Rework authentication system
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
104
src/auth/context/SecurityContext.ts
Normal file
104
src/auth/context/SecurityContext.ts
Normal file
@@ -0,0 +1,104 @@
|
||||
import {Inject, Injectable} from '../../di'
|
||||
import {EventBus} from '../../event/EventBus'
|
||||
import {Awaitable, Maybe} from '../../util'
|
||||
import {Authenticatable, AuthenticatableRepository} from '../types'
|
||||
import {Logging} from '../../service/Logging'
|
||||
import {UserAuthenticatedEvent} from '../event/UserAuthenticatedEvent'
|
||||
import {UserFlushedEvent} from '../event/UserFlushedEvent'
|
||||
|
||||
/**
|
||||
* Base-class for a context that authenticates users and manages security.
|
||||
*/
|
||||
@Injectable()
|
||||
export abstract class SecurityContext {
|
||||
@Inject()
|
||||
protected readonly bus!: EventBus
|
||||
|
||||
@Inject()
|
||||
protected readonly logging!: Logging
|
||||
|
||||
/** The currently authenticated user, if one exists. */
|
||||
protected authenticatedUser?: Authenticatable
|
||||
|
||||
constructor(
|
||||
/** The repository where users are persisted. */
|
||||
public readonly repository: AuthenticatableRepository,
|
||||
|
||||
/** The name of this context. */
|
||||
public readonly name: string,
|
||||
) { }
|
||||
|
||||
/**
|
||||
* Called when the context is created. Can be used by child-classes to do setup work.
|
||||
*/
|
||||
initialize(): Awaitable<void> {} // eslint-disable-line @typescript-eslint/no-empty-function
|
||||
|
||||
/**
|
||||
* Authenticate the given user, without persisting the authentication.
|
||||
* That is, when the lifecycle ends, the user will be unauthenticated implicitly.
|
||||
* @param user
|
||||
*/
|
||||
async authenticateOnce(user: Authenticatable): Promise<void> {
|
||||
this.authenticatedUser = user
|
||||
await this.bus.dispatch(new UserAuthenticatedEvent(user, this))
|
||||
}
|
||||
|
||||
/**
|
||||
* Authenticate the given user and persist the authentication.
|
||||
* @param user
|
||||
*/
|
||||
async authenticate(user: Authenticatable): Promise<void> {
|
||||
this.authenticatedUser = user
|
||||
await this.persist()
|
||||
await this.bus.dispatch(new UserAuthenticatedEvent(user, this))
|
||||
}
|
||||
|
||||
/**
|
||||
* Unauthenticate the current user, if one exists, but do not persist the change.
|
||||
*/
|
||||
async flushOnce(): Promise<void> {
|
||||
const user = this.authenticatedUser
|
||||
if ( user ) {
|
||||
this.authenticatedUser = undefined
|
||||
await this.bus.dispatch(new UserFlushedEvent(user, this))
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Unauthenticate the current user, if one exists, and persist the change.
|
||||
*/
|
||||
async flush(): Promise<void> {
|
||||
const user = this.authenticatedUser
|
||||
if ( user ) {
|
||||
this.authenticatedUser = undefined
|
||||
await this.persist()
|
||||
await this.bus.dispatch(new UserFlushedEvent(user, this))
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Assuming a user is still authenticated in the context,
|
||||
* try to look up and fill in the user.
|
||||
*/
|
||||
abstract resume(): Awaitable<void>
|
||||
|
||||
/**
|
||||
* Write the current state of the security context to whatever storage
|
||||
* medium the context's host provides.
|
||||
*/
|
||||
abstract persist(): Awaitable<void>
|
||||
|
||||
/**
|
||||
* Get the currently authenticated user, if one exists.
|
||||
*/
|
||||
getUser(): Maybe<Authenticatable> {
|
||||
return this.authenticatedUser
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns true if there is a currently authenticated user.
|
||||
*/
|
||||
hasUser(): boolean {
|
||||
return Boolean(this.authenticatedUser)
|
||||
}
|
||||
}
|
||||
39
src/auth/context/SessionSecurityContext.ts
Normal file
39
src/auth/context/SessionSecurityContext.ts
Normal file
@@ -0,0 +1,39 @@
|
||||
import {SecurityContext} from './SecurityContext'
|
||||
import {Inject, Injectable} from '../../di'
|
||||
import {Session} from '../../http/session/Session'
|
||||
import {Awaitable} from '../../util'
|
||||
import {AuthenticatableRepository} from '../types'
|
||||
import {UserAuthenticationResumedEvent} from '../event/UserAuthenticationResumedEvent'
|
||||
|
||||
export const EXTOLLO_AUTH_SESSION_KEY = '@extollo:auth.securityIdentifier'
|
||||
|
||||
/**
|
||||
* Security context implementation that uses the session as storage.
|
||||
*/
|
||||
@Injectable()
|
||||
export class SessionSecurityContext extends SecurityContext {
|
||||
@Inject()
|
||||
protected readonly session!: Session
|
||||
|
||||
constructor(
|
||||
/** The repository from which to draw users. */
|
||||
public readonly repository: AuthenticatableRepository,
|
||||
) {
|
||||
super(repository, 'session')
|
||||
}
|
||||
|
||||
persist(): Awaitable<void> {
|
||||
this.session.set(EXTOLLO_AUTH_SESSION_KEY, this.getUser()?.getIdentifier())
|
||||
}
|
||||
|
||||
async resume(): Promise<void> {
|
||||
const identifier = this.session.get(EXTOLLO_AUTH_SESSION_KEY)
|
||||
if ( identifier ) {
|
||||
const user = await this.repository.getByIdentifier(identifier)
|
||||
if ( user ) {
|
||||
this.authenticatedUser = user
|
||||
await this.bus.dispatch(new UserAuthenticationResumedEvent(user, this))
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user