feat: Add new accessToken utils

2019-02-20 23:02:51 +00:00
parent 36c4737998
commit 2f944b3aed
2 changed files with 277 additions and 0 deletions
--- a/api-server/server/utils/getSetAccessToken.js
+++ b/api-server/server/utils/getSetAccessToken.js
@ -0,0 +1,76 @@
+import jwt from 'jsonwebtoken';
+import { isBefore } from 'date-fns';
+
+import { jwtSecret as _jwtSecret } from '../../../config/secrets';
+
+export const authHeaderNS = 'X-fcc-access-token';
+export const jwtCookieNS = 'jwt_access_token';
+
+export function createCookieConfig(req) {
+  return {
+    signed: !!req.signedCookies,
+    domain: process.env.COOKIE_DOMAIN || 'localhost'
+  };
+}
+
+export function setAccessTokenToResponse(
+  { accessToken },
+  req,
+  res,
+  jwtSecret = _jwtSecret
+) {
+  const cookieConfig = {
+    ...createCookieConfig(req),
+    maxAge: accessToken.ttl || 77760000000
+  };
+  const jwtAccess = jwt.sign({ accessToken }, jwtSecret);
+  res.cookie(jwtCookieNS, jwtAccess, cookieConfig);
+  res.cookie('access_token', accessToken.id, cookieConfig);
+  res.cookie('userId', accessToken.userId, cookieConfig);
+  return;
+}
+
+export function getAccessTokenFromRequest(req, jwtSecret = _jwtSecret) {
+  const maybeToken =
+    (req.headers && req.headers[authHeaderNS]) ||
+    (req.signedCookies && req.signedCookies[jwtCookieNS]) ||
+    (req.cookie && req.cookie[jwtCookieNS]);
+  if (!maybeToken) {
+    return {
+      accessToken: null,
+      error: errorTypes.noTokenFound
+    };
+  }
+  let token;
+  try {
+    token = jwt.verify(maybeToken, jwtSecret);
+  } catch (err) {
+    return { accessToken: null, error: errorTypes.invalidToken };
+  }
+
+  const { accessToken } = token;
+  const { created, ttl } = accessToken;
+  const valid = isBefore(Date.now(), Date.parse(created) + ttl);
+  if (!valid) {
+    return {
+      accessToken: null,
+      error: errorTypes.expiredToken
+    };
+  }
+  return { accessToken, error: '', jwt: maybeToken };
+}
+
+export function removeCookies(req, res) {
+  const config = createCookieConfig(req);
+  res.clearCookie(jwtCookieNS, config);
+  res.clearCookie('access_token', config);
+  res.clearCookie('userId', config);
+  res.clearCookie('_csrf', config);
+  return;
+}
+
+export const errorTypes = {
+  noTokenFound: 'No token found',
+  invalidToken: 'Invalid token',
+  expiredToken: 'Token timed out'
+};