50 lines
1.4 KiB
TypeScript
50 lines
1.4 KiB
TypeScript
import { IUser, Gender } from "../models/user";
|
|
import { ObjectID } from "bson";
|
|
import { createJWT } from "../keys";
|
|
import { IClient } from "../models/client";
|
|
import config from "../config";
|
|
import * as moment from "moment";
|
|
|
|
export interface OAuthJWT {
|
|
user: string;
|
|
username: string;
|
|
permissions: string[];
|
|
application: string
|
|
}
|
|
|
|
const issuer = config.core.url;
|
|
|
|
export const IDTokenJWTExp = moment.duration(30, "m").asSeconds();
|
|
export function getIDToken(user: IUser, client_id: string, nonce: string) {
|
|
return createJWT({
|
|
user: user.uid,
|
|
name: user.name,
|
|
nickname: user.username,
|
|
username: user.username,
|
|
preferred_username: user.username,
|
|
gender: Gender[user.gender],
|
|
nonce
|
|
}, {
|
|
expiresIn: IDTokenJWTExp,
|
|
issuer,
|
|
algorithm: "RS256",
|
|
subject: user.uid,
|
|
audience: client_id
|
|
})
|
|
}
|
|
|
|
export const AccessTokenJWTExp = moment.duration(6, "h");
|
|
export function getAccessTokenJWT(token: { user: IUser, permissions: ObjectID[], client: IClient }) {
|
|
return createJWT(<OAuthJWT>{
|
|
user: token.user.uid,
|
|
username: token.user.username,
|
|
permissions: token.permissions.map(p => p.toHexString()),
|
|
application: token.client.client_id
|
|
}, {
|
|
expiresIn: AccessTokenJWTExp.asSeconds(),
|
|
issuer,
|
|
algorithm: "RS256",
|
|
subject: token.user.uid,
|
|
audience: token.client.client_id
|
|
})
|
|
} |