suivi-loot-wow-api/services/security.service.js

import jwt from 'jsonwebtoken'
import userService from './user.service.js'
import ErrorType from '../error/types.error.js'
import serverConfig from '../configuration/server.config.js'

const checkJWT = (request, reply, done) => {
  isAuthorized(request, reply, done)
}

function isAuthorized(request, reply, done, condition = user => true) {
  const token = request.headers['authorization']
  if (!token) return reply.code(401).send({ message: 'No token provided' })
  try {
    const _token = token.replace('Bearer ', '')
    const decoded = jwt.verify(_token, serverConfig.secret)
    if (decoded && decoded.sub) {
      if (new Date(decoded.exp) <= new Date()) {
        return reply.code(401).send({ message: 'Invalid or expired token' })
      }
    }
    if (condition(decoded)) {
      request.user = decoded
      request.user.username = request.user.sub
      done()
    } else return reply.code(403).send({ message: `Unauthorized access for ${decoded.sub}` })
  } catch (e) {
    request.log.error('Invalid or expired token')
    return reply.code(401).send({ message: e.message })
  }
}

const login = async (request, reply, done) => {
  const { username, password } = request.body
  try {
    const user = await userService.getUser(username)
    if (!user) {
      request.log.error(`Login with user ${username} failed. User does not exist.`)
      throw new Error(ErrorType.FUNCTIONAL_NOT_FOUND)
    }
    if (!await user.comparePassword(password)) {
      request.log.error(`Password compare for user ${username} failed. Passwords don't match.`)
      throw new Error(ErrorType.FUNCTIONAL_FORBIDDEN)
    }
    request.log.info(`Login with user ${username} succeeded.`)
    request.user = user
  } catch (e) {
    request.log.error(`Login with user ${username} failed. Message: ${e.message}`)
    request.user = { username, message: e.message }
  }
}

export default {
  checkJWT,
  login
}