Recommended
Recommended
More Related Content
Similar to auth.pdf
Similar to auth.pdf (20)
More from NuttavutThongjor1
More from NuttavutThongjor1 (20)
Recently uploaded
Recently uploaded (20)
auth.pdf
- 2. Babel Coder AUTHENTICATION & AUTHORIZATION Authentication Articles Authorization Authentication is the process of ascertaining that somebody really is who he claims to be. Authorization refers to rules that determine who is allowed to do what.
- 3. Babel Coder SESSIONS A B C 423432g2f3j23 g23hg42j4h2k3 jh3g56jh5gj333 423432g2f3j23 g23hg42j4h2k3 jh3g56jh5gj333 423432g2f3j23 g23hg42j4h2k3 jh3g56jh5gj333 stateful token stateless token
- 4. Babel Coder JSON WEB TOKEN <HEADER>.<PAYLOAD>.<SIGNATURE> JSON Web Token (JWT) is a JSON-based open standard (RFC 7519) for creating access tokens that assert some number of claims. Header { "alg": "HS256", "typ": "JWT" } base64UrlEncode eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 Payload { "sub": "1234567890", "name": "John Doe", "admin": true } base64UrlEncode eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI 6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9 Signature HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), secret )
- 5. Babel Coder PAYLOAD Subject sub This holds the identifier for the token Issued At iat When the token was issued (unix timestamp) Expiry exp The token expiry date (unix timestamp) Issuer iss The issuer of the token
- 6. Babel Coder AUTH ROUTING router.route('/auth'); router.post('/auth/sign-up', authController.register); router.post('/auth/sign-in', authController.login); router.get('/auth/profile', authController.getProfile); router.patch('/auth/profile', authController.updateProfile); router.post('/auth/refresh-token', authController.refreshToken); router.delete('/auth/sign-out', authController.signOut);
- 7. Babel Coder MIDDLEWARE import { RequestHandler } from 'express'; import passport from 'passport'; import { compose } from 'compose-middleware'; export const signUp = passport.authenticate('sign-up', { session: false }); export const signIn = passport.authenticate('sign-in', { session: false }); export const accessToken: RequestHandler = compose([ passport.initialize({ userProperty: 'userFromToken' }), passport.authenticate('access-token', { session: false, }), ]); export const refreshToken = passport.authenticate('refresh-token', { session: false, }); import { RequestHandler } from 'express'; import { Role } from '../entity/User'; import { HTTP_STATUSES } from '../helper/http-statuses'; import { accessToken } from './authenticator'; export const permitFor = (roles: Role | Role[]) => [ accessToken, authorizer(roles), ]; const authorizer = (roles: Role | Role[]): RequestHandler => (req, res, next) => { const role = req.userFromToken.role; if (Array.isArray(roles) && roles.includes(role)) return next(); if (roles === role) return next(); res.sendStatus(HTTP_STATUSES.FORBIDDEN); }; export default authorizer; Authenticator Authorizer
- 8. Babel Coder CONTROLLER const upload = multer({ dest: path.join(__dirname, 'uploads', 'users') }); export const register: RequestHandler[] = [ bodyValidator(SignUpFormDto), authenticator.signUp, async (req, res) => { res.status(HTTP_STATUSES.CREATED).json(new UserResponseDto(req.user)); }, ]; export const login: RequestHandler[] = [ authenticator.signIn, async (req, res, next) => { const user = req.user; req.login(user, { session: false }, async (error) => { if (error) return next(error); const { accessToken, refreshToken } = authService.signAndSaveTokens(user); return res .status(HTTP_STATUSES.CREATED) .json(new LoginResponseDto(accessToken, refreshToken, user)); }); }, ]; export const getProfile: RequestHandler[] = [ authenticator.accessToken, async (req, res) => { const user = await userService.getUserById(req.userFromToken.id); res.json(new UserResponseDto(user)); }, ]; export const updateProfile: RequestHandler[] = [ upload.single('avatar'), authenticator.accessToken, bodyValidator(UpdateProfileFormDto), async (req, res) => { const payload: UpdateProfileFormDto & { avatar: string } = req.body; if (req.file) payload.avatar = `uploads/users/${req.file.filename}`; const user = await userService.updateUser(req.userFromToken.id, payload); res.json(new UserResponseDto(user)); }, ]; export const refreshToken: RequestHandler[] = [ bodyValidator(RefreshTokenFormDto), authenticator.refreshToken, async (req, res) => { const user = req.user; const { accessToken, refreshToken } = authService.signAndSaveTokens(user); return res .status(HTTP_STATUSES.CREATED) .json(new LoginResponseDto(accessToken, refreshToken, user)); }, ]; export const signOut: RequestHandler[] = [ authenticator.accessToken, async (req, res) => { const user = req.user; await authService.signOut(user); res.json(new LoginResponseDto(null, null, user)); }, ];
- 9. Babel Coder SERVICE const userRepository = AppDataSource.getRepository(User); export const signAndSaveTokens = (user: User) => { const accessToken = jwt.sign( { sub: user.id, role: user.role }, config.secretKey.accessToken, { expiresIn: config.expiresIn.accessToken } ); const refreshToken = jwt.sign( { sub: user.id }, config.secretKey.accessToken, { expiresIn: config.expiresIn.refreshToken } ); user.refreshToken = refreshToken; userRepository.save(user); return { accessToken, refreshToken }; }; export const signOut = async (user: User) => { user.refreshToken = null; await userRepository.save(user); }; const userRepository = AppDataSource.getRepository(User); export const getUserById = (id: number) => { return userRepository.findOneBy({ id }); }; export const updateUser = async (id: number, form: Partial<User>) => { const currentUser = await getUserById(id); const currentAvatar = currentUser.avatar; const user = userRepository.create(form); if (user.password) await user.hashPassword(); await userRepository.update(id, user); if (user.avatar) { fs.rm(path.join(__dirname, currentAvatar), { force: true }); } return getUserById(id); }; auth user