Skip to content

Commit 43db149

Browse files
gitcommitshowgitcommitshow
committed
docs: comments and updated jsdoc
1 parent d1b840e commit 43db149

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

41 files changed

+15167
-779
lines changed

docs/DemoAuthService.js.html

Lines changed: 262 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,262 @@
1+
<!DOCTYPE html>
2+
<html lang="en">
3+
<head>
4+
<meta charset="utf-8">
5+
<title>JSDoc: Source: DemoAuthService.js</title>
6+
7+
<script src="scripts/prettify/prettify.js"> </script>
8+
<script src="scripts/prettify/lang-css.js"> </script>
9+
<!--[if lt IE 9]>
10+
<script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script>
11+
<![endif]-->
12+
<link type="text/css" rel="stylesheet" href="styles/prettify-tomorrow.css">
13+
<link type="text/css" rel="stylesheet" href="styles/jsdoc-default.css">
14+
</head>
15+
16+
<body>
17+
18+
<div id="main">
19+
20+
<h1 class="page-title">Source: DemoAuthService.js</h1>
21+
22+
23+
24+
25+
26+
27+
<section>
28+
<article>
29+
<pre class="prettyprint source linenums"><code>/**
30+
* Various reusable functions, express middlewares, strategies for authentication flow
31+
*/
32+
33+
exports.isAuthenticated = isAuthenticated;
34+
35+
const JwtService = require('./JwtService');
36+
37+
/**
38+
* Express middleware for authentication using JWT paradigm
39+
* @param {} req : Express request object
40+
* @param {} res : Express response object
41+
* @param {} next : Express next callback
42+
*
43+
* @example
44+
* app.get('protectedEndpoint', [isAuthenticated], function(req, res){})
45+
*/
46+
function isAuthenticated(req, res, next) {
47+
// Get the token (Different ways : from query, from header, from body)
48+
// Verify
49+
// next() on success
50+
var tokenExchange = new TokenExchange()
51+
// TokenRead default Strategy
52+
switch (req.path) {
53+
case '/protected/api':
54+
tokenExchange.setTokenReadStrategy(new ReadFromHeader()).read(req);
55+
break;
56+
case '/protected/api/bearer':
57+
tokenExchange.setTokenReadStrategy(new ReadFromHeaderWithBearerScheme()).read(req);
58+
break;
59+
case '/protected/web-cookies':
60+
tokenExchange.setTokenReadStrategy(new ReadFromCookies()).read(req);
61+
break;
62+
case '/protected/web-form':
63+
tokenExchange.setTokenReadStrategy(new ReadFromBody()).read(req);
64+
break;
65+
case '/protected':
66+
tokenExchange.setTokenReadStrategy(new ReadFromUrlParam()).read(req);
67+
break;
68+
default:
69+
setDefaultStrategy(req, tokenExchange);
70+
}
71+
if(!tokenExchange || !tokenExchange.token){
72+
return res.status(401).send(`
73+
&lt;h2>No token found&lt;/h2>&lt;br/>&lt;br/>
74+
&lt;a href="/jwt/form" style="opacity:0.7;">Create a new token&lt;/a>&lt;br/>&lt;br/>
75+
`)
76+
}
77+
JwtService.verifyToken(tokenExchange.token, function(err, decodedToken){
78+
if (err) {
79+
return res.status(401).send(`
80+
&lt;b>Not Authenticated! &lt;/b>&lt;br/>&lt;code>${JSON.stringify(err)}&lt;/code>
81+
&lt;br/>&lt;a href="/">Go Home&lt;/a>&lt;br/>
82+
`)
83+
}
84+
//ToDo: Sanitize the decoded jwt content
85+
//ToDo: Set req.user object with fields such as id, name, etc.
86+
console.log(JSON.stringify(decodedToken.payload, null, 4))
87+
if (!req.user) {
88+
req.user = {}
89+
}
90+
req.user.username = decodedToken.payload.user
91+
next()
92+
})
93+
}
94+
95+
96+
/**
97+
*
98+
* Abstract implementation of strategy to read/manipulate token in request
99+
* @example
100+
* let tokenExchange = new TokenExchange()
101+
* // Define your own strategy(a function) to read token, let's call it MyTokenReadStrategy
102+
* tokenExchange.setTokenReadStrategy(new MyTokenReadStrategy())
103+
* tokenExchange.read(req);
104+
* returns token
105+
* @property {Function} read(req) - Function that extracts token from request object
106+
* @property {Function} setTokenReadStrategy(strategyInstance) - Set strategy for reading token
107+
*
108+
*/
109+
var TokenExchange = function() {
110+
this.tokenReadStrategy = null;
111+
this.token = "";
112+
this.setTokenReadStrategy = function(tokenReadStrategy) {
113+
this.tokenReadStrategy = tokenReadStrategy;
114+
return this;
115+
}
116+
this.read = function(req) {
117+
this.token = this.tokenReadStrategy.read(req);
118+
return this.token;
119+
}
120+
}
121+
122+
123+
// Resource: Recommended practices for authorization bearer token -> https://tools.ietf.org/html/rfc6750#section-1.1
124+
125+
/**
126+
* A strategy to read token from request query parameters.
127+
* Can be implemted via TokenExchange
128+
* @example
129+
* new TokenExchange().setTokenReadStrategy(new ReadFromBody())
130+
* // When token was sent /apiEndpoint?access_token=String
131+
* @see {@link TokenExchange}
132+
*/
133+
var ReadFromUrlParam = function() {
134+
this.read = function(req) {
135+
if (req &amp;&amp; req.query.access_token) {
136+
return req.query.access_token;
137+
}
138+
return null;
139+
}
140+
}
141+
142+
/**
143+
* A strategy to read token from request body
144+
* Can be implemted via TokenExchange
145+
* @example
146+
* new TokenExchange().setTokenReadStrategy(new ReadFromBody())
147+
* // When token was sent ia `POST /apiEndpoint -d '{access_token: String}'`
148+
* @see {@link TokenExchange}
149+
*/
150+
var ReadFromBody = function() {
151+
// Should have content type application/x-www-form-urlencoded
152+
// Should have this middleware enabled to parse body data : app.use(express.urlencoded({ extended: true }))
153+
154+
this.read = function(req) {
155+
if (req &amp;&amp; req.body &amp;&amp; req.body.access_token) {
156+
return req.body.access_token;
157+
}
158+
return null;
159+
}
160+
}
161+
162+
/**
163+
* A strategy to read token from request cookies
164+
* Can be implemted via TokenExchange
165+
* @example
166+
* new TokenExchange().setTokenReadStrategy(new ReadFromCookies())
167+
* @see {@link TokenExchange}
168+
*/
169+
var ReadFromCookies = function() {
170+
this.read = function(req) {
171+
if (req &amp;&amp; req.cookies &amp;&amp; req.cookies.access_token) {
172+
return req.cookies.access_token;
173+
}
174+
return null;
175+
}
176+
}
177+
178+
/**
179+
* A strategy to read token from request header named `authorization`
180+
* Can be implemted via TokenExchange
181+
* @example
182+
* new TokenExchange().setTokenReadStrategy(new ReadFromHeader())
183+
* @see {@link TokenExchange}
184+
*/
185+
var ReadFromHeader = function(req) {
186+
this.read = function(req) {
187+
if (req.get('Authorization')) {
188+
this.token = req.get('Authorization');
189+
return this.token;
190+
}
191+
return null;
192+
}
193+
}
194+
195+
/**
196+
* A strategy to read token from **header with bearer scheme**.
197+
* Can be implemted via TokenExchange
198+
* @param {*} req : Express Request object
199+
* @example
200+
* new TokenExchange().setTokenReadStrategy(new ReadFromHeaderWithBearerScheme())
201+
* @see {@link TokenExchange}
202+
*/
203+
var ReadFromHeaderWithBearerScheme = function(req) {
204+
this.read = function(req) {
205+
if (req.get('Authorization')) {
206+
var authHeader = req.get('Authorization');
207+
var re = /(\S+)\s+(\S+)/;
208+
if (typeof authHeader !== 'string') {
209+
return null;
210+
}
211+
var matches = authHeader.match(re);
212+
if (matches &amp;&amp; matches.length > 2) {
213+
return matches[2];
214+
}
215+
console.log('Bad authorization header ' + authHeader);
216+
return null;
217+
}
218+
console.log('No authorization header ');
219+
return null;
220+
}
221+
}
222+
223+
/**
224+
* Default strategy for TokenExchange
225+
* @description
226+
* Default strategy when authorization header is available in request : ReadFromHeaderWithBearerScheme
227+
* Default strategy when cookies have `access_token` : ReadFromCookie
228+
* @param {*} req
229+
* @param {*} tokenExchange
230+
* @see {@link TokenExchange}
231+
*/
232+
function setDefaultStrategy(req, tokenExchange) {
233+
// First check header - authorization
234+
if (req.get('Authorization')) {
235+
tokenExchange.setTokenReadStrategy(new ReadFromHeaderWithBearerScheme()).read(req);
236+
} else if (req &amp;&amp; req.cookies &amp;&amp; req.cookies.access_token) {
237+
tokenExchange.setTokenReadStrategy(new ReadFromCookies()).read(req);
238+
}
239+
// Second check cookie
240+
}</code></pre>
241+
</article>
242+
</section>
243+
244+
245+
246+
247+
</div>
248+
249+
<nav>
250+
<h2><a href="index.html">Home</a></h2><h3>Global</h3><ul><li><a href="global.html#createToken">createToken</a></li><li><a href="global.html#getDefaultToken">getDefaultToken</a></li><li><a href="global.html#isAuthenticated">isAuthenticated</a></li><li><a href="global.html#ReadFromBody">ReadFromBody</a></li><li><a href="global.html#ReadFromCookies">ReadFromCookies</a></li><li><a href="global.html#ReadFromHeader">ReadFromHeader</a></li><li><a href="global.html#ReadFromHeaderWithBearerScheme">ReadFromHeaderWithBearerScheme</a></li><li><a href="global.html#ReadFromUrlParam">ReadFromUrlParam</a></li><li><a href="global.html#setDefaultStrategy">setDefaultStrategy</a></li><li><a href="global.html#TokenExchange">TokenExchange</a></li><li><a href="global.html#updateSecretMethod">updateSecretMethod</a></li><li><a href="global.html#verifyToken">verifyToken</a></li></ul>
251+
</nav>
252+
253+
<br class="clear">
254+
255+
<footer>
256+
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 3.6.10</a> on Sun May 22 2022 15:06:37 GMT+0530 (India Standard Time)
257+
</footer>
258+
259+
<script> prettyPrint(); </script>
260+
<script src="scripts/linenumber.js"> </script>
261+
</body>
262+
</html>

0 commit comments

Comments
 (0)