Adding a new endpoint to verify the JWT token server-side before connecting

2020-10-15 16:48:42 +02:00 · 2020-10-15 16:48:42 +02:00 · a348001036
commit a348001036
parent 36d73333f5
2 changed files with 59 additions and 8 deletions
--- a/back/src/Controller/AuthenticateController.ts
+++ b/back/src/Controller/AuthenticateController.ts
@ -3,6 +3,7 @@ import {HttpRequest, HttpResponse, TemplatedApp} from "uWebSockets.js";
 import {BaseController} from "./BaseController";
 import {adminApi} from "../Services/AdminApi";
 import {jwtTokenManager} from "../Services/JWTTokenManager";
+import {parse} from "query-string";

 export interface TokenInterface {
    userUuid: string
@ -13,11 +14,12 @@ export class AuthenticateController extends BaseController {
    constructor(private App : TemplatedApp) {
        super();
        this.register();
+        this.verify();
        this.anonymLogin();
    }

    //Try to login with an admin token
-    register(){
+    private register(){
        this.App.options("/register", (res: HttpResponse, req: HttpRequest) => {
            this.addCorsHeaders(res);

@ -36,7 +38,7 @@ export class AuthenticateController extends BaseController {

                //todo: what to do if the organizationMemberToken is already used?
                const organizationMemberToken:string|null = param.organizationMemberToken;
-                
+
                try {
                    if (typeof organizationMemberToken != 'string') throw new Error('No organization token');
                    const data = await adminApi.fetchMemberDataByToken(organizationMemberToken);
@ -68,8 +70,41 @@ export class AuthenticateController extends BaseController {

    }

+    private verify(){
+        this.App.options("/verify", (res: HttpResponse, req: HttpRequest) => {
+            this.addCorsHeaders(res);
+
+            res.end();
+        });
+
+        this.App.get("/verify", (res: HttpResponse, req: HttpRequest) => {
+            (async () => {
+                this.addCorsHeaders(res);
+
+                const query = parse(req.getQuery());
+
+                res.onAborted(() => {
+                    console.warn('verify request was aborted');
+                })
+
+                try {
+                    await jwtTokenManager.createJWTToken(query.token as string);
+                } catch (e) {
+                    res.writeStatus("400 Bad Request").end(JSON.stringify({
+                        "success": false,
+                        "message": "Invalid JWT token"
+                    }));
+                }
+                res.writeStatus("200 OK").end(JSON.stringify({
+                    "success": true
+                }));
+            })();
+        });
+
+    }
+
    //permit to login on application. Return token to connect on Websocket IO.
-    anonymLogin(){
+    private anonymLogin(){
        this.App.options("/anonymLogin", (res: HttpResponse, req: HttpRequest) => {
            this.addCorsHeaders(res);