/
index.js
62 lines (48 loc) · 1.76 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
'use strict';
const unless = require('koa-unless');
const verify = require('./verify');
const getSecret = require('./get-secret');
const resolveAuthHeader = require('./resolvers/auth-header');
const resolveCookies = require('./resolvers/cookie');
module.exports = (opts = {}) => {
const { debug, getToken, isRevoked, key='user', passthrough, tokenKey } = opts;
const tokenResolvers = [resolveCookies, resolveAuthHeader];
if (getToken && typeof getToken === 'function') {
tokenResolvers.unshift(getToken);
}
const middleware = async function jwt(ctx, next) {
let token;
tokenResolvers.find(resolver => token = resolver(ctx, opts));
if (!token && !passthrough) {
ctx.throw(401, debug ? 'Token not found' : 'Authentication Error');
}
let { state: { secret = opts.secret } } = ctx;
try {
if(typeof secret === 'function') {
secret = await getSecret(secret, token);
}
if (!secret) {
ctx.throw(401, 'Secret not provided');
}
const decodedToken = await verify(token, secret, opts);
if (isRevoked) {
const tokenRevoked = await isRevoked(ctx, decodedToken, token);
if (tokenRevoked) {
throw new Error('Token revoked');
}
}
ctx.state[key] = decodedToken;
if (tokenKey) {
ctx.state[tokenKey] = token;
}
} catch (e) {
if (!passthrough) {
const msg = debug ? e.message : 'Authentication Error';
ctx.throw(401, msg);
}
}
return next();
};
middleware.unless = unless;
return middleware;
};