61 lines
1.5 KiB
TypeScript
61 lines
1.5 KiB
TypeScript
import { IUser, Gender } from "../models/user";
|
|
import { ObjectID } from "bson";
|
|
import { createJWT } from "../keys";
|
|
import { IClient } from "../models/client";
|
|
import config from "../config";
|
|
import * as moment from "moment";
|
|
|
|
export interface OAuthJWT {
|
|
user: string;
|
|
username: string;
|
|
permissions: string[];
|
|
application: string;
|
|
}
|
|
|
|
const issuer = config.core.url;
|
|
|
|
export const IDTokenJWTExp = moment.duration(30, "m").asSeconds();
|
|
export function getIDToken(user: IUser, client_id: string, nonce: string) {
|
|
return createJWT(
|
|
{
|
|
user: user.uid,
|
|
name: user.name,
|
|
nickname: user.username,
|
|
username: user.username,
|
|
preferred_username: user.username,
|
|
gender: Gender[user.gender],
|
|
nonce,
|
|
},
|
|
{
|
|
expiresIn: IDTokenJWTExp,
|
|
issuer,
|
|
algorithm: "RS256",
|
|
subject: user.uid,
|
|
audience: client_id,
|
|
}
|
|
);
|
|
}
|
|
|
|
export const AccessTokenJWTExp = moment.duration(6, "h");
|
|
export function getAccessTokenJWT(token: {
|
|
user: IUser;
|
|
permissions: ObjectID[];
|
|
client: IClient;
|
|
}) {
|
|
return createJWT(
|
|
<OAuthJWT>{
|
|
user: token.user.uid,
|
|
username: token.user.username,
|
|
permissions: token.permissions.map((p) => p.toHexString()),
|
|
application: token.client.client_id,
|
|
},
|
|
{
|
|
expiresIn: AccessTokenJWTExp.asSeconds(),
|
|
issuer,
|
|
algorithm: "RS256",
|
|
subject: token.user.uid,
|
|
audience: token.client.client_id,
|
|
}
|
|
);
|
|
}
|