-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathhandlers.js
158 lines (130 loc) · 3.64 KB
/
handlers.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
const Cookies = require("cookies");
const AuthTokens = require("../src/index");
// Naive implementaion of database with users data
const USERS = {
username1: "password1",
username2: "password2",
};
const ACCESS_TOKEN_NAME = "ACCESS_TOKEN_NAME";
const REFRESH_TOKEN_NAME = "REFRESH_TOKEN_NAME";
const AUTH_OPTIONS = {
accessTokenMaxAge: 5 * 60 * 1000, // 5 minutes in ms
refreshTokenMaxAge: 7 * 24 * 60 * 60 * 1000, // 7 days in ms
};
const authTokens = new AuthTokens({
...AUTH_OPTIONS,
});
function generateCookie(name, value, maxAge) {
return [
name,
value,
{
maxAge,
domain: "localhost",
httpOnly: true,
path: "/",
sameSite: "strict",
secure: false, // it should be true in production
},
];
}
function responseWithBody(response, body) {
response.writeHead(200, { "Content-Type": "application/json" });
response.end(JSON.stringify({ ...body }));
}
function responseUnauthorized(response) {
response.writeHead(401, { "Content-Type": "application/json" });
response.end();
}
function processLogin(request, response, body) {
const { username, password } = body;
// There should be real authentication logic
if (USERS[username] && USERS[username] === password) {
const { accessToken, accessTokenExpiresIn, refreshToken } =
authTokens.setTokens(username);
const cookies = new Cookies(request, response);
const accessTokenCookie = generateCookie(
ACCESS_TOKEN_NAME,
accessToken,
AUTH_OPTIONS.accessTokenMaxAge,
);
const refreshTokenCookie = generateCookie(
REFRESH_TOKEN_NAME,
refreshToken,
AUTH_OPTIONS.refreshTokenMaxAge,
);
cookies.set(...accessTokenCookie);
cookies.set(...refreshTokenCookie);
responseWithBody(response, {
message: "Logged in",
accessTokenExpiresIn,
});
return;
}
responseUnauthorized(response);
}
function processLogout(request, response) {
const cookies = new Cookies(request, response);
const refreshToken = cookies.get(REFRESH_TOKEN_NAME);
if (!refreshToken) {
responseUnauthorized(response);
return;
}
authTokens.deleteRefreshToken(refreshToken);
// Clear cookies
cookies.set(ACCESS_TOKEN_NAME);
cookies.set(REFRESH_TOKEN_NAME);
responseWithBody(response, {
message: "Logged out",
accessTokenExpiresIn: null,
});
}
function processRefresh(request, response, body) {
const cookies = new Cookies(request, response);
const currentRefreshToken = cookies.get(REFRESH_TOKEN_NAME);
let accessToken;
let accessTokenExpiresIn;
let refreshToken;
try {
({ accessToken, accessTokenExpiresIn, refreshToken } =
authTokens.refreshTokens(currentRefreshToken));
} catch (error) {
console.error(error);
responseUnauthorized(response);
return;
}
const accessTokenCookie = generateCookie(
ACCESS_TOKEN_NAME,
accessToken,
AUTH_OPTIONS.accessTokenMaxAge,
);
const refreshTokenCookie = generateCookie(
REFRESH_TOKEN_NAME,
refreshToken,
AUTH_OPTIONS.refreshTokenMaxAge,
);
cookies.set(...accessTokenCookie);
cookies.set(...refreshTokenCookie);
responseWithBody(response, {
message: "Tokens refreshed",
accessTokenExpiresIn,
});
}
function processProtected(request, response, body) {
const cookies = new Cookies(request, response);
const accessToken = cookies.get(ACCESS_TOKEN_NAME);
try {
authTokens.verifyAccessToken(accessToken);
} catch (error) {
console.error(error);
responseUnauthorized(response);
return;
}
responseWithBody(response, { message: "Some protected data" });
}
module.exports = {
processLogin,
processLogout,
processRefresh,
processProtected,
};