Last active
August 29, 2015 14:24
-
-
Save shamsher31/7663cdacb0ee6abd49eb to your computer and use it in GitHub Desktop.
HAPI-JWT Implementation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var Hapi = require('hapi'), | |
boom = require('boom'); | |
// Create a server with a host and port | |
var server = new Hapi.Server(); | |
server.connection({ | |
host: 'localhost', | |
port: 8000 | |
}); | |
// Register JWT Schema and startegy | |
server.auth.scheme('jwt-token',jwtToken); | |
server.auth.strategy('Basic', 'jwt-token'); | |
function jwtToken(server) { | |
return { | |
authenticate : function(request,reply) { | |
verifyToken(request.headers.authorization) | |
.then(function(decoded) { | |
reply(null,{'sucess' : true, 'credentials' : decoded}); | |
}) | |
.catch(function(e) { | |
reply(boom.create(463, 'Token Expired')); | |
}); | |
} | |
} | |
} | |
server.route({ | |
method: 'GET', | |
path: '/', | |
config: { | |
auth: 'Basic', | |
handler: function (request, reply) { | |
return reply(request.auth.credentials.user); | |
} | |
} | |
}); | |
------------------------------------------------------------------------------- | |
var client = redis.createClient(), | |
boom = require('boom'), | |
Promise = require('bluebird'), | |
jwt = Promise.promisifyAll(require('jsonwebtoken')), | |
privateKey = process.env.TOKEN_SECRET || 'BbZJjyoXAdr8BUZuiKKAdsjj434324dasl43214dals'; | |
module.exports = { | |
createToken : createToken, | |
verifyToken : verifyToken, | |
clearToken : clearToken, | |
verfiyRefreshToken : verfiyRefreshToken, | |
clearRefreshToken : clearRefreshToken, | |
extractUserDetails : extractUserDetails | |
}; | |
function createToken(userMatch) { | |
var keyToken, | |
userToken, | |
refreshToken, | |
timeObj = getCurrentAndExpireTime(); | |
userMatch.iat = timeObj.currentTimeStamp; | |
userMatch.exp = timeObj.expireTimeStamp; | |
keyToken = jwt.sign(userMatch, privateKey); | |
userMatch.coreToken = keyToken; | |
userToken = jwt.sign(userMatch, privateKey); | |
refreshToken = jwt.sign({'time' : timeObj.currentTimeStamp }, privateKey); | |
client.HMSET(keyToken,userMatch); | |
client.SET(refreshToken,refreshToken); | |
userMatch.coreToken = userToken; | |
userMatch.refreshToken = refreshToken; | |
delete userMatch.iat; | |
delete userMatch.exp; | |
return userMatch; | |
} | |
function verifyToken(token) { | |
return new Promise(function(resolve, reject) { | |
var timeObj = getCurrentAndExpireTime(); | |
if(!token) { | |
reject('Error verifying token'); | |
return; | |
} | |
jwt.verify(token,privateKey,function(err,decoded) { | |
if(err || !decoded || !decoded.coreToken) { | |
reject({'msg' : 'Error verifying token','error' : err}); | |
return; | |
} | |
if(timeObj.currentTimeStamp > decoded.exp) { | |
reject({status : 463}); | |
return; | |
} | |
client.HSCAN(decoded.coreToken, 0, function(err,credentials) { | |
if(!credentials || err) { | |
reject({'msg' : 'Error getting token','error' : err}); | |
return; | |
} | |
resolve(decoded); | |
}); | |
}); | |
}); | |
} | |
function clearToken(token) { | |
return new Promise(function(resolve, reject) { | |
jwt.verify(token,privateKey,function(err,decoded) { | |
if(err) { | |
return; | |
} | |
client.del(decoded.coreToken); | |
resolve(); | |
}); | |
}); | |
} | |
function clearRefreshToken(token) { | |
return new Promise(function(resolve, reject) { | |
jwt.verify(token,privateKey,function(err,decoded) { | |
if(err) { | |
return; | |
} | |
client.del(token); | |
resolve(); | |
}); | |
}); | |
} | |
function verfiyRefreshToken(token) { | |
return new Promise(function(resolve, reject) { | |
client.GET(token,function(err,validToken) { | |
if(!validToken || err) { | |
reject('Invalid token'); | |
return; | |
} | |
resolve(validToken); | |
}); | |
}); | |
} | |
function extractUserDetails(token) { | |
return new Promise(function(resolve, reject) { | |
jwt.verify(token,privateKey,function(err,decoded) { | |
if(!decoded || err) { | |
reject('Invalid token'); | |
return; | |
} | |
client.HGETALL(decoded.coreToken, function(err, userMatch) { | |
delete userMatch.coreToken; | |
delete userMatch.refreshToken; | |
delete userMatch.iat; | |
delete userMatch.exp; | |
resolve(userMatch); | |
}); | |
}); | |
}); | |
} | |
function getCurrentAndExpireTime() { | |
var timeObj = {}; | |
timeObj.currentDate = new Date(); | |
timeObj.currentTimeStamp = new Date().getTime(); | |
// Uncomment to test with 10 second token expiry | |
//timeObj.expireTimeStamp = timeObj.currentDate.setSeconds(timeObj.currentDate.getSeconds() + 10); | |
timeObj.expireTimeStamp = timeObj.currentDate.setDate(timeObj.currentDate.getDate() + 2); | |
return timeObj; | |
} | |
---------------------------------------------------------------------------- | |
function RefreshToken(request, reply) { | |
verfiyRefreshToken(request.payload.refreshToken) | |
.then(function(validToken) { | |
clearRefreshToken(validToken); | |
return extractUserDetails(request.payload.accessToken); | |
}) | |
.then(function(userMatch) { | |
clearToken(request.payload.accessToken); | |
return createToken(userMatch); | |
}) | |
.then(function(credentials) { | |
reply(credentials); | |
}); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment