mirror of
https://github.com/umami-software/umami.git
synced 2026-02-20 20:45:39 +01:00
add jwt verifier
This commit is contained in:
Ankit Singh Tomar
parent
5d43ef8540
commit
0b1b1cdfcf
4 changed files with 35 additions and 49 deletions
|
|
@ -15,49 +15,10 @@ import {
|
|||
} from 'next-basics';
|
||||
import { NextApiRequestCollect } from 'pages/api/send';
|
||||
import { getUserById } from '../queries';
|
||||
import NextAuth from "next-auth"
|
||||
import CognitoProvider from "next-auth/providers/cognito";
|
||||
import { to } from '@react-spring/web';
|
||||
import { verifier } from './jwtVerifier';
|
||||
import { JwtExpiredError,JwtInvalidIssuerError } from "aws-jwt-verify/error";
|
||||
|
||||
|
||||
export const authOptions = {
|
||||
providers: [
|
||||
CognitoProvider({
|
||||
clientId: process.env.COGNITO_CLIENT_ID,
|
||||
clientSecret: process.env.COGNITO_CLIENT_SECRET ,
|
||||
issuer: process.env.COGNITO_DOMAIN ,
|
||||
idToken: true,
|
||||
name: 'Cognito',
|
||||
checks: 'nonce',
|
||||
}),
|
||||
],
|
||||
callbacks: {
|
||||
async jwt({ token, user, account }) {
|
||||
console.log("in next auth::::",token)
|
||||
if (account) {
|
||||
if (account['provider'] === 'cognito') {
|
||||
var tokenParsed = JSON.parse(Buffer.from(token.split('.')[1], 'base64').toString());
|
||||
console.log("token parsed",tokenParsed )
|
||||
// token.refreshToken = account?.refresh_token;
|
||||
// token.accessTokenExpires = account.expires_at * 1000;
|
||||
console.log("token parsed::::",tokenParsed['cognito:username'],tokenParsed['iat'])
|
||||
return { userId: tokenParsed['cognito:username'], iat: tokenParsed['iat'] };
|
||||
}
|
||||
}
|
||||
// Return previous token if the access token has not expired yet
|
||||
if ((Date.now()) < (token.accessTokenExpires ?? 0)) {
|
||||
return token;
|
||||
}
|
||||
|
||||
// Access token has expired, try to update it
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
export default NextAuth(authOptions)
|
||||
|
||||
const log = debug('umami:middleware');
|
||||
|
||||
export const useCors = createMiddleware(
|
||||
|
|
@ -92,19 +53,27 @@ export const useSession = createMiddleware(async (req, res, next) => {
|
|||
|
||||
export const useAuth = createMiddleware(async (req, res, next) => {
|
||||
const token = getAuthToken(req);
|
||||
//console.log("got auth token",token)
|
||||
const payload = parseSecureToken(token, secret());
|
||||
const shareToken = await parseShareToken(req as any);
|
||||
//console.log("got shareToken",shareToken);
|
||||
let cognitoPayload = {};
|
||||
if(!payload){
|
||||
cognitoPayload = await authOptions.callbacks.jwt({token:token,user:"",account:{provider:"cognito"}});
|
||||
try {
|
||||
const payload = await verifier.verify(token);
|
||||
cognitoPayload = { userId: payload['cognito:username'], iat: payload['iat'] }
|
||||
} catch(error){
|
||||
if (error instanceof JwtExpiredError) {
|
||||
console.error("JWT expired!",error.message);
|
||||
}
|
||||
|
||||
if (error instanceof JwtInvalidIssuerError) {
|
||||
console.error("JWT invalid issuer!",error.message);
|
||||
}
|
||||
|
||||
console.log('INVALID TOKEN:::::',error);
|
||||
}
|
||||
}
|
||||
console.log("cognito auth payload",cognitoPayload)
|
||||
console.log("umami auth payload ",payload);
|
||||
let user = null;
|
||||
const { userId, authKey, grant } = payload || cognitoPayload || {};
|
||||
|
||||
if (userId) {
|
||||
user = await getUserById(userId);
|
||||
} else if (redis.enabled && authKey) {
|
||||
|
|
@ -152,4 +121,6 @@ export const useValidate = async (schema, req, res) => {
|
|||
|
||||
next();
|
||||
})(req, res);
|
||||
};
|
||||
};
|
||||
|
||||
//eyJraWQiOiIxcUJBak9xbGsyeEc5Q1laM25CbXBUNWZnSjJTMXduU3dZYTIzUnhucUU0PSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiIwNmI2MjVmOS0zYTBmLTRmNjItOGQ2Ny0zZjVjYjI1ZjkyYTQiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiY3VzdG9tOnJvbGVTdGF0dXMiOiJBUFBST1ZFRCIsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy1lYXN0LTEuYW1hem9uYXdzLmNvbVwvdXMtZWFzdC0xX2dxYUMybFFqaCIsImNvZ25pdG86dXNlcm5hbWUiOiIwNmI2MjVmOS0zYTBmLTRmNjItOGQ2Ny0zZjVjYjI1ZjkyYTQiLCJnaXZlbl9uYW1lIjoiQW5raXQiLCJvcmlnaW5fanRpIjoiNTAyOTg5YTAtNDhjZi00MGY1LWI5MjEtZTA3ZmY4OTE3YzkyIiwiYXVkIjoiN2g2aGhvbXVpZnJsNWJlbWo4a25qbWIzbHUiLCJldmVudF9pZCI6ImVlYTAyYTk3LTVkMWItNGNlOC1hY2M3LTE3Y2IwMTQ5MGY5YiIsInRva2VuX3VzZSI6ImlkIiwiYXV0aF90aW1lIjoxNzA0Njg5MDM1LCJuYW1lIjoiQW5raXQgU2luZ2giLCJleHAiOjE3MDQ3MDM0MzUsImN1c3RvbTpyb2xlIjoiTk9OX1BST0ZJVCIsImlhdCI6MTcwNDY4OTAzNSwiZmFtaWx5X25hbWUiOiJTaW5naCIsImp0aSI6ImFjMTc0NWY3LWYyMGEtNDZiNS1iNmJiLThkOGU5Nzg4ZGUzNiIsImVtYWlsIjoiYXN0LmFua2l0MTAxOUBnbWFpbC5jb20ifQ.VkkVpcKi1DCtSLosSigqYFSfvotfMdFtpuNQBzotEF0EspxDgwbTcLLWpmw9zNp2A7s_s2wo2u6NnUhtJDt-VWhkPU0EvTuPkKldiviPej4i41jx6xNbeW7j9954sAvAxnbdyyXOFOfBrODyLR3OPpaZhR_VbB2ay5nFrp1IiDBG8OgHHO-Ca7kVTO0DznXwqzCdp82a8Tmlk4-Nej_nkIGuQmD1nAiUAk0IO7rmWA4lY377PZW4XEEC13K0ziM-lP5B6chp2SuycxcAeDBc-Yk_QcpumH2jpLy6pPee8Ehup7IHKsA28_4W7H1CTwxoNwviHI1k-jhQLzYiusn69g
|
||||
Loading…
Add table
Add a link
Reference in a new issue