83 lines
2.4 KiB
TypeScript
83 lines
2.4 KiB
TypeScript
import NProgress from "nprogress";
|
|
import { useAuthStore } from "@/stores/auth";
|
|
import { useAccountStore } from "@/stores/account";
|
|
import { jwtDecode, type JwtPayload } from "jwt-decode";
|
|
import { refreshToken } from "@/serverCom";
|
|
import type { PermissionObject } from "@/types/permissionTypes";
|
|
import { useAbilityStore } from "@/stores/ability";
|
|
|
|
export type Payload = JwtPayload & {
|
|
userId: string;
|
|
username: string;
|
|
firstname: string;
|
|
lastname: string;
|
|
mail: string;
|
|
isOwner: boolean;
|
|
permissions: PermissionObject;
|
|
};
|
|
|
|
export async function isAuthenticated(to: any, from: any, next: any) {
|
|
const auth = useAuthStore();
|
|
NProgress.start();
|
|
if (auth.authCheck && localStorage.getItem("access_token") && localStorage.getItem("refresh_token")) {
|
|
NProgress.done();
|
|
next();
|
|
return;
|
|
}
|
|
await isAuthenticatedPromise()
|
|
.then(async (result: Payload) => {
|
|
NProgress.done();
|
|
next();
|
|
})
|
|
.catch((err: string) => {
|
|
NProgress.done();
|
|
next({ name: err ?? "login" });
|
|
});
|
|
}
|
|
|
|
export async function isAuthenticatedPromise(forceRefresh: boolean = false): Promise<Payload> {
|
|
return new Promise<Payload>(async (resolve, reject) => {
|
|
const auth = useAuthStore();
|
|
const account = useAccountStore();
|
|
const ability = useAbilityStore();
|
|
let decoded: Payload | string = "";
|
|
try {
|
|
decoded = jwtDecode<Payload>(localStorage.getItem("accessToken") ?? "");
|
|
} catch (error) {
|
|
auth.setFailed();
|
|
reject("login");
|
|
}
|
|
|
|
if (typeof decoded == "string" || !decoded) {
|
|
auth.setFailed();
|
|
reject("login");
|
|
} else {
|
|
// check jwt expiry
|
|
const exp = decoded.exp ?? 0;
|
|
const correctedLocalTime = new Date().getTime();
|
|
if (exp < Math.floor(correctedLocalTime / 1000) || forceRefresh) {
|
|
await refreshToken()
|
|
.then(() => {
|
|
console.log("fetched new token");
|
|
})
|
|
.catch((err: string) => {
|
|
console.log("expired");
|
|
auth.setFailed();
|
|
reject(err);
|
|
});
|
|
}
|
|
|
|
var { userId, firstname, lastname, mail, username, permissions, isOwner } = decoded;
|
|
|
|
if (Object.keys(permissions ?? {}).length === 0 && !isOwner) {
|
|
auth.setFailed();
|
|
reject("nopermissions");
|
|
}
|
|
|
|
auth.setSuccess();
|
|
account.setAccountData(userId, firstname, lastname, mail, username);
|
|
ability.setAbility(permissions, isOwner);
|
|
resolve(decoded);
|
|
}
|
|
});
|
|
}
|