app2-api/helpers/security.helper.js

const fs = require('fs');
const path = require('path');
const jwt = require('jsonwebtoken');
const randtoken = require('rand-token');
const bCrypt = require('bcrypt');
const config = require('../config');

const privateKEY = fs.readFileSync(path.join(__dirname, '..', 'private.key'), 'utf8');
const publicKEY = fs.readFileSync(path.join(__dirname, '..', 'public.key'), 'utf8');

const signOptions = {
    issuer: 'Fundación LQDVI',
    subject: 'info@loquedeverdadimporta.org',
    audience: 'htts://www.loquedeverdadimporta.org',
};

const _genSalt = (rounds = 10) => {
    return new Promise((resolve, reject) => {
        bCrypt.genSalt(rounds, function (err, salt) {
            if (err) return reject(err);
            return resolve(salt);
        });
    });
}

const _hashPassword = (password, salt) => {
    return new Promise((resolve, reject) => {
        bCrypt.hash(password, salt, function (err, hash) {
            if (err) return reject(err);
            return resolve(hash);
        });
    });
}


// https://medium.com/@siddharthac6/json-web-token-jwt-the-right-way-of-implementing-with-node-js-65b8915d550e

const _sign = (payload, options) => {
    /*
    options = {
        issuer: "Authorizaxtion/Resource/This server",
        subject: "iam@user.me",
        audience: "Client_Identity" // this should be provided by client
    }
    */

    // Token signing options
    const signOptions = {
        issuer: options.issuer,
        subject: options.subject,
        audience: options.audience,
        expiresIn: config.session.token_expires_in,
        algorithm: "RS256"
    };

    const token = jwt.sign(payload, privateKEY, signOptions);
    const refreshToken = randtoken.uid(256);
    refreshToken[refreshToken] = payload;
    return { token, refreshToken };
}

const _verify = (token, options) => {
    /*
    options = {
        issuer: "Authorization/Resource/This server",
        subject: "iam@user.me", 
        audience: "Client_Identity" // this should be provided by client
    }  
    */

    const verifyOptions = {
        issuer: options.issuer,
        subject: options.subject,
        audience: options.audience,
        expiresIn: config.session.token_expires_in,
        algorithm: ["RS256"]
    };

    //console.log('_VERIFY - SECURiTY.HELPERRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR');
    //console.log('token: ', token);
    //console.log('publicKEY: ', publicKEY);
    //console.log('verifyOptions: ', verifyOptions);   

    try {
        return jwt.verify(token, publicKEY, verifyOptions);
    } catch (err) {
        return false;
    }
}

const _decode = (token) => {
    //returns null if token is invalid
    return jwt.decode(token, { complete: true });
}


module.exports = {
    jwtOptions: {
        jwtFromRequest: (req) => { console.log(req.headers); return ((req && req.headers && req.headers['x-access-token']) ? req.headers['x-access-token'] : null) },
        secretOrKey: publicKEY,
        ...signOptions,
    },

    generateHashPassword: async (password) => {
        const salt = await _genSalt();
        return _hashPassword(password, salt)
    },

    isValidPassword: async (password, candidate) => {
        result = await bCrypt.compareSync(candidate, password);
        return result;
    },

    generateToken: (payload) => {
        return _sign(payload, signOptions);
    },

    verify: (token) => {
        return _verify(token, signOptions);
    }
}
. 2019-04-24 21:01:54 +00:00			`const fs = require('fs');`
			`const path = require('path');`
			`const jwt = require('jsonwebtoken');`
Implementación de refresh token 2019-07-09 10:14:18 +00:00			`const randtoken = require('rand-token');`
. 2019-04-24 21:01:54 +00:00			`const bCrypt = require('bcrypt');`
			`const config = require('../config');`

			`const privateKEY = fs.readFileSync(path.join(__dirname, '..', 'private.key'), 'utf8');`
			`const publicKEY = fs.readFileSync(path.join(__dirname, '..', 'public.key'), 'utf8');`

			`const signOptions = {`
			`issuer: 'Fundación LQDVI',`
			`subject: 'info@loquedeverdadimporta.org',`
			`audience: 'htts://www.loquedeverdadimporta.org',`
			`};`

			`const _genSalt = (rounds = 10) => {`
			`return new Promise((resolve, reject) => {`
			`bCrypt.genSalt(rounds, function (err, salt) {`
			`if (err) return reject(err);`
			`return resolve(salt);`
			`});`
			`});`
			`}`

			`const _hashPassword = (password, salt) => {`
			`return new Promise((resolve, reject) => {`
			`bCrypt.hash(password, salt, function (err, hash) {`
			`if (err) return reject(err);`
			`return resolve(hash);`
			`});`
			`});`
			`}`


			`// https://medium.com/@siddharthac6/json-web-token-jwt-the-right-way-of-implementing-with-node-js-65b8915d550e`

			`const _sign = (payload, options) => {`
			`/*`
			`options = {`
			`issuer: "Authorizaxtion/Resource/This server",`
			`subject: "iam@user.me",`
			`audience: "Client_Identity" // this should be provided by client`
			`}`
			`*/`

			`// Token signing options`
			`const signOptions = {`
			`issuer: options.issuer,`
			`subject: options.subject,`
			`audience: options.audience,`
			`expiresIn: config.session.token_expires_in,`
			`algorithm: "RS256"`
			`};`

Implementación de refresh token 2019-07-09 10:14:18 +00:00			`const token = jwt.sign(payload, privateKEY, signOptions);`
			`const refreshToken = randtoken.uid(256);`
			`refreshToken[refreshToken] = payload;`
			`return { token, refreshToken };`
. 2019-04-24 21:01:54 +00:00			`}`

			`const _verify = (token, options) => {`
			`/*`
			`options = {`
			`issuer: "Authorization/Resource/This server",`
			`subject: "iam@user.me",`
			`audience: "Client_Identity" // this should be provided by client`
			`}`
			`*/`

			`const verifyOptions = {`
			`issuer: options.issuer,`
			`subject: options.subject,`
			`audience: options.audience,`
			`expiresIn: config.session.token_expires_in,`
			`algorithm: ["RS256"]`
			`};`

. 2019-07-28 20:08:15 +00:00			`//console.log('_VERIFY - SECURiTY.HELPERRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR');`
			`//console.log('token: ', token);`
			`//console.log('publicKEY: ', publicKEY);`
			`//console.log('verifyOptions: ', verifyOptions);`
a 2019-07-22 17:34:53 +00:00
. 2019-04-24 21:01:54 +00:00			`try {`
			`return jwt.verify(token, publicKEY, verifyOptions);`
			`} catch (err) {`
			`return false;`
			`}`
			`}`

			`const _decode = (token) => {`
			`//returns null if token is invalid`
			`return jwt.decode(token, { complete: true });`
			`}`


			`module.exports = {`
			`jwtOptions: {`
Acceso JWT implementado 2019-07-09 12:52:22 +00:00			`jwtFromRequest: (req) => { console.log(req.headers); return ((req && req.headers && req.headers['x-access-token']) ? req.headers['x-access-token'] : null) },`
. 2019-04-24 21:01:54 +00:00			`secretOrKey: publicKEY,`
			`...signOptions,`
			`},`

			`generateHashPassword: async (password) => {`
			`const salt = await _genSalt();`
			`return _hashPassword(password, salt)`
			`},`

			`isValidPassword: async (password, candidate) => {`
. 2019-08-18 21:15:34 +00:00			`result = await bCrypt.compareSync(candidate, password);`
a 2019-07-21 13:30:49 +00:00			`return result;`
. 2019-04-24 21:01:54 +00:00			`},`

			`generateToken: (payload) => {`
			`return _sign(payload, signOptions);`
			`},`

			`verify: (token) => {`
			`return _verify(token, signOptions);`
			`}`
			`}`