110 lines
2.4 KiB
JavaScript
110 lines
2.4 KiB
JavaScript
import jwt from "jsonwebtoken";
|
|
|
|
const ENV = useRuntimeConfig();
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
try {
|
|
const cookies = event.req.headers.cookie;
|
|
if (!cookies) throw new Error("Cookie not found");
|
|
|
|
let { accessToken, refreshToken, user } = parseCookie(cookies);
|
|
|
|
if (!accessToken) accessToken = null;
|
|
if (!refreshToken) refreshToken = null;
|
|
|
|
let { subdomain } = JSON.parse(user);
|
|
if (!subdomain) subdomain = null;
|
|
|
|
let payloadUser = null;
|
|
|
|
payloadUser = verifyAccessToken(accessToken);
|
|
|
|
if (!payloadUser) {
|
|
payloadUser = verifyRefreshToken(refreshToken);
|
|
if (!payloadUser) throw new Error("Unauthorized Refresh Token");
|
|
|
|
const accessToken = generateAccessToken({
|
|
email: payloadUser.email,
|
|
roles: payloadUser.roles,
|
|
});
|
|
|
|
// Set new access token
|
|
event.res.setHeader("Set-Cookie", [
|
|
`accessToken=${accessToken}; HttpOnly; Secure; SameSite=Lax; Path=/`,
|
|
]);
|
|
}
|
|
|
|
const getUser = await getUserInfo(payloadUser.username);
|
|
if (!getUser) throw new Error("User not found");
|
|
|
|
event.context.user = {
|
|
userID: getUser.userID || null,
|
|
email: payloadUser.email || null,
|
|
roles: payloadUser.roles || [],
|
|
};
|
|
|
|
return;
|
|
} catch (error) {
|
|
// console.log(error.message);
|
|
event.context.user = {
|
|
userID: null,
|
|
email: null,
|
|
roles: [],
|
|
};
|
|
return;
|
|
}
|
|
});
|
|
|
|
function parseCookie(str) {
|
|
return str
|
|
.split(";")
|
|
.map((v) => v.split("="))
|
|
.reduce((acc, v) => {
|
|
acc[decodeURIComponent(v[0].trim())] = decodeURIComponent(v[1].trim());
|
|
return acc;
|
|
}, {});
|
|
}
|
|
|
|
function verifyAccessToken(accessToken) {
|
|
try {
|
|
const token = ENV.auth.secretAccess;
|
|
return jwt.verify(accessToken, token);
|
|
} catch (error) {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
function verifyRefreshToken(refreshToken) {
|
|
try {
|
|
const token = ENV.auth.secretRefresh;
|
|
return jwt.verify(refreshToken, token);
|
|
} catch (error) {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
function generateAccessToken(user) {
|
|
try {
|
|
const token = ENV.auth.secretAccess;
|
|
return jwt.sign(user, token, { expiresIn: "1d" });
|
|
} catch (error) {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
async function getUserInfo(username) {
|
|
try {
|
|
const user = await prisma.user.findFirst({
|
|
where: {
|
|
userUsername: username,
|
|
},
|
|
});
|
|
|
|
if (!user) return null;
|
|
|
|
return user;
|
|
} catch (error) {
|
|
console.log(error);
|
|
}
|
|
}
|