node-red/packages/node_modules/@node-red/editor-api/lib/auth/tokens.js

/**
 * Copyright JS Foundation and other contributors, http://js.foundation
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 **/

function generateToken(length) {
    var c = "ABCDEFGHIJKLMNOPQRSTUZWXYZabcdefghijklmnopqrstuvwxyz1234567890";
    var token = [];
    for (var i=0;i<length;i++) {
        token.push(c[Math.floor(Math.random()*c.length)]);
    }
    return token.join("");
}


var storage;
var sessionExpiryTime
var sessions = {};
var loadedSessions = null;
var apiAccessTokens;
var sessionExpiryListeners = [];
var expiryTimeout;

function expireSessions() {
    if (expiryTimeout) {
        clearTimeout(expiryTimeout);
        expiryTimeout = null;
    }
    var nextExpiry = Number.MAX_SAFE_INTEGER;
    var now = Date.now();
    var modified = false;
    for (var t in sessions) {
        if (sessions.hasOwnProperty(t)) {
            var session = sessions[t];
            if (!session.hasOwnProperty("expires") || session.expires < now) {
                sessionExpiryListeners.forEach(listener => { listener(session) })
                delete sessions[t];
                modified = true;
            } else {
                if (session.expires < nextExpiry) {
                    nextExpiry = session.expires;
                }
            }
        }
    }
    if (nextExpiry < Number.MAX_SAFE_INTEGER) {
        // Allow 5 seconds grace
        expiryTimeout = setTimeout(expireSessions,Math.min(2147483647,(nextExpiry - Date.now()) + 5000))
    }
    if (modified) {
        return storage.saveSessions(sessions);
    } else {
        return Promise.resolve();
    }
}
function loadSessions() {
    if (loadedSessions === null) {
        loadedSessions = storage.getSessions().then(function(_sessions) {
             sessions = _sessions||{};
             return expireSessions();
        });
    }
    return loadedSessions;
}

module.exports = {
    init: function(adminAuthSettings, _storage) {
        storage = _storage;

        sessionExpiryListeners = [];

        sessionExpiryTime = adminAuthSettings.sessionExpiryTime || 604800; // 1 week in seconds
        // At this point, storage will not have been initialised, so defer loading
        // the sessions until there's a request for them.
        loadedSessions = null;

        apiAccessTokens = {};
        if ( Array.isArray(adminAuthSettings.tokens) ) {
            apiAccessTokens = adminAuthSettings.tokens.reduce(function(prev, current) {
                prev[current.token] = {
                    user: current.user,
                    scope: current.scope
                };
                return prev;
            }, {});
        }
        return Promise.resolve();
    },
    get: function(token) {
        return loadSessions().then(function() {
            var info = apiAccessTokens[token] || null;

            if (info) {
                return Promise.resolve(info);
            } else {
                if (sessions[token]) {
                    if (sessions[token].expires < Date.now()) {
                        return expireSessions().then(function() { return null });
                    }
                }
                return Promise.resolve(sessions[token]);
            }
        });
    },
    create: function(user,client,scope) {
        return loadSessions().then(function() {
            var accessToken = generateToken(128);

            var accessTokenExpiresAt = Date.now() + (sessionExpiryTime*1000);

            var session = {
                user:user,
                client:client,
                scope:scope,
                accessToken: accessToken,
                expires: accessTokenExpiresAt
            };
            sessions[accessToken] = session;

            if (!expiryTimeout) {
                expiryTimeout = setTimeout(expireSessions,Math.min(2147483647,(accessTokenExpiresAt - Date.now()) + 5000))
            }

            return storage.saveSessions(sessions).then(function() {
                return {
                    accessToken: accessToken,
                    expires_in: sessionExpiryTime
                }
            });
        });
    },
    revoke: function(token) {
        return loadSessions().then(function() {
            delete sessions[token];
            return storage.saveSessions(sessions);
        });
    },
    onSessionExpiry: function(callback) {
        sessionExpiryListeners.push(callback);
    }
}
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`/**`
Update copyright header for JS Foundation 2017-01-11 16:24:33 +01:00			`* Copyright JS Foundation and other contributors, http://js.foundation`
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`**/`

			`function generateToken(length) {`
			`var c = "ABCDEFGHIJKLMNOPQRSTUZWXYZabcdefghijklmnopqrstuvwxyz1234567890";`
			`var token = [];`
			`for (var i=0;i<length;i++) {`
			`token.push(c[Math.floor(Math.random()*c.length)]);`
			`}`
			`return token.join("");`
			`}`


Move sessionStorageModule into main storageModule Fixes #586 - add get/saveSessions to main storage module - handle storage modules without those functions - store .session file in userDir 2015-03-14 00:37:59 +01:00			`var storage;`
Add access_token expiry 2015-03-30 15:14:32 +02:00			`var sessionExpiryTime`
Move sessionStorageModule into main storageModule Fixes #586 - add get/saveSessions to main storage module - handle storage modules without those functions - store .session file in userDir 2015-03-14 00:37:59 +01:00			`var sessions = {};`
Defer loading of token sessions until they are accessed Fixes #895 2016-05-31 15:39:50 +02:00			`var loadedSessions = null;`
Merge the logic for api access token to tokens.js so as not to change strategies.js 2018-07-11 02:25:01 +02:00			`var apiAccessTokens;`
Actively expire login sesssions and notify user 2018-12-11 12:32:12 +01:00			`var sessionExpiryListeners = [];`
			`var expiryTimeout;`
Merge the logic for api access token to tokens.js so as not to change strategies.js 2018-07-11 02:25:01 +02:00
Add access_token expiry 2015-03-30 15:14:32 +02:00			`function expireSessions() {`
Actively expire login sesssions and notify user 2018-12-11 12:32:12 +01:00			`if (expiryTimeout) {`
			`clearTimeout(expiryTimeout);`
			`expiryTimeout = null;`
			`}`
			`var nextExpiry = Number.MAX_SAFE_INTEGER;`
Add access_token expiry 2015-03-30 15:14:32 +02:00			`var now = Date.now();`
			`var modified = false;`
			`for (var t in sessions) {`
			`if (sessions.hasOwnProperty(t)) {`
			`var session = sessions[t];`
			`if (!session.hasOwnProperty("expires") \|\| session.expires < now) {`
Actively expire login sesssions and notify user 2018-12-11 12:32:12 +01:00			`sessionExpiryListeners.forEach(listener => { listener(session) })`
Add access_token expiry 2015-03-30 15:14:32 +02:00			`delete sessions[t];`
			`modified = true;`
Actively expire login sesssions and notify user 2018-12-11 12:32:12 +01:00			`} else {`
			`if (session.expires < nextExpiry) {`
			`nextExpiry = session.expires;`
			`}`
Add access_token expiry 2015-03-30 15:14:32 +02:00			`}`
			`}`
			`}`
Actively expire login sesssions and notify user 2018-12-11 12:32:12 +01:00			`if (nextExpiry < Number.MAX_SAFE_INTEGER) {`
			`// Allow 5 seconds grace`
Ensure session expiry timeout doesn't exceed limit 2019-07-06 17:34:48 +02:00			`expiryTimeout = setTimeout(expireSessions,Math.min(2147483647,(nextExpiry - Date.now()) + 5000))`
Actively expire login sesssions and notify user 2018-12-11 12:32:12 +01:00			`}`
Add access_token expiry 2015-03-30 15:14:32 +02:00			`if (modified) {`
			`return storage.saveSessions(sessions);`
			`} else {`
Allow adminAuth.user to be a Function Fixes #1461 2018-01-24 00:08:11 +01:00			`return Promise.resolve();`
Add access_token expiry 2015-03-30 15:14:32 +02:00			`}`
			`}`
Defer loading of token sessions until they are accessed Fixes #895 2016-05-31 15:39:50 +02:00			`function loadSessions() {`
			`if (loadedSessions === null) {`
			`loadedSessions = storage.getSessions().then(function(_sessions) {`
			`sessions = _sessions\|\|{};`
			`return expireSessions();`
			`});`
			`}`
			`return loadedSessions;`
			`}`
Add access_token expiry 2015-03-30 15:14:32 +02:00
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`module.exports = {`
Update the implementation according to the Design notes 2018-09-11 18:44:18 +02:00			`init: function(adminAuthSettings, _storage) {`
Move sessionStorageModule into main storageModule Fixes #586 - add get/saveSessions to main storage module - handle storage modules without those functions - store .session file in userDir 2015-03-14 00:37:59 +01:00			`storage = _storage;`
Actively expire login sesssions and notify user 2018-12-11 12:32:12 +01:00
			`sessionExpiryListeners = [];`

Add access_token expiry 2015-03-30 15:14:32 +02:00			`sessionExpiryTime = adminAuthSettings.sessionExpiryTime \|\| 604800; // 1 week in seconds`
Defer loading of token sessions until they are accessed Fixes #895 2016-05-31 15:39:50 +02:00			`// At this point, storage will not have been initialised, so defer loading`
			`// the sessions until there's a request for them.`
			`loadedSessions = null;`
Merge the logic for api access token to tokens.js so as not to change strategies.js 2018-07-11 02:25:01 +02:00
			`apiAccessTokens = {};`
Update the implementation according to the Design notes 2018-09-11 18:44:18 +02:00			`if ( Array.isArray(adminAuthSettings.tokens) ) {`
			`apiAccessTokens = adminAuthSettings.tokens.reduce(function(prev, current) {`
Merge the logic for api access token to tokens.js so as not to change strategies.js 2018-07-11 02:25:01 +02:00			`prev[current.token] = {`
Update the implementation according to the Design notes 2018-09-11 18:44:18 +02:00			`user: current.user,`
			`scope: current.scope`
Merge the logic for api access token to tokens.js so as not to change strategies.js 2018-07-11 02:25:01 +02:00			`};`
			`return prev;`
			`}, {});`
			`}`
Allow adminAuth.user to be a Function Fixes #1461 2018-01-24 00:08:11 +01:00			`return Promise.resolve();`
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`},`
			`get: function(token) {`
Defer loading of token sessions until they are accessed Fixes #895 2016-05-31 15:39:50 +02:00			`return loadSessions().then(function() {`
Merge the logic for api access token to tokens.js so as not to change strategies.js 2018-07-11 02:25:01 +02:00			`var info = apiAccessTokens[token] \|\| null;`

			`if (info) {`
			`return Promise.resolve(info);`
			`} else {`
			`if (sessions[token]) {`
			`if (sessions[token].expires < Date.now()) {`
			`return expireSessions().then(function() { return null });`
			`}`
Defer loading of token sessions until they are accessed Fixes #895 2016-05-31 15:39:50 +02:00			`}`
Merge the logic for api access token to tokens.js so as not to change strategies.js 2018-07-11 02:25:01 +02:00			`return Promise.resolve(sessions[token]);`
Add access_token expiry 2015-03-30 15:14:32 +02:00			`}`
Defer loading of token sessions until they are accessed Fixes #895 2016-05-31 15:39:50 +02:00			`});`
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`},`
			`create: function(user,client,scope) {`
Defer loading of token sessions until they are accessed Fixes #895 2016-05-31 15:39:50 +02:00			`return loadSessions().then(function() {`
			`var accessToken = generateToken(128);`

			`var accessTokenExpiresAt = Date.now() + (sessionExpiryTime*1000);`

			`var session = {`
			`user:user,`
			`client:client,`
			`scope:scope,`
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`accessToken: accessToken,`
Defer loading of token sessions until they are accessed Fixes #895 2016-05-31 15:39:50 +02:00			`expires: accessTokenExpiresAt`
			`};`
			`sessions[accessToken] = session;`
Actively expire login sesssions and notify user 2018-12-11 12:32:12 +01:00
			`if (!expiryTimeout) {`
Ensure session expiry timeout doesn't exceed limit 2019-07-06 17:34:48 +02:00			`expiryTimeout = setTimeout(expireSessions,Math.min(2147483647,(accessTokenExpiresAt - Date.now()) + 5000))`
Actively expire login sesssions and notify user 2018-12-11 12:32:12 +01:00			`}`

Defer loading of token sessions until they are accessed Fixes #895 2016-05-31 15:39:50 +02:00			`return storage.saveSessions(sessions).then(function() {`
			`return {`
			`accessToken: accessToken,`
			`expires_in: sessionExpiryTime`
			`}`
			`});`
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`});`
			`},`
			`revoke: function(token) {`
Defer loading of token sessions until they are accessed Fixes #895 2016-05-31 15:39:50 +02:00			`return loadSessions().then(function() {`
			`delete sessions[token];`
			`return storage.saveSessions(sessions);`
			`});`
Actively expire login sesssions and notify user 2018-12-11 12:32:12 +01:00			`},`
			`onSessionExpiry: function(callback) {`
			`sessionExpiryListeners.push(callback);`
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`}`
			`}`