Trang chủ Khám phá Trợ giúp
Đăng nhập
hostbbq
/
express-starter
3
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu khéo về 0 Wiki
Tree: a004ede07d
Branches Tags
express-star...
/
src
/
handlers
/
lib
/
handler-base.class.ts

handler-base.class.ts 4.1 KB
Lịch sử Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124 
  1. import csurf from 'csurf';
    2. 

  2. import { createHash } from 'crypto';
    3. 

  3. import { NextFunction, Request, Response, Router, RouterOptions, json as jsonBodyParser } from 'express';
    4. 

  4. import moment from 'moment';
    5. 

  5. 

  6. import { ChatController } from '../../controllers/chat-controller.class';
    7. 

  7. import { ControllerPool } from '../../controllers/lib/controller-pool.interface';
    8. 

  8. import { AuthenticationException } from '../../model/err/authentication.exception';
    9. 

  9. import { SessionHandler } from './session-handler.class';
    10. 

  10. 

  11. const STATIC_USERS = {
    12. 

  12.   testuser: 'bc2d5cc456b81caa403661411cc72a309c39677d035b74b713a5ba02412d9eff' // pass1234
    13. 

  13. };
    14. 

  14. 

  15. export abstract class HandlerBase implements ControllerPool {
    16. 

  16.   private _router: Router;
    17. 

  17.   private _chatCtrl?: ChatController;
    18. 

  18. 

  19.   constructor(private sessionHandler?: SessionHandler, auth?: boolean, options?: RouterOptions) {
    20. 

  20.     this._router = Router(options);
    21. 

  21. 

  22.     if (this.sessionHandler) {
    23. 

  23.       this._router.use(this.sessionHandler.handler);
    24. 

  24.       if (auth) {
    25. 

  25.         this._router.use(this.authHandler.bind(this));
    26. 

  26.       }
    27. 

  27.     }
    28. 

  28.   }
    29. 

  29. 

  30.   public get router(): Router {
    31. 

  31.     return this._router;
    32. 

  32.   }
    33. 

  33. 

  34.   public get chat(): ChatController {
    35. 

  35.     if (!this._chatCtrl) {
    36. 

  36.       this._chatCtrl = new ChatController(this);
    37. 

  37.     }
    38. 

  38.     return this._chatCtrl;
    39. 

  39.   }
    40. 

  40. 

  41.   protected avoidCache = (req, res, next) => {
    42. 

  42.     res.setHeader('Expires', 'Mon, 26 Jul 1997 05:00:00 GMT');
    43. 

  43.     res.setHeader('Last-Modified', `${moment().format('ddd, DD MMM YYYY HH:mm:ss')} CEST`);
    44. 

  44.     res.setHeader('Cache-Control', 'no-cache, max-age=0, must-revalidate, no-store');
    45. 

  45.     res.setHeader('Pragma', 'no-cache');
    46. 

  46. 

  47.     next();
    48. 

  48.   };
    49. 

  49. 

  50.   protected csrf(options?: { ignorePath: string[] }) {
    51. 

  51.     options = {
    52. 

  52.       ignorePath: [],
    53. 

  53.       ...options
    54. 

  54.     };
    55. 

  55.     return (req, res, next) => {
    56. 

  56.       if (options.ignorePath.includes(req.path)) {
    57. 

  57.         return next();
    58. 

  58.       }
    59. 

  59.       csurf({
    60. 

  60.         ignoreMethods: ['GET', 'HEAD', 'OPTIONS']
    61. 

  61.       })(req, res, (err?: any) => {
    62. 

  62.         if (err) return next(err);
    63. 

  63.         const proto = req.get('x-forwarded-proto') || req.protocol;
    64. 

  64.         res.cookie('XSRF-TOKEN', req.csrfToken(), {
    65. 

  65.           httpOnly: false,
    66. 

  66.           secure: proto === 'https',
    67. 

  67.           sameSite: 'strict'
    68. 

  68.         });
    69. 

  69.         next();
    70. 

  70.       });
    71. 

  71.     };
    72. 

  72.   }
    73. 

  73. 

  74.   private async authHandler(
    75. 

  75.     req: Request<any, any, any, any, Record<string, any>>,
    76. 

  76.     res: Response<any, Record<string, any>>,
    77. 

  77.     next: NextFunction
    78. 

  78.   ): Promise<void> {
    79. 

  79.     // Is there already a recovered session available -> skip auth handling
    80. 

  80.     if (req.session && req.session.user) {
    81. 

  81.       return next();
    82. 

  82.     }
    83. 

  83. 

  84.     // Login Requests Handling
    85. 

  85.     let loginUser, loginPass;
    86. 

  86.     if (req.method === 'POST' && req.body && req.body.user && req.body.password) {
    87. 

  87.       // JSON Post Body Login
    88. 

  88.       loginUser = req.body.user;
    89. 

  89.       loginPass = req.body.password;
    90. 

  90.     } else if (process.env.ENABLE_BASIC_AUTH && req.header('Authorization')?.substring(0, 5).toLowerCase() === 'basic') {
    91. 

  91.       // Basic Auth Login ( ^- Enable only for DEV)
    92. 

  92.       [loginUser, loginPass] = Buffer.from(req.header('Authorization').substring(6), 'base64').toString().split(':');
    93. 

  93.       if (!process.env.UNIT_TEST_MODE) console.log('[INFO]', 'Authenticating via Basic Auth: ', loginUser);
    94. 

  94.     }
    95. 

  95. 

  96.     if (loginUser && loginPass) {
    97. 

  97.       try {
    98. 

  98.         // --------------------------------------------- //
    99. 

  99.         // TODO: Implement your "real" login here.
    100. 

  100.         // This is just an example implementation based
    101. 

  101.         // on a STATIC_USERS array defined above ;)
    102. 

  102.         // --------------------------------------------- //
    103. 

  103. 

  104.         const pass = STATIC_USERS[loginUser];
    105. 

  105.         if (pass && pass === HandlerBase.hashPassword(loginPass)) {
    106. 

  106.           req.session.user = loginUser; // Hint: you can even store complex object types in a session, not just a string
    107. 

  107.           req.session.save();
    108. 

  108.           return next();
    109. 

  109.         }
    110. 

  110.       } catch (e) {
    111. 

  111.         return next(e);
    112. 

  112.       }
    113. 

  113.     }
    114. 

  114. 

  115.     next(new AuthenticationException('No Session / Session Expired'));
    116. 

  116.   }
    117. 

  117. 

  118.   public static hashPassword(password: string, salt?: string): string {
    119. 

  119.     if (!salt) {
    120. 

  120.       salt = process.env.PASSWORD_SALT;
    121. 

  121.     }
    122. 

  122.     return createHash('sha256').update(`${salt}${password}`).digest('hex');
    123. 

  123.   }
    124. 

  124. }
    125.