70 lines
1.5 KiB
JavaScript
70 lines
1.5 KiB
JavaScript
import { allow, rule, shield } from 'graphql-shield';
|
|
import User from '../models/user.js';
|
|
import AccessToken from '../models/access-token.js';
|
|
|
|
export const isAuthenticated = async (_parent, _args, req) => {
|
|
const token = req.headers['authorization'];
|
|
|
|
if (token == null) return false;
|
|
|
|
try {
|
|
const accessToken = await AccessToken.query().findOne({
|
|
token,
|
|
revoked_at: null,
|
|
});
|
|
|
|
const expirationTime =
|
|
new Date(accessToken.createdAt).getTime() + accessToken.expiresIn * 1000;
|
|
|
|
if (Date.now() > expirationTime) {
|
|
return false;
|
|
}
|
|
|
|
const user = await accessToken.$relatedQuery('user');
|
|
|
|
req.currentUser = await User.query()
|
|
.findById(user.id)
|
|
.leftJoinRelated({
|
|
role: true,
|
|
permissions: true,
|
|
})
|
|
.withGraphFetched({
|
|
role: true,
|
|
permissions: true,
|
|
})
|
|
.throwIfNotFound();
|
|
|
|
return true;
|
|
} catch (error) {
|
|
return false;
|
|
}
|
|
};
|
|
|
|
export const authenticateUser = async (request, response, next) => {
|
|
if (await isAuthenticated(null, null, request)) {
|
|
next();
|
|
} else {
|
|
return response.status(401).end();
|
|
}
|
|
};
|
|
|
|
const isAuthenticatedRule = rule()(isAuthenticated);
|
|
|
|
export const authenticationRules = {
|
|
Mutation: {
|
|
'*': isAuthenticatedRule,
|
|
forgotPassword: allow,
|
|
login: allow,
|
|
registerUser: allow,
|
|
resetPassword: allow,
|
|
},
|
|
};
|
|
|
|
const authenticationOptions = {
|
|
allowExternalErrors: true,
|
|
};
|
|
|
|
const authentication = shield(authenticationRules, authenticationOptions);
|
|
|
|
export default authentication;
|