api/middleware/RequireAuthMiddleware.ts

/*
 * This file is part of SudoBot.
 *
 * Copyright (C) 2021-2023 OSN Developers.
 *
 * SudoBot is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * SudoBot is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
 */

import { NextFunction, Response } from "express";
import jwt from "jsonwebtoken";
import type Client from "../../core/Client";
import { log } from "../../utils/Logger";
import Request from "../Request";

export default async function RequireAuthMiddleware(
    client: Client,
    fetchUser: boolean = true,
    request: Request,
    response: Response,
    next: NextFunction
) {
    if (!request.headers.authorization) {
        response.status(401).json({
            error: "No authorization header found in the request"
        });

        return;
    }

    const [type, token] = request.headers.authorization.split(/\s+/);

    if (type.toLowerCase() !== "bearer") {
        response.status(401).json({
            error: "Only bearer tokens are supported"
        });

        return;
    }

    try {
        const info = jwt.verify(token, process.env.JWT_SECRET!, {
            issuer: process.env.JWT_ISSUER ?? "SudoBot",
            subject: "Temporary API token for authenticated user",
            complete: true
        });

        const payload = info.payload as {
            userId: number;
        };

        log(info, payload);

        if (!payload?.userId) {
            throw new Error("ID not found");
        }

        if (!fetchUser) {
            request.userId = payload.userId;
            next();
            return;
        }

        const user = await client.prisma.user.findFirst({
            where: {
                id: payload.userId,
                token
            }
        });

        if (!user || Date.now() > (user?.tokenExpiresAt?.getTime() ?? 0)) {
            throw new Error();
        }

        request.userId = user.id;
        request.user = user;
        next();
    } catch (e) {
        log(e);

        response.status(401).json({
            error: "Invalid API token"
        });

        return;
    }
}
1	/*
2	* This file is part of SudoBot.
3	*
4	* Copyright (C) 2021-2023 OSN Developers.
5	*
6	* SudoBot is free software; you can redistribute it and/or modify it
7	* under the terms of the GNU Affero General Public License as published by
8	* the Free Software Foundation, either version 3 of the License, or
9	* (at your option) any later version.
10	*
11	* SudoBot is distributed in the hope that it will be useful, but
12	* WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	* GNU Affero General Public License for more details.
15	*
16	* You should have received a copy of the GNU Affero General Public License
17	* along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
18	*/
19
20	import { NextFunction, Response } from "express";
21	import jwt from "jsonwebtoken";
22	import type Client from "../../core/Client";
23	import { log } from "../../utils/Logger";
24	import Request from "../Request";
25
26	export default async function RequireAuthMiddleware(
27	client: Client,
28	fetchUser: boolean = true,
29	request: Request,
30	response: Response,
31	next: NextFunction
32	) {
33	if (!request.headers.authorization) {
34	response.status(401).json({
35	error: "No authorization header found in the request"
36	});
37
38	return;
39	}
40
41	const [type, token] = request.headers.authorization.split(/\s+/);
42
43	if (type.toLowerCase() !== "bearer") {
44	response.status(401).json({
45	error: "Only bearer tokens are supported"
46	});
47
48	return;
49	}
50
51	try {
52	const info = jwt.verify(token, process.env.JWT_SECRET!, {
53	issuer: process.env.JWT_ISSUER ?? "SudoBot",
54	subject: "Temporary API token for authenticated user",
55	complete: true
56	});
57
58	const payload = info.payload as {
59	userId: number;
60	};
61
62	log(info, payload);
63
64	if (!payload?.userId) {
65	throw new Error("ID not found");
66	}
67
68	if (!fetchUser) {
69	request.userId = payload.userId;
70	next();
71	return;
72	}
73
74	const user = await client.prisma.user.findFirst({
75	where: {
76	id: payload.userId,
77	token
78	}
79	});
80
81	if (!user \|\| Date.now() > (user?.tokenExpiresAt?.getTime() ?? 0)) {
82	throw new Error();
83	}
84
85	request.userId = user.id;
86	request.user = user;
87	next();
88	} catch (e) {
89	log(e);
90
91	response.status(401).json({
92	error: "Invalid API token"
93	});
94
95	return;
96	}
97	}