github/directus
1
0
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-01-29 01:48:23 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
86e9bb7d07166b1aa2a2ae3111cd792981a9feff
directus/api/src/middleware/authenticate.ts
rijkvanzanten 9df6bd95a5 Convert ipv4 addresses to ipv4
2020-10-13 15:50:19 -04:00

86 lines
2.3 KiB
TypeScript
Raw Blame History

import { RequestHandler } from 'express';
import jwt, { TokenExpiredError, JsonWebTokenError } from 'jsonwebtoken';
import isJWT from '../utils/is-jwt';
import database from '../database';
import asyncHandler from 'express-async-handler';
import { InvalidCredentialsException } from '../exceptions';
import env from '../env';
/**
* Verify the passed JWT and assign the user ID and role to `req`
*/
const authenticate: RequestHandler = asyncHandler(async (req, res, next) => {
req.accountability = {
user: null,
role: null,
admin: false,
ip: req.ip.startsWith('::ffff:') ? req.ip.substring(7) : req.ip,
userAgent: req.get('user-agent'),
};
if (!req.token) return next();
if (isJWT(req.token)) {
let payload: { id: string };
try {
payload = jwt.verify(req.token, env.SECRET as string) as { id: string };
} catch (err) {
if (err instanceof TokenExpiredError) {
throw new InvalidCredentialsException('Token expired.');
} else if (err instanceof JsonWebTokenError) {
throw new InvalidCredentialsException('Token invalid.');
} else {
throw err;
}
}
const user = await database
.select('role', 'directus_roles.admin_access')
.from('directus_users')
.leftJoin('directus_roles', 'directus_users.role', 'directus_roles.id')
.where({
'directus_users.id': payload.id,
status: 'active',
})
.first();
if (!user) {
throw new InvalidCredentialsException();
}
req.accountability.user = payload.id;
req.accountability.role = user.role;
req.accountability.admin = user.admin_access === true || user.admin_access == 1;
} else {
// Try finding the user with the provided token
const user = await database
.select('directus_users.id', 'directus_users.role', 'directus_roles.admin_access')
.from('directus_users')
.leftJoin('directus_roles', 'directus_users.role', 'directus_roles.id')
.where({
'directus_users.token': req.token,
status: 'active',
})
.first();
if (!user) {
throw new InvalidCredentialsException();
}
req.accountability.user = user.id;
req.accountability.role = user.role;
req.accountability.admin = user.admin_access === true || user.admin_access == 1;
}
if (req.accountability?.user) {
await database('directus_users')
.update({ last_access: new Date() })
.where({ id: req.accountability.user });
}
return next();
});
export default authenticate;
Reference in New Issue View Git Blame Copy Permalink