Rework authentication system

src/auth/middleware/AuthRequiredMiddleware.ts

@@ -1,6 +1,6 @@
 import {Middleware} from '../../http/routing/Middleware'
 import {Inject, Injectable} from '../../di'
-import {SecurityContext} from '../SecurityContext'
+import {SecurityContext} from '../context/SecurityContext'
 import {ResponseObject} from '../../http/routing/Route'
 import {error} from '../../http/response/ErrorResponseFactory'
 import {NotAuthorizedError} from '../NotAuthorizedError'
@@ -9,6 +9,8 @@ import {redirect} from '../../http/response/RedirectResponseFactory'
 import {Routing} from '../../service/Routing'
 import {Session} from '../../http/session/Session'
 
+// TODO handle JSON and non-web
+
 @Injectable()
 export class AuthRequiredMiddleware extends Middleware {
     @Inject()
@@ -22,7 +24,7 @@ export class AuthRequiredMiddleware extends Middleware {
 
     async apply(): Promise<ResponseObject> {
         if ( !this.security.hasUser() ) {
-            this.session.set('auth.intention', this.request.url)
+            this.session.set('@extollo:auth.intention', this.request.url)
 
             if ( this.routing.hasNamedRoute('@auth.login') ) {
                 return redirect(this.routing.getNamedPath('@auth.login').toRemote)

src/auth/middleware/GuestRequiredMiddleware.ts

@@ -1,6 +1,6 @@
 import {Middleware} from '../../http/routing/Middleware'
 import {Inject, Injectable} from '../../di'
-import {SecurityContext} from '../SecurityContext'
+import {SecurityContext} from '../context/SecurityContext'
 import {ResponseObject} from '../../http/routing/Route'
 import {error} from '../../http/response/ErrorResponseFactory'
 import {NotAuthorizedError} from '../NotAuthorizedError'
@@ -8,6 +8,8 @@ import {HTTPStatus} from '../../util'
 import {Routing} from '../../service/Routing'
 import {redirect} from '../../http/response/RedirectResponseFactory'
 
+// TODO handle JSON and non-web
+
 @Injectable()
 export class GuestRequiredMiddleware extends Middleware {
     @Inject()

src/auth/middleware/SessionAuthMiddleware.ts

@@ -1,13 +1,13 @@
 import {Middleware} from '../../http/routing/Middleware'
-import {Inject, Injectable} from '../../di'
-import {ResponseObject} from '../../http/routing/Route'
+import {Inject, Injectable, Instantiable} from '../../di'
 import {Config} from '../../service/Config'
-import {AuthenticatableRepository} from '../types'
-import {SessionSecurityContext} from '../contexts/SessionSecurityContext'
-import {SecurityContext} from '../SecurityContext'
-import {ORMUserRepository} from '../orm/ORMUserRepository'
-import {AuthConfig, AuthenticatableRepositories} from '../config'
 import {Logging} from '../../service/Logging'
+import {AuthenticatableRepository} from '../types'
+import {Maybe} from '../../util'
+import {AuthenticationConfig, isAuthenticationConfig} from '../config'
+import {ResponseObject} from '../../http/routing/Route'
+import {SessionSecurityContext} from '../context/SessionSecurityContext'
+import {SecurityContext} from '../context/SecurityContext'
 
 /**
  * Injects a SessionSecurityContext into the request and attempts to
@@ -22,7 +22,7 @@ export class SessionAuthMiddleware extends Middleware {
     protected readonly logging!: Logging
 
     async apply(): Promise<ResponseObject> {
-        this.logging.debug('Applying session auth middleware...')
+        this.logging.debug('Applying session auth middleware.')
         const context = <SessionSecurityContext> this.make(SessionSecurityContext, this.getRepository())
         this.request.registerSingletonInstance(SecurityContext, context)
         await context.resume()
@@ -33,8 +33,12 @@ export class SessionAuthMiddleware extends Middleware {
      * @protected
      */
     protected getRepository(): AuthenticatableRepository {
-        const config: AuthConfig | undefined = this.config.get('auth')
-        const repo: typeof AuthenticatableRepository = AuthenticatableRepositories[config?.repositories?.session ?? 'orm']
-        return this.make<AuthenticatableRepository>(repo ?? ORMUserRepository)
+        const config: Maybe<AuthenticationConfig> = this.config.get('auth')
+        if ( !isAuthenticationConfig(config) ) {
+            throw new TypeError('Invalid authentication config.')
+        }
+
+        const repo: Instantiable<AuthenticatableRepository> = config.storage
+        return this.make(repo)
     }
 }