-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtoken.js
130 lines (115 loc) · 3.93 KB
/
token.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
/* eslint-disable linebreak-style */
/* eslint-disable no-param-reassign */
/* eslint-disable dot-notation */
/* eslint-disable no-console */
const { makeGuid } = require('./guid');
const { getAccessTokenTimeout } = require('./timeout');
const applicationId = 'afdc085b';
const tokens = [];
/**
* Generates a new token and adds it to the token list.
* @param {*} tokenKey The key to use (if undefined then auto-generated key will be created.)
* @param {*} isRefresh Boolean. true for refresh tokens.
*/
function generateToken(tokenKey, isRefresh) {
if (tokenKey === undefined || tokenKey.length < 1) {
tokenKey = `${isRefresh ? 'REFRESH' : 'ACCESS'}-${makeGuid()}`;
}
const token = {
key: tokenKey,
isRefreshToken: !!(isRefresh),
// 90 days for refresh, access tokens are significantly less (typically ~20 mins)
expires: Date.now() + (isRefresh ? 90 * 86400 : getAccessTokenTimeout()) * 1000,
};
tokens.push(token);
console.info(`Issued token: ${tokenKey}`);
return token;
}
/**
* Check if a value is a valid applicationId.
*
* @param {*} req The client request.
* @returns Boolean. true if the id was valid.
*/
function isValidApplicationId(req) {
const appId = req.headers['application-id'];
return (appId !== undefined) && appId.startsWith(applicationId);
}
/**
* Check if a value was a token.
*
* @param {*} tokenKey The key to search for.
* @returns Boolean. true if the token was issued.
*/
function isToken(tokenKey) {
return tokens.filter((t) => t.key === tokenKey
&& !t.isRefreshToken).length > 0;
}
/**
* Check if a token is still valid.
*
* @param {*} tokenKey The key to validate against.
* @returns Boolean. true is the token is still valid.
*/
function isValidToken(tokenKey) {
return tokens.filter((t) => t.key === tokenKey
&& !t.isRefreshToken && Date.now() < t.expires).length !== 0;
}
/**
* Check if a refresh token is still valid.
*
* @param {*} refreshTokenValue The key to validate against.
* @returns Boolean. true is the refresh token is still valid.
*/
function isValidRefreshToken(refreshTokenValue) {
return tokens.filter((t) => t.key === refreshTokenValue
&& t.isRefreshToken && Date.now() < t.expires).length !== 0;
}
if (process.env.FORDSIM_TOKEN) {
generateToken(process.env.FORDSIM_TOKEN);
}
/**
* Returns the access token from the request. The request should have an authorization header
* that contains the text "Bearer " followed by the access token for the API. This token should
* have been obtained via a call to the /oauth2/v2.0/token route.
*
* @param {*} req The request object.
* @returns The user provided token for accessing the API, or "AUTH-BEARER-NOT-PROVIDED".
*/
function getTokenFromRequest(req) {
// eslint-disable-next-line dot-notation
let reqToken = req.headers['authorization'];
if (reqToken && reqToken.startsWith('Bearer ')) {
reqToken = reqToken.substring(7);
} else {
reqToken = 'AUTH-BEARER-NOT-PROVIDED';
}
return reqToken;
}
/**
* Returns a boolean to indicate if the access token is expired.
*
* @param {*} req The request object.
* @returns Returns true if the token is expired or invalid, otherwise false.
*/
function isTokenExpired(req) {
const reqToken = getTokenFromRequest(req);
if (!isToken(reqToken) && process.env.NODE_ENV !== 'test') {
console.error('ERROR: The token does not match the expected value.');
return true;
}
if (isValidToken(reqToken)) {
// This should be the typical case, since client shouldn't use expired tokens.
return false;
}
if (process.env.NODE_ENV !== 'test') {
console.warn('WARN: The token has expired. Your client should look at expires_in or expires_on timestamp.');
}
return true;
}
exports.generateToken = generateToken;
exports.getTokenFromRequest = getTokenFromRequest;
exports.isValidApplicationId = isValidApplicationId;
exports.isTokenExpired = isTokenExpired;
exports.isValidRefreshToken = isValidRefreshToken;
exports.applicationId = applicationId;