40 lines
1.3 KiB
TypeScript
40 lines
1.3 KiB
TypeScript
|
import { Server, onAuthenticatePayload } from "@hocuspocus/server";
|
|||
|
import { ApiResponse, Authorizer, ConfigType, ValidateJWTTokenInput, ValidateJWTTokenResponse } from '@authorizerdev/authorizer-js';
|
|||
|
|
|||
|
const authorizer = new Authorizer({
|
|||
|
clientID: process.env.AUTHORIZER_CLIENT_ID,
|
|||
|
authorizerURL: 'https://auth.discours.io',
|
|||
|
redirectURL: 'https://testing.discours.io'
|
|||
|
} as ConfigType);
|
|||
|
|
|||
|
|
|||
|
const server = await Server.configure({
|
|||
|
port: 4242,
|
|||
|
async onConnect({ connection }) {
|
|||
|
connection.requiresAuthentication = false; // FIXME
|
|||
|
},
|
|||
|
async onAuthenticate(data: onAuthenticatePayload) {
|
|||
|
// Danger! This won’t be called for that connection attempt.
|
|||
|
|
|||
|
if (data.requestHeaders) {
|
|||
|
const params: ValidateJWTTokenInput = {
|
|||
|
token_type: 'access_token',
|
|||
|
token: data.requestHeaders['authorization'] || '',
|
|||
|
}
|
|||
|
if (params.token) {
|
|||
|
// NOTE: ожидаем, что клиент отправит токен
|
|||
|
const response: ApiResponse<ValidateJWTTokenResponse> = await authorizer.validateJWTToken(params)
|
|||
|
if(response?.data?.is_valid) {
|
|||
|
const { sub: user, allowed_roles: roles } = response.data.claims
|
|||
|
console.debug(`user_id: ${user} roles: ${roles}`)
|
|||
|
} else {
|
|||
|
console.debug('no valid auth token presented')
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
},
|
|||
|
}).listen();
|
|||
|
|
|||
|
server.listen();
|