AccessToken last life of running bonob process rather than expiring

2025-12-22 01:43:29 +01:00 · 2021-03-16 18:51:17 +11:00
parent cd979c2265
commit 7637cf95f6
3 changed files with 166 additions and 67 deletions
--- a/src/access_tokens.ts
+++ b/src/access_tokens.ts
@@ -1,8 +1,10 @@
-import dayjs, { Dayjs } from 'dayjs';
-import { v4 as uuid } from 'uuid';
+import dayjs, { Dayjs } from "dayjs";
+import { v4 as uuid } from "uuid";
+import { Encryption } from "./encryption";
+import logger from "./logger";

 export interface Clock {
-  now(): Dayjs
+  now(): Dayjs;
 }

 type AccessToken = {
@@ -19,9 +21,9 @@ export interface AccessTokens {
 export class ExpiringAccessTokens implements AccessTokens {
  tokens = new Map<string, AccessToken>();
  clock: Clock;
-  
-  constructor(clock : Clock = { now: () => dayjs() }) {
-    this.clock = clock
+
+  constructor(clock: Clock = { now: () => dayjs() }) {
+    this.clock = clock;
  }

  mint(authToken: string): string {
@@ -29,7 +31,7 @@ export class ExpiringAccessTokens implements AccessTokens {
    const accessToken = {
      value: uuid(),
      authToken,
-      expiry: this.clock.now().add(12, 'hours')
+      expiry: this.clock.now().add(12, "hours"),
    };
    this.tokens.set(accessToken.value, accessToken);
    return accessToken.value;
@@ -41,10 +43,36 @@ export class ExpiringAccessTokens implements AccessTokens {
  }

  clearOutExpired() {
-    Array.from(this.tokens.values()).filter(it => it.expiry.isBefore(this.clock.now())).forEach(expired => {
-      this.tokens.delete(expired.value);
-    })
+    Array.from(this.tokens.values())
+      .filter((it) => it.expiry.isBefore(this.clock.now()))
+      .forEach((expired) => {
+        this.tokens.delete(expired.value);
+      });
  }

  count = () => this.tokens.size;
 }
+
+export class EncryptedAccessTokens implements AccessTokens {
+  encryption: Encryption;
+
+  constructor(encryption: Encryption) {
+    this.encryption = encryption;
+  }
+
+  mint = (authToken: string): string =>
+    Buffer.from(JSON.stringify(this.encryption.encrypt(authToken))).toString(
+      "base64"
+    );
+
+  authTokenFor(value: string): string | undefined {
+    try {
+      return this.encryption.decrypt(
+        JSON.parse(Buffer.from(value, "base64").toString("ascii"))
+      );
+    } catch {
+      logger.warn("Failed to decrypt access token...");
+      return undefined;
+    }
+  }
+}