loopback/lib/models/access-token.js

/**
 * Module Dependencies.
 */

var Model = require('../loopback').Model
  , loopback = require('../loopback')
  , assert = require('assert')
  , crypto = require('crypto')
  , uid = require('uid2')
  , DEFAULT_TTL = 1209600 // 2 weeks in seconds
  , DEFAULT_TOKEN_LEN = 64
  , Role = require('./role').Role
  , ACL = require('./acl').ACL;

/**
 * Default AccessToken properties.
 */

var properties = {
  id: {type: String, generated: true, id: 1},
  ttl: {type: Number, ttl: true, default: DEFAULT_TTL}, // time to live in seconds
  created: {type: Date, default: function() {
    return new Date();
  }}
};

/**
 * Extends from the built in `loopback.Model` type.
 */

var AccessToken = module.exports = Model.extend('AccessToken', properties, {
  acls: [
    {
      principalType: ACL.ROLE,
      principalId: Role.EVERYONE,
      permission: 'DENY'
    },
    {
      principalType: ACL.ROLE,
      principalId: Role.EVERYONE,
      property: 'create',
      permission: 'ALLOW'
    }
  ]
});

AccessToken.ANONYMOUS = new AccessToken({id: '$anonymous'});

/**
 * Create a cryptographically random access token id.
 * 
 * @param {Function} callback
 */

AccessToken.createAccessTokenId = function (fn) {
  uid(this.settings.accessTokenIdLength || DEFAULT_TOKEN_LEN, function(err, guid) {
    if(err) {
      fn(err);
    } else {
      fn(null, guid);
    }
  });
}

/*!
 * Hook to create accessToken id.
 */

AccessToken.beforeCreate = function (next, data) {
  data = data || {};
  
  AccessToken.createAccessTokenId(function (err, id) {
    if(err) {
      next(err);
    } else {
      data.id = id;

      next();
    }
  });
}

/**
 * Find a token for the given `ServerRequest`.
 *
 * @param {ServerRequest} req
 * @param {Object} [options] Options for finding the token
 * @param {Function} callback Calls back with a token if one exists otherwise null or an error.
 */

AccessToken.findForRequest = function(req, options, cb) {
  var id = tokenIdForRequest(req, options);

  if(id) {
    this.findById(id, function(err, token) {
      if(err) {
        cb(err);
      } else {
        token.validate(function(err, isValid) {
          if(err) {
            cb(err);
          } else if(isValid) {
            cb(null, token);
          } else {
            cb(new Error('Invalid Access Token'));
          }
        });
      }
    });
  } else {
    process.nextTick(function() {
      cb();
    });
  }
}

AccessToken.prototype.validate = function(cb) {
  try {
    assert(
      this.created && typeof this.created.getTime === 'function',
      'token.created must be a valid Date'
    );
    assert(this.ttl !== 0, 'token.ttl must be not be 0');
    assert(this.ttl, 'token.ttl must exist');
    assert(this.ttl >= -1, 'token.ttl must be >= -1');

    var now = Date.now();
    var created = this.created.getTime();
    var elapsedSeconds = (now - created) / 1000;
    var secondsToLive = this.ttl;
    var isValid = elapsedSeconds < secondsToLive;

    if(isValid) {
      cb(null, isValid);
    } else {
      this.destroy(function(err) {
        cb(err, isValid);
      });
    }
  } catch(e) {
    cb(e);
  }
}

function tokenIdForRequest(req, options) {
  var params = options.params || [];
  var headers = options.headers || [];
  var cookies = options.cookies || [];
  var i = 0;
  var length;
  var id;

  params.push('access_token');
  headers.push('X-Access-Token');
  headers.push('authorization');
  cookies.push('access_token');
  cookies.push('authorization');

  for(length = params.length; i < length; i++) {
    id = req.param(params[i]);

    if(typeof id === 'string') {
      return id;
    }
  }

  for(i = 0, length = headers.length; i < length; i++) {
    id = req.header(headers[i]);

    if(typeof id === 'string') {
      return id;
    }
  }

  for(i = 0, length = headers.length; i < length; i++) {
    id = req.signedCookies[cookies[i]];

    if(typeof id === 'string') {
      return id;
    }
  }

  return null;
}
Initial users 2013-07-02 23:51:38 +00:00			`/**`
			`* Module Dependencies.`
			`*/`

rename asteroid to loopback 2013-07-16 17:49:25 +00:00			`var Model = require('../loopback').Model`
			`, loopback = require('../loopback')`
Update AccessToken and User relationship - Add created default - Default TTLs for user login access tokens - Break out User / AccessToken relationship 2013-11-15 02:34:51 +00:00			`, assert = require('assert')`
Add loopback.token() middleware 2013-11-14 21:01:47 +00:00			`, crypto = require('crypto')`
Update session / token documentation 2013-11-14 23:27:36 +00:00			`, uid = require('uid2')`
Update AccessToken and User relationship - Add created default - Default TTLs for user login access tokens - Break out User / AccessToken relationship 2013-11-15 02:34:51 +00:00			`, DEFAULT_TTL = 1209600 // 2 weeks in seconds`
Initial auth implementation 2013-11-15 04:19:46 +00:00			`, DEFAULT_TOKEN_LEN = 64`
Allow requests without auth tokens 2013-12-10 23:57:55 +00:00			`, Role = require('./role').Role`
Initial auth implementation 2013-11-15 04:19:46 +00:00			`, ACL = require('./acl').ACL;`
Initial users 2013-07-02 23:51:38 +00:00
			`/**`
Rename Session => AccessToken 2013-11-13 19:49:08 +00:00			`* Default AccessToken properties.`
Initial users 2013-07-02 23:51:38 +00:00			`*/`

			`var properties = {`
Fix the id and property access 2013-10-04 22:51:48 +00:00			`id: {type: String, generated: true, id: 1},`
Update AccessToken and User relationship - Add created default - Default TTLs for user login access tokens - Break out User / AccessToken relationship 2013-11-15 02:34:51 +00:00			`ttl: {type: Number, ttl: true, default: DEFAULT_TTL}, // time to live in seconds`
			`created: {type: Date, default: function() {`
			`return new Date();`
			`}}`
Initial users 2013-07-02 23:51:38 +00:00			`};`

			`/**`
rename asteroid to loopback 2013-07-16 17:49:25 +00:00			* Extends from the built in `loopback.Model` type.
Initial users 2013-07-02 23:51:38 +00:00			`*/`

Allow requests without auth tokens 2013-12-10 23:57:55 +00:00			`var AccessToken = module.exports = Model.extend('AccessToken', properties, {`
			`acls: [`
			`{`
			`principalType: ACL.ROLE,`
			`principalId: Role.EVERYONE,`
			`permission: 'DENY'`
			`},`
			`{`
			`principalType: ACL.ROLE,`
			`principalId: Role.EVERYONE,`
			`property: 'create',`
			`permission: 'ALLOW'`
			`}`
			`]`
			`});`

			`AccessToken.ANONYMOUS = new AccessToken({id: '$anonymous'});`
Create 64 byte session ids 2013-07-12 22:47:58 +00:00
			`/**`
Rename Session => AccessToken 2013-11-13 19:49:08 +00:00			`* Create a cryptographically random access token id.`
Create 64 byte session ids 2013-07-12 22:47:58 +00:00			`*`
			`* @param {Function} callback`
			`*/`

Rename Session => AccessToken 2013-11-13 19:49:08 +00:00			`AccessToken.createAccessTokenId = function (fn) {`
Update session / token documentation 2013-11-14 23:27:36 +00:00			`uid(this.settings.accessTokenIdLength \|\| DEFAULT_TOKEN_LEN, function(err, guid) {`
Create 64 byte session ids 2013-07-12 22:47:58 +00:00			`if(err) {`
			`fn(err);`
			`} else {`
Update session / token documentation 2013-11-14 23:27:36 +00:00			`fn(null, guid);`
Create 64 byte session ids 2013-07-12 22:47:58 +00:00			`}`
			`});`
			`}`

			`/*!`
Rename Session => AccessToken 2013-11-13 19:49:08 +00:00			`* Hook to create accessToken id.`
Create 64 byte session ids 2013-07-12 22:47:58 +00:00			`*/`

Rename Session => AccessToken 2013-11-13 19:49:08 +00:00			`AccessToken.beforeCreate = function (next, data) {`
Create 64 byte session ids 2013-07-12 22:47:58 +00:00			`data = data \|\| {};`

Rename Session => AccessToken 2013-11-13 19:49:08 +00:00			`AccessToken.createAccessTokenId(function (err, id) {`
Create 64 byte session ids 2013-07-12 22:47:58 +00:00			`if(err) {`
			`next(err);`
			`} else {`
			`data.id = id;`
Added AccessToken created property 2013-11-15 00:47:24 +00:00
Create 64 byte session ids 2013-07-12 22:47:58 +00:00			`next();`
			`}`
			`});`
Fix bundle model name casing 2013-11-11 21:35:54 +00:00			`}`
Add loopback.token() middleware 2013-11-14 21:01:47 +00:00
			`/**`
			* Find a token for the given `ServerRequest`.
			`*`
			`* @param {ServerRequest} req`
			`* @param {Object} [options] Options for finding the token`
			`* @param {Function} callback Calls back with a token if one exists otherwise null or an error.`
			`*/`

			`AccessToken.findForRequest = function(req, options, cb) {`
			`var id = tokenIdForRequest(req, options);`

			`if(id) {`
Update AccessToken and User relationship - Add created default - Default TTLs for user login access tokens - Break out User / AccessToken relationship 2013-11-15 02:34:51 +00:00			`this.findById(id, function(err, token) {`
			`if(err) {`
			`cb(err);`
			`} else {`
			`token.validate(function(err, isValid) {`
			`if(err) {`
			`cb(err);`
			`} else if(isValid) {`
			`cb(null, token);`
			`} else {`
			`cb(new Error('Invalid Access Token'));`
			`}`
			`});`
			`}`
			`});`
Add loopback.token() middleware 2013-11-14 21:01:47 +00:00			`} else {`
			`process.nextTick(function() {`
			`cb();`
			`});`
			`}`
			`}`

Update AccessToken and User relationship - Add created default - Default TTLs for user login access tokens - Break out User / AccessToken relationship 2013-11-15 02:34:51 +00:00			`AccessToken.prototype.validate = function(cb) {`
			`try {`
			`assert(`
			`this.created && typeof this.created.getTime === 'function',`
			`'token.created must be a valid Date'`
			`);`
			`assert(this.ttl !== 0, 'token.ttl must be not be 0');`
			`assert(this.ttl, 'token.ttl must exist');`
			`assert(this.ttl >= -1, 'token.ttl must be >= -1');`

			`var now = Date.now();`
			`var created = this.created.getTime();`
			`var elapsedSeconds = (now - created) / 1000;`
			`var secondsToLive = this.ttl;`
			`var isValid = elapsedSeconds < secondsToLive;`

			`if(isValid) {`
			`cb(null, isValid);`
			`} else {`
			`this.destroy(function(err) {`
			`cb(err, isValid);`
			`});`
			`}`
			`} catch(e) {`
			`cb(e);`
			`}`
			`}`

Add loopback.token() middleware 2013-11-14 21:01:47 +00:00			`function tokenIdForRequest(req, options) {`
			`var params = options.params \|\| [];`
			`var headers = options.headers \|\| [];`
			`var cookies = options.cookies \|\| [];`
			`var i = 0;`
			`var length;`
			`var id;`

			`params.push('access_token');`
			`headers.push('X-Access-Token');`
			`headers.push('authorization');`
			`cookies.push('access_token');`
			`cookies.push('authorization');`

			`for(length = params.length; i < length; i++) {`
			`id = req.param(params[i]);`

			`if(typeof id === 'string') {`
			`return id;`
			`}`
			`}`

Update session / token documentation 2013-11-14 23:27:36 +00:00			`for(i = 0, length = headers.length; i < length; i++) {`
			`id = req.header(headers[i]);`
Add loopback.token() middleware 2013-11-14 21:01:47 +00:00
			`if(typeof id === 'string') {`
			`return id;`
			`}`
			`}`

Update session / token documentation 2013-11-14 23:27:36 +00:00			`for(i = 0, length = headers.length; i < length; i++) {`
			`id = req.signedCookies[cookies[i]];`
Add loopback.token() middleware 2013-11-14 21:01:47 +00:00
			`if(typeof id === 'string') {`
			`return id;`
			`}`
			`}`

			`return null;`
			`}`