diff --git a/package-lock.json b/package-lock.json index 305e19d..10df644 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14,10 +14,12 @@ "cors": "^2.8.5", "express": "^4.18.2", "graphql": "^16.8.1", - "graphql-tag": "^2.12.6" + "graphql-tag": "^2.12.6", + "jsonwebtoken": "^9.0.2" }, "devDependencies": { "@types/cors": "^2.8.17", + "@types/jsonwebtoken": "^9.0.6", "@types/node": "^20.11.21", "@typescript-eslint/parser": "^7.1.0", "eslint": "^8.54.0", @@ -772,6 +774,15 @@ "integrity": "sha512-dRLjCWHYg4oaA77cxO64oO+7JwCwnIzkZPdrrC71jQmQtlhM556pwKo5bUzqvZndkVbeFLIIi+9TC40JNF5hNQ==", "dev": true }, + "node_modules/@types/jsonwebtoken": { + "version": "9.0.6", + "resolved": "https://registry.npmjs.org/@types/jsonwebtoken/-/jsonwebtoken-9.0.6.tgz", + "integrity": "sha512-/5hndP5dCjloafCXns6SZyESp3Ldq7YjH3zwzwczYnjxIT0Fqzk5ROSYVGfFyczIue7IUEj8hkvLbPoLQ18vQw==", + "dev": true, + "dependencies": { + "@types/node": "*" + } + }, "node_modules/@types/long": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/@types/long/-/long-4.0.2.tgz", @@ -1409,6 +1420,11 @@ "node": ">=8" } }, + "node_modules/buffer-equal-constant-time": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", + "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==" + }, "node_modules/bundle-name": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/bundle-name/-/bundle-name-3.0.0.tgz", @@ -1785,6 +1801,14 @@ "node": ">=6.0.0" } }, + "node_modules/ecdsa-sig-formatter": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz", + "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==", + "dependencies": { + "safe-buffer": "^5.0.1" + } + }, "node_modules/ee-first": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", @@ -3594,6 +3618,32 @@ "json5": "lib/cli.js" } }, + "node_modules/jsonwebtoken": { + "version": "9.0.2", + "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz", + "integrity": "sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==", + "dependencies": { + "jws": "^3.2.2", + "lodash.includes": "^4.3.0", + "lodash.isboolean": "^3.0.3", + "lodash.isinteger": "^4.0.4", + "lodash.isnumber": "^3.0.3", + "lodash.isplainobject": "^4.0.6", + "lodash.isstring": "^4.0.1", + "lodash.once": "^4.0.0", + "ms": "^2.1.1", + "semver": "^7.5.4" + }, + "engines": { + "node": ">=12", + "npm": ">=6" + } + }, + "node_modules/jsonwebtoken/node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" + }, "node_modules/jsx-ast-utils": { "version": "3.3.5", "resolved": "https://registry.npmjs.org/jsx-ast-utils/-/jsx-ast-utils-3.3.5.tgz", @@ -3610,6 +3660,25 @@ "node": ">=4.0" } }, + "node_modules/jwa": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.1.tgz", + "integrity": "sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==", + "dependencies": { + "buffer-equal-constant-time": "1.0.1", + "ecdsa-sig-formatter": "1.0.11", + "safe-buffer": "^5.0.1" + } + }, + "node_modules/jws": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz", + "integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==", + "dependencies": { + "jwa": "^1.4.1", + "safe-buffer": "^5.0.1" + } + }, "node_modules/keyv": { "version": "4.5.4", "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", @@ -3667,12 +3736,47 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/lodash.includes": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz", + "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==" + }, + "node_modules/lodash.isboolean": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", + "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==" + }, + "node_modules/lodash.isinteger": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", + "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==" + }, + "node_modules/lodash.isnumber": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", + "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==" + }, + "node_modules/lodash.isplainobject": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", + "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==" + }, + "node_modules/lodash.isstring": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz", + "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==" + }, "node_modules/lodash.merge": { "version": "4.6.2", "resolved": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==", "dev": true }, + "node_modules/lodash.once": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", + "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==" + }, "node_modules/lodash.sortby": { "version": "4.7.0", "resolved": "https://registry.npmjs.org/lodash.sortby/-/lodash.sortby-4.7.0.tgz", @@ -3712,7 +3816,6 @@ "version": "6.0.0", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", - "dev": true, "dependencies": { "yallist": "^4.0.0" }, @@ -4773,7 +4876,6 @@ "version": "7.6.0", "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.0.tgz", "integrity": "sha512-EnwXhrlwXMk9gKu5/flx5sv/an57AkRplG3hTK68W7FRDN+k+OWBj65M7719OkA82XLBxrcX0KSHj+X5COhOVg==", - "dev": true, "dependencies": { "lru-cache": "^6.0.0" }, @@ -5560,8 +5662,7 @@ "node_modules/yallist": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", - "dev": true + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" }, "node_modules/yn": { "version": "3.1.1", diff --git a/package.json b/package.json index 29be187..f0c50d9 100644 --- a/package.json +++ b/package.json @@ -23,10 +23,12 @@ "cors": "^2.8.5", "express": "^4.18.2", "graphql": "^16.8.1", - "graphql-tag": "^2.12.6" + "graphql-tag": "^2.12.6", + "jsonwebtoken": "^9.0.2" }, "devDependencies": { "@types/cors": "^2.8.17", + "@types/jsonwebtoken": "^9.0.6", "@types/node": "^20.11.21", "@typescript-eslint/parser": "^7.1.0", "eslint": "^8.54.0", diff --git a/src/util/authToken.ts b/src/util/authToken.ts new file mode 100644 index 0000000..20bfa04 --- /dev/null +++ b/src/util/authToken.ts @@ -0,0 +1,129 @@ +/** + * Express.js middleware for authentication token verification. + * Retrieves token from cookies, verifies it, and sends authentication context. + */ +import express from "express"; +import jwt from "jsonwebtoken"; + +// Configuration +const secretKey = "top secret"; // Secret key for JWT signing and verification + +/** + * Represents an optional value of type T. + */ +export type Optional = T | null | undefined; + +/** + * Represents a JWT token. + */ +export type Token = string; + +/** + * Represents a decoded JWT token. + */ +export type DecodedToken = any; + +/** + * Represents the response from a token creation operation. + */ +export type CreateTokenResponse = { + /** Indicates whether the token creation was successful. */ + ok: boolean; + /** The body of the token if creation was successful. */ + body: Optional; + /** An error object if an error occurred during token creation. */ + error: Optional; +}; + +/** + * Represents the response from a token verification operation. + */ +export type VerifyTokenResponse = { + /** Indicates whether the token verification was successful. */ + ok: boolean; + /** The decoded body of the token if verification was successful. */ + body: Optional; + /** An error object if an error occurred during token verification. */ + error: Optional; +}; + +/** + * Represents the context for authentication operations. + */ +export type Context = { + /** The authentication verification response. */ + auth: VerifyTokenResponse; +}; + +/** + * Creates a JWT token with the provided data. + * @param data - The data to be encoded into the token. + * @param durationOfToken - Optional. Duration for which the token will be valid (default is "1h"). + * @returns The response indicating the success or failure of token creation. + */ +export function createToken(data: any, durationOfToken: string = "1h"): CreateTokenResponse { + const token = jwt.sign(data, secretKey, { + expiresIn: durationOfToken, + }); + + return { + ok: true, + body: token, + error: undefined, + }; +} + +/** + * Verifies the authenticity of a JWT token. + * @param token - The token to be verified. + * @returns The response indicating the success or failure of token verification. + */ +export function verifyToken(token: Token): VerifyTokenResponse { + try { + const decodedToken: DecodedToken = jwt.verify(token, secretKey); + return { + ok: true, + body: decodedToken, + error: undefined, + }; + } catch (e) { + return { + ok: false, + body: undefined, + error: e, + }; + } +} + +/** + * Express router for token authentication + */ +export const authTokenRouter = express.Router(); + +/** + * Middleware function to handle token authentication. + * Retrieves token from cookies, verifies it, and sends authentication context. + * @param req - The Express request object. Assumes that there exists req.cookies.token + * @param res - The Express response object. + * @param next - The next middleware function in the request-response cycle. + */ +authTokenRouter.use((req, res, next) => { + try { + const { token } = req.cookies; // Retrieve token from cookies + const context: Context = { + auth: verifyToken(token), // Verify token and create authentication context + }; + res.send(context); // Send authentication context in the response + next(); + } catch (e) { + const context: Context = { + auth: { + ok: false, + body: undefined, + error: e, + } as VerifyTokenResponse, + }; + res.send(context); // Send error authentication context in case of exceptions + next(); + } +});