shishantbiswas/bknd
1
0
Fork 0
mirror of https://github.com/shishantbiswas/bknd.git synced 2026-03-16 12:37:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add integration tests for auth, improve auth middleware and cookies handling

Browse Source
This commit is contained in:
dswbx
2025-01-11 10:52:31 +01:00
parent 0d945ab45b
commit c732566f63
7 changed files with 276 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/src/auth/authenticate/Authenticator.ts
View File

@@ -67,6 +67,9 @@ export const cookieConfig = Type.Partial(
{ default: {}, additionalProperties: false }
);
// @todo: maybe add a config to not allow cookie/api tokens to be used interchangably?
// see auth.integration test for further details
export const jwtConfig = Type.Object(
{
// @todo: autogenerate a secret if not present. But it must be persisted from AppAuth
@@ -139,7 +142,7 @@ export class Authenticator<Strategies extends Record<string, Strategy> = Record<
}
// @todo: determine what to do exactly
__setUserNull() {
resetUser() {
this._user = undefined;
}
@@ -203,8 +206,8 @@ export class Authenticator<Strategies extends Record<string, Strategy> = Record<
this._user = omit(payload, ["iat", "exp", "iss"]) as SafeUser;
return true;
} catch (e) {
this._user = undefined;
console.error(e);
this.resetUser();
//console.error(e);
}
return false;
@@ -222,10 +225,8 @@ export class Authenticator<Strategies extends Record<string, Strategy> = Record<
private async getAuthCookie(c: Context): Promise<string | undefined> {
try {
const secret = this.config.jwt.secret;
const token = await getSignedCookie(c, secret, "auth");
if (typeof token !== "string") {
await deleteCookie(c, "auth", this.cookieOptions);
return undefined;
}
@@ -253,12 +254,17 @@ export class Authenticator<Strategies extends Record<string, Strategy> = Record<
await setSignedCookie(c, "auth", token, secret, this.cookieOptions);
}
private async deleteAuthCookie(c: Context) {
await deleteCookie(c, "auth", this.cookieOptions);
}
async logout(c: Context) {
const cookie = await this.getAuthCookie(c);
if (cookie) {
await deleteCookie(c, "auth", this.cookieOptions);
await this.deleteAuthCookie(c);
await addFlashMessage(c, "Signed out", "info");
}
this.resetUser();
}
// @todo: move this to a server helper