Next up is JWT, and finish local tests
This commit is contained in:
thosakwe
parent
9ca503df9c
commit
30d5293612
5 changed files with 45 additions and 8 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
|
@ -85,3 +85,4 @@ fabric.properties
|
|||
|
||||
# Don't commit pubspec lock file
|
||||
# (Library packages only! Remove pattern if developing an application package)
|
||||
.idea
|
||||
|
|
@ -14,6 +14,8 @@ part 'middleware/serialization.dart';
|
|||
|
||||
part 'strategies/local.dart';
|
||||
|
||||
part 'strategies/token.dart';
|
||||
|
||||
part 'strategies/oauth2.dart';
|
||||
|
||||
_validateString(String str) {
|
||||
|
|
|
|||
|
|
@ -3,11 +3,30 @@ part of angel_auth;
|
|||
/// Restricts access to a resource via authentication.
|
||||
Future<bool> requireAuth(RequestContext req, ResponseContext res,
|
||||
{bool throws: true}) async {
|
||||
reject() {
|
||||
if (throws) {
|
||||
res.status(HttpStatus.UNAUTHORIZED);
|
||||
throw new AngelHttpException.Forbidden();
|
||||
} else
|
||||
return false;
|
||||
}
|
||||
|
||||
if (req.session.containsKey('userId'))
|
||||
return true;
|
||||
else if (throws) {
|
||||
res.status(HttpStatus.UNAUTHORIZED);
|
||||
throw new AngelHttpException.Forbidden();
|
||||
}
|
||||
else return false;
|
||||
}
|
||||
else if (req.headers.value("Authorization") != null) {
|
||||
var jwt = req.headers
|
||||
.value("Authorization")
|
||||
.replaceAll(new RegExp(r"^Bearer", caseSensitive: false), "")
|
||||
.trim();
|
||||
|
||||
var split = jwt.split(".");
|
||||
if (split.length != 3) return reject();
|
||||
|
||||
Map header = JSON.decode(UTF8.decode(BASE64URL.decode(split[0])));
|
||||
|
||||
if (header['typ'] != "JWT" || header['alg'] != "HS256") return reject();
|
||||
|
||||
Map payload = JSON.decode(UTF8.decode(BASE64URL.decode(split[1])));
|
||||
} else
|
||||
return reject();
|
||||
}
|
||||
|
|
|
|||
15
lib/strategies/token.dart
Normal file
15
lib/strategies/token.dart
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
part of angel_auth;
|
||||
|
||||
class JwtAuthStrategy extends AuthStrategy {
|
||||
|
||||
@override
|
||||
Future authenticate(RequestContext req, ResponseContext res,
|
||||
[AngelAuthOptions options]) {
|
||||
|
||||
}
|
||||
|
||||
@override
|
||||
Future<bool> canLogout(RequestContext req, ResponseContext res) {
|
||||
|
||||
}
|
||||
}
|
||||
|
|
@ -4,8 +4,8 @@ version: 1.0.0-dev+5
|
|||
author: Tobe O <thosakwe@gmail.com>
|
||||
homepage: https://github.com/angel-dart/angel_auth
|
||||
dependencies:
|
||||
angel_framework: ">=0.0.0-dev < 0.1.0"
|
||||
crypto: ">= 1.1.1 < 2.0.0"
|
||||
angel_framework: ">=1.0.0-dev <2.0.0"
|
||||
crypto: ">=2.0.0 <3.0.0"
|
||||
oauth2: ">= 1.0.2 < 2.0.0"
|
||||
dev_dependencies:
|
||||
http: ">= 0.11.3 < 0.12.0"
|
||||
|
|
|
|||
Loading…
Reference in a new issue