首页 发现 帮助
注册 登录
Apq
/
nginx-proxy-manager
镜像自地址 https://github.com/NginxProxyManager/nginx-proxy-manager.git
1
0
派生 0
文件 工单管理 0 Wiki
目录树: 906ce8ced2
分支列表 标签列表
nginx-proxy-man...
/
backend
/
models
/
token.js

token.js 3.0 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140 
  1. /**
    2. 

  2.  NOTE: This is not a database table, this is a model of a Token object that can be created/loaded
    3. 

  3.  and then has abilities after that.
    4. 

  4.  */
    5. 

  5. 

  6. import crypto from "node:crypto";
    7. 

  7. import jwt from "jsonwebtoken";
    8. 

  8. import _ from "lodash";
    9. 

  9. import { getPrivateKey, getPublicKey } from "../lib/config.js";
    10. 

  10. import errs from "../lib/error.js";
    11. 

  11. import { global as logger } from "../logger.js";
    12. 

  12. 

  13. const ALGO = "RS256";
    14. 

  14. 

  15. export default () => {
    16. 

  16. 	let tokenData = {};
    17. 

  17. 

  18. 	const self = {
    19. 

  19. 		/**
    20. 

  20. 		 * @param {Object}  payload
    21. 

  21. 		 * @returns {Promise}
    22. 

  22. 		 */
    23. 

  23. 		create: (payload) => {
    24. 

  24. 			if (!getPrivateKey()) {
    25. 

  25. 				logger.error("Private key is empty!");
    26. 

  26. 			}
    27. 

  27. 			// sign with RSA SHA256
    28. 

  28. 			const options = {
    29. 

  29. 				algorithm: ALGO,
    30. 

  30. 				expiresIn: payload.expiresIn || "1d",
    31. 

  31. 			};
    32. 

  32. 

  33. 			payload.jti = crypto.randomBytes(12).toString("base64").substring(-8);
    34. 

  34. 

  35. 			return new Promise((resolve, reject) => {
    36. 

  36. 				jwt.sign(payload, getPrivateKey(), options, (err, token) => {
    37. 

  37. 					if (err) {
    38. 

  38. 						reject(err);
    39. 

  39. 					} else {
    40. 

  40. 						tokenData = payload;
    41. 

  41. 						resolve({
    42. 

  42. 							token: token,
    43. 

  43. 							payload: payload,
    44. 

  44. 						});
    45. 

  45. 					}
    46. 

  46. 				});
    47. 

  47. 			});
    48. 

  48. 		},
    49. 

  49. 

  50. 		/**
    51. 

  51. 		 * @param {String} token
    52. 

  52. 		 * @returns {Promise}
    53. 

  53. 		 */
    54. 

  54. 		load: (token) => {
    55. 

  55. 			if (!getPublicKey()) {
    56. 

  56. 				logger.error("Public key is empty!");
    57. 

  57. 			}
    58. 

  58. 			return new Promise((resolve, reject) => {
    59. 

  59. 				try {
    60. 

  60. 					if (!token || token === null || token === "null") {
    61. 

  61. 						reject(new errs.AuthError("Empty token"));
    62. 

  62. 					} else {
    63. 

  63. 						jwt.verify(
    64. 

  64. 							token,
    65. 

  65. 							getPublicKey(),
    66. 

  66. 							{ ignoreExpiration: false, algorithms: [ALGO] },
    67. 

  67. 							(err, result) => {
    68. 

  68. 								if (err) {
    69. 

  69. 									if (err.name === "TokenExpiredError") {
    70. 

  70. 										reject(new errs.AuthError("Token has expired", err));
    71. 

  71. 									} else {
    72. 

  72. 										reject(err);
    73. 

  73. 									}
    74. 

  74. 								} else {
    75. 

  75. 									tokenData = result;
    76. 

  76. 

  77. 									// Hack: some tokens out in the wild have a scope of 'all' instead of 'user'.
    78. 

  78. 									// For 30 days at least, we need to replace 'all' with user.
    79. 

  79. 									if (
    80. 

  80. 										typeof tokenData.scope !== "undefined" &&
    81. 

  81. 										_.indexOf(tokenData.scope, "all") !== -1
    82. 

  82. 									) {
    83. 

  83. 										tokenData.scope = ["user"];
    84. 

  84. 									}
    85. 

  85. 

  86. 									resolve(tokenData);
    87. 

  87. 								}
    88. 

  88. 							},
    89. 

  89. 						);
    90. 

  90. 					}
    91. 

  91. 				} catch (err) {
    92. 

  92. 					reject(err);
    93. 

  93. 				}
    94. 

  94. 			});
    95. 

  95. 		},
    96. 

  96. 

  97. 		/**
    98. 

  98. 		 * Does the token have the specified scope?
    99. 

  99. 		 *
    100. 

  100. 		 * @param   {String}  scope
    101. 

  101. 		 * @returns {Boolean}
    102. 

  102. 		 */
    103. 

  103. 		hasScope: (scope) => typeof tokenData.scope !== "undefined" && _.indexOf(tokenData.scope, scope) !== -1,
    104. 

  104. 

  105. 		/**
    106. 

  106. 		 * @param  {String}  key
    107. 

  107. 		 * @return {*}
    108. 

  108. 		 */
    109. 

  109. 		get: (key) => {
    110. 

  110. 			if (typeof tokenData[key] !== "undefined") {
    111. 

  111. 				return tokenData[key];
    112. 

  112. 			}
    113. 

  113. 

  114. 			return null;
    115. 

  115. 		},
    116. 

  116. 

  117. 		/**
    118. 

  118. 		 * @param  {String}  key
    119. 

  119. 		 * @param  {*}       value
    120. 

  120. 		 */
    121. 

  121. 		set: (key, value) => {
    122. 

  122. 			tokenData[key] = value;
    123. 

  123. 		},
    124. 

  124. 

  125. 		/**
    126. 

  126. 		 * @param   [defaultValue]
    127. 

  127. 		 * @returns {Integer}
    128. 

  128. 		 */
    129. 

  129. 		getUserId: (defaultValue) => {
    130. 

  130. 			const attrs = self.get("attrs");
    131. 

  131. 			if (attrs?.id) {
    132. 

  132. 				return attrs.id;
    133. 

  133. 			}
    134. 

  134. 

  135. 			return defaultValue || 0;
    136. 

  136. 		},
    137. 

  137. 	};
    138. 

  138. 

  139. 	return self;
    140. 

  140. };
    141.