HerrHase
/
signpost
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bd65cdfcc2'
${ noResults }
signpost/packages/server/handler/token.js

45 lines
1.1 KiB
Raw Blame History

import DOMPurify from 'isomorphic-dompurify'
import TokenHelper from './../helper/token.js'
import logger from './../helper/logger.js'
/**
* handle token
*
* @author Björn Hase <me@herr-hase.wtf>
* @license hhttps://www.gnu.org/licenses/gpl-3.0.en.html GPL-3
* @link https://git.node001.net/HerrHase/signpost.git
*
*/
async function tokenHandler(request, response) {
if (!request.headers.authorization) {
return response
.code(403)
.send()
}
let token = DOMPurify.sanitize(request.headers.authorization)
token = token.match(/^Bearer ([A-Za-z0-9._~+/-]+=*)$/)
// check if token exists
if (!token[1]) {
logger(response.locals.flow.uuid).error('token not found in header')
return response
.code(403)
.send()
}
// check if token is same as for the flow
if (!TokenHelper.equal(token[1], response.locals.flow.hash)) {
logger(response.locals.flow.uuid).error('token not equal with hash from flow')
return response
.code(403)
.send()
}
}
export default tokenHandler
Reference in new issue View Git Blame Copy Permalink