import {inject, Provider} from '@loopback/context';
import {repository} from '@loopback/repository';
import {HttpErrors, Request} from '@loopback/rest';
import {verify} from 'jsonwebtoken';
import {VerifyFunction} from 'loopback4-authentication';
import moment from 'moment';
import {ILogger, LOGGER} from '../../logger-extension';
import {IAuthUserWithPermissions} from '../keys';
import {RevokedTokenRepository} from '../repositories';
export class FacadesBearerTokenVerifyProvider
implements Provider<VerifyFunction.BearerFn>
{
constructor(
@repository(RevokedTokenRepository)
public revokedTokenRepository: RevokedTokenRepository,
@inject(LOGGER.LOGGER_INJECT) private readonly logger: ILogger,
) {}
value(): VerifyFunction.BearerFn {
return async (token: string, req?: Request) => {
try {
const isRevoked = await this.revokedTokenRepository.get(token);
if (isRevoked?.token) {
throw new HttpErrors.Unauthorized('TokenRevoked');
}
} catch (error) {
if (HttpErrors.HttpError.prototype.isPrototypeOf(error)) {
throw error;
}
this.logger.error('Revoked token repository not available !');
}
let user: IAuthUserWithPermissions;
try {
user = verify(token, process.env.JWT_SECRET as string, {
issuer: process.env.JWT_ISSUER,
algorithms: ['HS256'],
}) as IAuthUserWithPermissions;
} catch (error) {
this.logger.error(JSON.stringify(error));
throw new HttpErrors.Unauthorized('TokenExpired');
}
if (
user.passwordExpiryTime &&
moment().isSameOrAfter(moment(user.passwordExpiryTime))
) {
throw new HttpErrors.Unauthorized('PasswordExpiryError');
}
return user;
};
}
}
