESS', |
89 | guardLastAttempted, | 86 | guardLastAttempted, |
90 | this.redirectTo, | 87 | this.redirectTo |
91 | ); | 88 | ) |
92 | } | 89 | } |
93 | 90 | ||
94 | /** | 91 | /** |
95 | * Handle request | 92 | * Handle request |
96 | */ | 93 | */ |
97 | public async handle( | 94 | public async handle( |
98 | { request, auth, response }: HttpContextContract, | 95 | { request, auth, response }: HttpContext, |
99 | next: () => Promise<void>, | 96 | next: () => Promise<void>, |
100 | customGuards: (keyof GuardsList)[], | 97 | customGuards: (keyof GuardsList)[] |
101 | ) { | 98 | ) { |
102 | /** | 99 | /** |
103 | * Uses the user defined guards or the default guard mentioned in | 100 | * Uses the user defined guards or the default guard mentioned in |
104 | * the config file | 101 | * the config file |
105 | */ | 102 | */ |
106 | const guards = customGuards.length > 0 ? customGuards : [auth.name]; | 103 | const guards = customGuards.length > 0 ? customGuards : [auth.name] |
107 | try { | 104 | try { |
108 | await this.authenticate(auth, guards, request); | 105 | await this.authenticate(auth, guards, request) |
109 | } catch (error) { | 106 | } catch (error) { |
110 | // If the user is not authenticated and it is a web endpoint, redirect to the login page | 107 | // If the user is not authenticated and it is a web endpoint, redirect to the login page |
111 | if (guards.includes('web')) { | 108 | if (guards.includes('web')) { |
112 | return response.redirect(error.redirectTo); | 109 | return response.redirect(error.redirectTo) |
113 | } | 110 | } |
114 | throw error; | 111 | throw error |
115 | } | 112 | } |
116 | await next(); | 113 | await next() |
117 | } | 114 | } |
118 | } | 115 | } |
diff --git a/app/Middleware/Dashboard.ts b/app/Middleware/Dashboard.ts index 62deea0..f29794c 100644 --- a/app/Middleware/Dashboard.ts +++ b/app/Middleware/Dashboard.ts | |||
@@ -1,17 +1,14 @@ | |||
1 | import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'; | 1 | import type { HttpContext } from '@adonisjs/core/http' |
2 | import Config from '@ioc:Adonis/Core/Config'; | 2 | import { Config } from '@adonisjs/core/config' |
3 | 3 | ||
4 | export default class Dashboard { | 4 | export default class Dashboard { |
5 | public async handle( | 5 | public async handle({ response }: HttpContext, next: () => Promise<void>) { |
6 | { response }: HttpContextContract, | ||
7 | next: () => Promise<void>, | ||
8 | ) { | ||
9 | if (Config.get('dashboard.enabled') === false) { | 6 | if (Config.get('dashboard.enabled') === false) { |
10 | response.send( | 7 | response.send( |
11 | 'The user dashboard is disabled on this server\n\nIf you are the server owner, please set IS_DASHBOARD_ENABLED to true to enable the dashboard.', | 8 | 'The user dashboard is disabled on this server\n\nIf you are the server owner, please set IS_DASHBOARD_ENABLED to true to enable the dashboard.' |
12 | ); | 9 | ) |
13 | } else { | 10 | } else { |
14 | await next(); | 11 | await next() |
15 | } | 12 | } |
16 | } | 13 | } |
17 | } | 14 | } |
diff --git a/app/Middleware/SilentAuth.ts b/app/Middleware/SilentAuth.ts index ee73ec4..a7271d5 100644 --- a/app/Middleware/SilentAuth.ts +++ b/app/Middleware/SilentAuth.ts | |||
@@ -1,4 +1,4 @@ | |||
1 | import { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'; | 1 | import { HttpContext } from '@adonisjs/core/http' |
2 | 2 | ||
3 | /** | 3 | /** |
4 | * Silent auth middleware can be used as a global middleware to silent check | 4 | * Silent auth middleware can be used as a global middleware to silent check |
@@ -10,15 +10,12 @@ export default class SilentAuthMiddleware { | |||
10 | /** | 10 | /** |
11 | * Handle request | 11 | * Handle request |
12 | */ | 12 | */ |
13 | public async handle( | 13 | public async handle({ auth }: HttpContext, next: () => Promise<void>) { |
14 | { auth }: HttpContextContract, | ||
15 | next: () => Promise<void>, | ||
16 | ) { | ||
17 | /** | 14 | /** |
18 | * Check if user is logged-in or not. If yes, then `ctx.auth.user` will be | 15 | * Check if user is logged-in or not. If yes, then `ctx.auth.user` will be |
19 | * set to the instance of the currently logged in user. | 16 | * set to the instance of the currently logged in user. |
20 | */ | 17 | */ |
21 | await auth.check(); | 18 | await auth.check() |
22 | await next(); | 19 | await next() |
23 | } | 20 | } |
24 | } | 21 | } |