app2-api/helpers/security.helper.js

const fs = require('fs');
const path = require('path');
const jwt = require('jsonwebtoken');
const bCrypt = require('bcrypt');
const config = require('../config');

const privateKEY = fs.readFileSync(path.join(__dirname, '..', 'private.key'), 'utf8');
const publicKEY = fs.readFileSync(path.join(__dirname, '..', 'public.key'), 'utf8');

const signOptions = {
    issuer: 'Fundación LQDVI',
    subject: 'info@loquedeverdadimporta.org',
    audience: 'htts://www.loquedeverdadimporta.org',
};

const _genSalt = (rounds = 10) => {
    return new Promise((resolve, reject) => {
        bCrypt.genSalt(rounds, function (err, salt) {
            if (err) return reject(err);
            return resolve(salt);
        });
    });
}

const _hashPassword = (password, salt) => {
    return new Promise((resolve, reject) => {
        bCrypt.hash(password, salt, function (err, hash) {
            if (err) return reject(err);
            return resolve(hash);
        });
    });
}


// https://medium.com/@siddharthac6/json-web-token-jwt-the-right-way-of-implementing-with-node-js-65b8915d550e

const _sign = (payload, options) => {
    /*
    options = {
        issuer: "Authorizaxtion/Resource/This server",
        subject: "iam@user.me",
        audience: "Client_Identity" // this should be provided by client
    }
    */

    // Token signing options
    const signOptions = {
        issuer: options.issuer,
        subject: options.subject,
        audience: options.audience,
        expiresIn: config.session.token_expires_in,
        algorithm: "RS256"
    };

    return jwt.sign(payload, privateKEY, signOptions);
}

const _verify = (token, options) => {
    /*
    options = {
        issuer: "Authorization/Resource/This server",
        subject: "iam@user.me", 
        audience: "Client_Identity" // this should be provided by client
    }  
    */

    const verifyOptions = {
        issuer: options.issuer,
        subject: options.subject,
        audience: options.audience,
        expiresIn: config.session.token_expires_in,
        algorithm: ["RS256"]
    };

    try {
        return jwt.verify(token, publicKEY, verifyOptions);
    } catch (err) {
        return false;
    }
}

const _decode = (token) => {
    //returns null if token is invalid
    return jwt.decode(token, { complete: true });
}


module.exports = {
    jwtOptions: {
        jwtFromRequest: (req) => ((req && req.headers && req.headers['x-access-token']) ? req.headers['x-access-token'] : null),
        secretOrKey: publicKEY,
        ...signOptions,
    },

    generateHashPassword: async (password) => {
        const salt = await _genSalt();
        return _hashPassword(password, salt)
    },

    isValidPassword: async (password, candidate) => {
        return await bCrypt.compareSync(candidate, password);    
    },

    generateToken: (payload) => {
        return _sign(payload, signOptions);
    },

    verify: (token) => {
        return _verify(token, signOptions);
    }
}