2023-09-03 13:05:22 +00:00
|
|
|
import { findUser } from '../model/user';
|
2023-09-02 17:01:55 +00:00
|
|
|
import passport from 'passport';
|
|
|
|
import { Handler } from 'express';
|
|
|
|
import { Strategy as JwtStrategy, ExtractJwt } from 'passport-jwt';
|
|
|
|
import jwt from 'jsonwebtoken';
|
2023-09-03 13:30:19 +00:00
|
|
|
import { hashUuid } from '../utils/common';
|
|
|
|
import dayjs from 'dayjs';
|
2023-09-02 17:01:55 +00:00
|
|
|
|
2023-09-03 13:30:19 +00:00
|
|
|
export const jwtSecret =
|
|
|
|
process.env.JWT_SECRET || hashUuid(dayjs().format('YYYYMMDD'));
|
2023-09-02 17:01:55 +00:00
|
|
|
export const jwtIssuer = process.env.JWT_ISSUER || 'tianji.msgbyte.com';
|
|
|
|
export const jwtAudience = process.env.JWT_AUDIENCE || 'msgbyte.com';
|
|
|
|
|
2023-09-04 17:18:43 +00:00
|
|
|
export interface JWTPayload {
|
2023-09-03 13:05:22 +00:00
|
|
|
id: string;
|
|
|
|
username: string;
|
|
|
|
role: string;
|
|
|
|
}
|
|
|
|
|
2023-09-02 17:01:55 +00:00
|
|
|
passport.use(
|
|
|
|
new JwtStrategy(
|
|
|
|
{
|
|
|
|
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
|
|
|
|
secretOrKey: jwtSecret,
|
|
|
|
issuer: jwtIssuer,
|
|
|
|
audience: jwtAudience,
|
|
|
|
},
|
|
|
|
function (jwt_payload, done) {
|
2023-09-03 13:05:22 +00:00
|
|
|
findUser(jwt_payload.id)
|
2023-09-02 17:01:55 +00:00
|
|
|
.then((user) => {
|
|
|
|
if (user) {
|
|
|
|
done(null, user);
|
|
|
|
} else {
|
|
|
|
done(null, false);
|
|
|
|
}
|
|
|
|
})
|
|
|
|
.catch((err) => {
|
|
|
|
done(err);
|
|
|
|
});
|
|
|
|
}
|
|
|
|
)
|
|
|
|
);
|
|
|
|
|
|
|
|
passport.serializeUser(function (user: any, cb) {
|
|
|
|
cb(null, { id: user.id, username: user.username });
|
|
|
|
});
|
|
|
|
|
|
|
|
passport.deserializeUser(function (user: any, cb) {
|
|
|
|
cb(null, user);
|
|
|
|
});
|
|
|
|
|
2023-09-03 13:05:22 +00:00
|
|
|
export function jwtSign(payload: JWTPayload): string {
|
|
|
|
const token = jwt.sign(
|
|
|
|
{
|
|
|
|
id: payload.id,
|
|
|
|
username: payload.username,
|
|
|
|
role: payload.role,
|
|
|
|
},
|
|
|
|
jwtSecret,
|
|
|
|
{
|
|
|
|
issuer: jwtIssuer,
|
|
|
|
audience: jwtAudience,
|
|
|
|
expiresIn: '30d',
|
|
|
|
}
|
|
|
|
);
|
|
|
|
|
|
|
|
return token;
|
|
|
|
}
|
|
|
|
|
|
|
|
export function jwtVerify(token: string): JWTPayload {
|
|
|
|
const payload = jwt.verify(token, jwtSecret, {
|
2023-09-02 17:01:55 +00:00
|
|
|
issuer: jwtIssuer,
|
|
|
|
audience: jwtAudience,
|
|
|
|
});
|
|
|
|
|
2023-09-03 13:05:22 +00:00
|
|
|
return payload as JWTPayload;
|
2023-09-02 17:01:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
export function auth(): Handler {
|
|
|
|
return passport.authenticate('jwt', {
|
|
|
|
session: false,
|
|
|
|
});
|
|
|
|
}
|