43 lines
1.4 KiB
TypeScript
43 lines
1.4 KiB
TypeScript
import { Request, Response } from "express";
|
|
import jwt from "jsonwebtoken";
|
|
import BadRequestException from "../exceptions/badRequestException";
|
|
import UnauthorizedRequestException from "../exceptions/unauthorizedRequestException";
|
|
import InternalException from "../exceptions/internalException";
|
|
import { JWTHelper } from "../helpers/jwtHelper";
|
|
|
|
export default async function authenticate(req: Request, res: Response, next: Function) {
|
|
const bearer = req.headers.authorization?.split(" ")?.[1] ?? undefined;
|
|
|
|
if (!bearer) {
|
|
throw new BadRequestException("Provide valid Authorization Header");
|
|
}
|
|
|
|
let decoded: string | jwt.JwtPayload;
|
|
await JWTHelper.validate(bearer)
|
|
.then((result) => {
|
|
decoded = result;
|
|
})
|
|
.catch((err) => {
|
|
if (err == "jwt expired") {
|
|
throw new UnauthorizedRequestException("Token expired", err);
|
|
} else {
|
|
throw new BadRequestException("Failed Authorization Header decoding", err);
|
|
}
|
|
});
|
|
|
|
if (typeof decoded == "string" || !decoded) {
|
|
throw new InternalException("process failed");
|
|
}
|
|
|
|
if (decoded?.sub == "api_token_retrieve") {
|
|
throw new BadRequestException("This token is only authorized to get temporary access tokens via GET /api/webapi");
|
|
}
|
|
|
|
req.userId = decoded.userId;
|
|
req.username = decoded.username;
|
|
req.isOwner = decoded.isOwner;
|
|
req.permissions = decoded.permissions;
|
|
req.isWebApiRequest = decoded?.sub == "webapi_access_token";
|
|
|
|
next();
|
|
}
|