Sharkey/packages/backend/src/server/api/AuthenticateService.ts

89 lines
2.5 KiB
TypeScript
Raw Normal View History

2022-09-17 21:27:08 +03:00
import { Inject, Injectable } from '@nestjs/common';
import { DI } from '@/di-symbols.js';
2022-09-20 23:33:11 +03:00
import type { AccessTokensRepository, AppsRepository, UsersRepository } from '@/models/index.js';
2023-02-13 08:50:22 +02:00
import type { LocalUser } from '@/models/entities/User.js';
2022-09-17 21:27:08 +03:00
import type { AccessToken } from '@/models/entities/AccessToken.js';
import { MemoryKVCache } from '@/misc/cache.js';
2022-09-17 21:27:08 +03:00
import type { App } from '@/models/entities/App.js';
2023-04-04 11:32:09 +03:00
import { CacheService } from '@/core/CacheService.js';
2022-09-17 21:27:08 +03:00
import isNativeToken from '@/misc/is-native-token.js';
import { bindThis } from '@/decorators.js';
2022-09-17 21:27:08 +03:00
export class AuthenticationError extends Error {
constructor(message: string) {
super(message);
this.name = 'AuthenticationError';
}
}
@Injectable()
export class AuthenticateService {
private appCache: MemoryKVCache<App>;
2022-09-17 21:27:08 +03:00
constructor(
@Inject(DI.usersRepository)
private usersRepository: UsersRepository,
@Inject(DI.accessTokensRepository)
private accessTokensRepository: AccessTokensRepository,
@Inject(DI.appsRepository)
private appsRepository: AppsRepository,
2023-04-04 11:32:09 +03:00
private cacheService: CacheService,
2022-09-17 21:27:08 +03:00
) {
this.appCache = new MemoryKVCache<App>(Infinity);
2022-09-17 21:27:08 +03:00
}
@bindThis
public async authenticate(token: string | null | undefined): Promise<[LocalUser | null, AccessToken | null]> {
2022-09-17 21:27:08 +03:00
if (token == null) {
return [null, null];
}
if (isNativeToken(token)) {
2023-04-04 11:32:09 +03:00
const user = await this.cacheService.localUserByNativeTokenCache.fetch(token,
2023-02-13 08:50:22 +02:00
() => this.usersRepository.findOneBy({ token }) as Promise<LocalUser | null>);
2022-09-17 21:27:08 +03:00
if (user == null) {
throw new AuthenticationError('user not found');
}
return [user, null];
} else {
const accessToken = await this.accessTokensRepository.findOne({
where: [{
hash: token.toLowerCase(), // app
}, {
token: token, // miauth
}],
});
if (accessToken == null) {
throw new AuthenticationError('invalid signature');
}
this.accessTokensRepository.update(accessToken.id, {
lastUsedAt: new Date(),
});
2023-04-04 11:32:09 +03:00
const user = await this.cacheService.localUserByIdCache.fetch(accessToken.userId,
2022-09-17 21:27:08 +03:00
() => this.usersRepository.findOneBy({
id: accessToken.userId,
2023-02-13 08:50:22 +02:00
}) as Promise<LocalUser>);
2022-09-17 21:27:08 +03:00
if (accessToken.appId) {
2022-09-18 21:11:50 +03:00
const app = await this.appCache.fetch(accessToken.appId,
2022-09-17 21:27:08 +03:00
() => this.appsRepository.findOneByOrFail({ id: accessToken.appId! }));
return [user, {
id: accessToken.id,
permission: app.permission,
} as AccessToken];
} else {
return [user, accessToken];
}
}
}
}