2017-11-25 21:25:01 +00:00
|
|
|
const fs = require("fs")
|
|
|
|
const path = require("path")
|
|
|
|
const crypto = require("crypto")
|
|
|
|
const jwt = require("jsonwebtoken")
|
|
|
|
const invariant = require("invariant")
|
|
|
|
const forge = require("node-forge")
|
|
|
|
const db = require("./RedisClient")
|
2017-11-11 20:18:13 +00:00
|
|
|
|
|
|
|
let keys
|
2017-11-25 21:25:01 +00:00
|
|
|
if (process.env.NODE_ENV === "production") {
|
2017-11-11 20:18:13 +00:00
|
|
|
keys = {
|
2017-11-25 21:25:01 +00:00
|
|
|
public: fs.readFileSync(path.resolve(__dirname, "../public.key"), "utf8"),
|
2017-11-11 20:18:13 +00:00
|
|
|
private: process.env.PRIVATE_KEY
|
|
|
|
}
|
|
|
|
|
2017-11-25 21:25:01 +00:00
|
|
|
invariant(keys.private, "Missing $PRIVATE_KEY environment variable")
|
2017-11-11 20:18:13 +00:00
|
|
|
} else {
|
|
|
|
// Generate a random keypair for dev/testing.
|
|
|
|
// See https://gist.github.com/sebadoom/2b70969e70db5da9a203bebd9cff099f
|
|
|
|
const keypair = forge.rsa.generateKeyPair({ bits: 2048 })
|
|
|
|
keys = {
|
|
|
|
public: forge.pki.publicKeyToPem(keypair.publicKey, 72),
|
|
|
|
private: forge.pki.privateKeyToPem(keypair.privateKey, 72)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
function getCurrentSeconds() {
|
|
|
|
return Math.floor(Date.now() / 1000)
|
|
|
|
}
|
|
|
|
|
|
|
|
function createTokenId() {
|
2017-11-25 21:25:01 +00:00
|
|
|
return crypto.randomBytes(16).toString("hex")
|
2017-11-11 20:18:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
function createToken(scopes = {}) {
|
|
|
|
return new Promise((resolve, reject) => {
|
|
|
|
const payload = {
|
|
|
|
jti: createTokenId(),
|
2017-11-25 21:25:01 +00:00
|
|
|
iss: "https://unpkg.com",
|
2017-11-11 20:18:13 +00:00
|
|
|
iat: getCurrentSeconds(),
|
|
|
|
scopes
|
|
|
|
}
|
|
|
|
|
2017-11-25 21:25:01 +00:00
|
|
|
jwt.sign(payload, keys.private, { algorithm: "RS256" }, (error, token) => {
|
2017-11-11 20:18:13 +00:00
|
|
|
if (error) {
|
|
|
|
reject(error)
|
|
|
|
} else {
|
|
|
|
resolve(token)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2017-11-25 21:25:01 +00:00
|
|
|
const RevokedTokensSet = "revoked-tokens"
|
2017-11-11 20:18:13 +00:00
|
|
|
|
|
|
|
function verifyToken(token) {
|
|
|
|
return new Promise((resolve, reject) => {
|
2017-11-25 21:25:01 +00:00
|
|
|
const options = { algorithms: ["RS256"] }
|
2017-11-11 20:18:13 +00:00
|
|
|
|
|
|
|
jwt.verify(token, keys.public, options, (error, payload) => {
|
|
|
|
if (error) {
|
|
|
|
reject(error)
|
|
|
|
} else {
|
|
|
|
if (payload.jti) {
|
|
|
|
db.sismember(RevokedTokensSet, payload.jti, (error, value) => {
|
|
|
|
if (error) {
|
|
|
|
reject(error)
|
|
|
|
} else {
|
|
|
|
resolve(value === 0 ? payload : null)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
} else {
|
|
|
|
resolve(null)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
})
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
function revokeToken(token) {
|
|
|
|
return verifyToken(token).then(payload => {
|
|
|
|
if (payload) {
|
|
|
|
return new Promise((resolve, reject) => {
|
|
|
|
db.sadd(RevokedTokensSet, payload.jti, error => {
|
|
|
|
if (error) {
|
|
|
|
reject(error)
|
|
|
|
} else {
|
|
|
|
resolve()
|
|
|
|
}
|
|
|
|
})
|
|
|
|
})
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
function removeAllRevokedTokens() {
|
|
|
|
return new Promise((resolve, reject) => {
|
|
|
|
db.del(RevokedTokensSet, error => {
|
|
|
|
if (error) {
|
|
|
|
reject(error)
|
|
|
|
} else {
|
|
|
|
resolve()
|
|
|
|
}
|
|
|
|
})
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
function getPublicKey() {
|
|
|
|
return keys.public
|
|
|
|
}
|
|
|
|
|
|
|
|
module.exports = {
|
|
|
|
createToken,
|
|
|
|
verifyToken,
|
|
|
|
revokeToken,
|
|
|
|
removeAllRevokedTokens,
|
|
|
|
getPublicKey
|
|
|
|
}
|