github/directus
1
0
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-01-30 05:58:03 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
ecf255bf47ae3bfcc0724b0de9e8f6a8789bc027
directus/api/src/middleware/authenticate.ts

85 lines
2.5 KiB
TypeScript
Raw Blame History

import { RequestHandler } from 'express';
import jwt, { JsonWebTokenError, TokenExpiredError } from 'jsonwebtoken';
import getDatabase from '../database';
import env from '../env';
import { InvalidCredentialsException } from '../exceptions';
import asyncHandler from '../utils/async-handler';
import isDirectusJWT from '../utils/is-directus-jwt';
/**
* Verify the passed JWT and assign the user ID and role to `req`
*/
const authenticate: RequestHandler = asyncHandler(async (req, res, next) => {
req.accountability = {
user: null,
role: null,
admin: false,
app: false,
ip: req.ip.startsWith('::ffff:') ? req.ip.substring(7) : req.ip,
userAgent: req.get('user-agent'),
};
if (!req.token) return next();
const database = getDatabase();
if (isDirectusJWT(req.token)) {
let payload: { id: string };
try {
payload = jwt.verify(req.token, env.SECRET as string, { issuer: 'directus' }) as { id: string };
} catch (err: any) {
if (err instanceof TokenExpiredError) {
throw new InvalidCredentialsException('Token expired.');
} else if (err instanceof JsonWebTokenError) {
throw new InvalidCredentialsException('Token invalid.');
} else {
throw err;
}
}
const user = await database
.select('directus_users.role', 'directus_roles.admin_access', 'directus_roles.app_access')
.from('directus_users')
.leftJoin('directus_roles', 'directus_users.role', 'directus_roles.id')
.where({
'directus_users.id': payload.id,
status: 'active',
})
.first();
if (!user) {
throw new InvalidCredentialsException();
}
req.accountability.user = payload.id;
req.accountability.role = user.role;
req.accountability.admin = user.admin_access === true || user.admin_access == 1;
req.accountability.app = user.app_access === true || user.app_access == 1;
} else {
// Try finding the user with the provided token
const user = await database
.select('directus_users.id', 'directus_users.role', 'directus_roles.admin_access', 'directus_roles.app_access')
.from('directus_users')
.leftJoin('directus_roles', 'directus_users.role', 'directus_roles.id')
.where({
'directus_users.token': req.token,
status: 'active',
})
.first();
if (!user) {
throw new InvalidCredentialsException();
}
req.accountability.user = user.id;
req.accountability.role = user.role;
req.accountability.admin = user.admin_access === true || user.admin_access == 1;
req.accountability.app = user.app_access === true || user.app_access == 1;
}
return next();
});
export default authenticate;
Reference in New Issue View Git Blame Copy Permalink