watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-20 20:45:39 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
umami/src/lib/middleware.ts
Ankit Singh Tomar 5d43ef8540 auth flow
2024-01-10 10:59:23 +05:30

155 lines
No EOL
4.1 KiB
TypeScript
Raw Blame History

import cors from 'cors';
import debug from 'debug';
import redis from '@umami/redis-client';
import { getAuthToken, parseShareToken } from 'lib/auth';
import { ROLES } from 'lib/constants';
import { secret } from 'lib/crypto';
import { findSession } from 'lib/session';
import {
badRequest,
createMiddleware,
forbidden,
parseSecureToken,
tooManyRequest,
unauthorized,
} from 'next-basics';
import { NextApiRequestCollect } from 'pages/api/send';
import { getUserById } from '../queries';
import NextAuth from "next-auth"
import CognitoProvider from "next-auth/providers/cognito";
import { to } from '@react-spring/web';
export const authOptions = {
providers: [
CognitoProvider({
clientId: process.env.COGNITO_CLIENT_ID,
clientSecret: process.env.COGNITO_CLIENT_SECRET ,
issuer: process.env.COGNITO_DOMAIN ,
idToken: true,
name: 'Cognito',
checks: 'nonce',
}),
],
callbacks: {
async jwt({ token, user, account }) {
console.log("in next auth::::",token)
if (account) {
if (account['provider'] === 'cognito') {
var tokenParsed = JSON.parse(Buffer.from(token.split('.')[1], 'base64').toString());
console.log("token parsed",tokenParsed )
// token.refreshToken = account?.refresh_token;
// token.accessTokenExpires = account.expires_at * 1000;
console.log("token parsed::::",tokenParsed['cognito:username'],tokenParsed['iat'])
return { userId: tokenParsed['cognito:username'], iat: tokenParsed['iat'] };
}
}
// Return previous token if the access token has not expired yet
if ((Date.now()) < (token.accessTokenExpires ?? 0)) {
return token;
}
// Access token has expired, try to update it
},
}
}
export default NextAuth(authOptions)
const log = debug('umami:middleware');
export const useCors = createMiddleware(
cors({
// Cache CORS preflight request 24 hours by default
maxAge: Number(process.env.CORS_MAX_AGE) || 86400,
}),
);
export const useSession = createMiddleware(async (req, res, next) => {
try {
const session = await findSession(req as NextApiRequestCollect);
if (!session) {
log('useSession: Session not found');
return badRequest(res, 'Session not found.');
}
(req as any).session = session;
} catch (e: any) {
if (e.message === 'Usage Limit.') {
return tooManyRequest(res, e.message);
}
if (e.message.startsWith('Website not found:')) {
return forbidden(res, e.message);
}
return badRequest(res, e.message);
}
next();
});
export const useAuth = createMiddleware(async (req, res, next) => {
const token = getAuthToken(req);
//console.log("got auth token",token)
const payload = parseSecureToken(token, secret());
const shareToken = await parseShareToken(req as any);
//console.log("got shareToken",shareToken);
let cognitoPayload = {};
if(!payload){
cognitoPayload = await authOptions.callbacks.jwt({token:token,user:"",account:{provider:"cognito"}});
}
console.log("cognito auth payload",cognitoPayload)
console.log("umami auth payload ",payload);
let user = null;
const { userId, authKey, grant } = payload || cognitoPayload || {};
if (userId) {
user = await getUserById(userId);
} else if (redis.enabled && authKey) {
const key = await redis.client.get(authKey);
if (key?.userId) {
user = await getUserById(key.userId);
}
}
if (process.env.NODE_ENV === 'development') {
log('useAuth:', { token, shareToken, payload, user, grant });
}
if (!user?.id && !shareToken) {
log('useAuth: User not authorized');
return unauthorized(res);
}
if (user) {
user.isAdmin = user.role === ROLES.admin;
}
(req as any).auth = {
user,
grant,
token,
shareToken,
authKey,
};
next();
});
export const useValidate = async (schema, req, res) => {
return createMiddleware(async (req: any, res, next) => {
try {
const rules = schema[req.method];
if (rules) {
rules.validateSync({ ...req.query, ...req.body });
}
} catch (e: any) {
return badRequest(res, e.message);
}
next();
})(req, res);
};
Reference in a new issue View git blame Copy permalink