How to use @authx/authx - 10 common examples

To help you get started, we’ve selected a few @authx/authx examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github the-control-group / authx / src / server.ts View on Github external
UEVIBMF0upDJMA53AFFx+0Fb/i76JFPTY7SxzvioIFeKRwY8evIRWQWYO95Os6gK
Bac/x5qiUn5fh2xM+wIDAQAB
-----END PUBLIC KEY-----`,
        ...(process.env.KEYPUBLIC2 ? [process.env.KEYPUBLIC2] : [])
      ],
      async sendMail(options: {
        to: string;
        subject: string;
        text: string;
        html: string;
        from?: string;
      }): Promise {
        console.log("--- SENDING EMAIL MESSAGE -------------------------");
        console.log(options);
      },
      strategies: new StrategyCollection([email, password, openid]),
      pg: {
        database: process.env.PGDATABASE ?? undefined,
        host: process.env.PGHOST ?? undefined,
        password: process.env.PGPASSWORD ?? undefined,
        port: process.env.PGPORT ? parseInt(process.env.PGPORT, 10) : undefined,
        ssl: process.env.PGSSL === "true" ? true : false,
        user: process.env.PGUSER ?? undefined
      }
    });

    // Apply the AuthX routes to the app.
    app.use(authx.routes());

    // Log errors - everything as JSON makes a happier you.
    app.on(
      "error",
github the-control-group / authx / packages / strategy-email / src / server / graphql / mutation / createEmailCredentials.ts View on Github external
!authority.details.publicKeys.some(key => {
                try {
                  const payload = jwt.verify(proof, key, {
                    algorithms: ["RS512"]
                  });

                  // Make sure we're using the same email
                  if ((payload as any).email !== input.email) {
                    throw new ForbiddenError(
                      "This proof was generated for a different email address."
                    );
                  }

                  // Make sure this is for the same user
                  if ((payload as any).sub !== a.userId) {
                    throw new ForbiddenError(
                      "This proof was generated for a different user."
                    );
                  }

                  return true;
                } catch (error) {
                  if (error instanceof ForbiddenError) {
                    throw error;
                  }

                  return false;
                }
              })
            ) {
github the-control-group / authx / packages / strategy-email / src / server / graphql / mutation / updateEmailAuthorities.ts View on Github external
async resolve(source, args, context): Promise[]> {
    const {
      pool,
      authorization: a,
      realm,
      strategies: { authorityMap }
    } = context;

    if (!a) {
      throw new ForbiddenError(
        "You must be authenticated to update an authority."
      );
    }

    return args.authorities.map(async input => {
      // Validate `id`.
      if (!validateIdFormat(input.id)) {
        throw new ValidationError("The provided `id` is an invalid ID.");
      }

      const tx = await pool.connect();
      try {
        await tx.query("BEGIN DEFERRABLE");

        const before = await Authority.read(tx, input.id, authorityMap, {
          forUpdate: true
github the-control-group / authx / packages / strategy-openid / src / server / graphql / mutation / updateOpenIdAuthorities.ts View on Github external
async resolve(source, args, context): Promise[]> {
    const {
      pool,
      authorization: a,
      realm,
      strategies: { authorityMap }
    } = context;

    if (!a) {
      throw new ForbiddenError(
        "You must be authenticated to update an authority."
      );
    }

    return args.authorities.map(async input => {
      // Validate `id`.
      if (!validateIdFormat(input.id)) {
        throw new ValidationError("The provided `id` is an invalid ID.");
      }

      // Validate `emailAuthorityId`.
      if (
        typeof input.emailAuthorityId === "string" &&
        !validateIdFormat(input.emailAuthorityId)
      ) {
        throw new ValidationError(
github the-control-group / authx / packages / strategy-openid / src / server / graphql / mutation / authenticateOpenId.ts View on Github external
{
              type: "authorization",
              authorizationId: "",
              grantId: "",
              clientId: "",
              userId: user.id
            },
            {
              basic: "*",
              scopes: "*",
              secrets: "*"
            }
          )
        )
      ) {
        throw new ForbiddenError(
          "You do not have permission to create this authorization"
        );
      }

      // Create a new authorization.
      const authorization = await Authorization.write(
        tx,
        {
          id: authorizationId,
          enabled: true,
          userId: credential.userId,
          grantId: null,
          secret: randomBytes(16).toString("hex"),
          scopes: [`${realm}:**:**`]
        },
        {
github the-control-group / authx / packages / strategy-email / src / server / graphql / mutation / authenticateEmail.ts View on Github external
async resolve(source, args, context): Promise {
    const {
      pool,
      authorization: a,
      realm,
      strategies: { authorityMap },
      sendMail,
      base
    } = context;

    if (a) {
      throw new ForbiddenError("You area already authenticated.");
    }

    const tx = await pool.connect();
    try {
      await tx.query("BEGIN DEFERRABLE");

      // fetch the authority
      const authority = await Authority.read(
        tx,
        args.authorityId,
        authorityMap
      );

      if (!(authority instanceof EmailAuthority)) {
        throw new AuthenticationError(
          __DEV__
github the-control-group / authx / packages / strategy-email / src / server / graphql / mutation / authenticateEmail.ts View on Github external
!authority.details.publicKeys.some(key => {
            try {
              const payload = jwt.verify(proof, key, {
                algorithms: ["RS512"]
              });

              // Make sure we're using the same email
              if ((payload as any).email !== args.email) {
                throw new ForbiddenError(
                  "This proof was generated for a different email address."
                );
              }

              // Make sure this is for the same user
              if ((payload as any).sub) {
                throw new ForbiddenError(
                  "This proof was generated for a specific user."
                );
              }

              return true;
            } catch (error) {
              if (error instanceof ForbiddenError) {
                throw error;
              }

              return false;
            }
          })
        ) {
github the-control-group / authx / packages / strategy-openid / src / server / graphql / mutation / authenticateOpenId.ts View on Github external
async resolve(source, args, context): Promise {
    const {
      pool,
      authorization: a,
      realm,
      strategies: { authorityMap },
      base
    } = context;

    if (a) {
      throw new ForbiddenError("You area already authenticated.");
    }

    const tx = await pool.connect();
    try {
      await tx.query("BEGIN DEFERRABLE");

      // Fetch the authority.
      const authority = await Authority.read(
        tx,
        args.authorityId,
        authorityMap
      );

      if (!(authority instanceof OpenIdAuthority)) {
        throw new AuthenticationError(
          "The authority uses a strategy other than openid."
github the-control-group / authx / packages / strategy-email / src / server / graphql / mutation / authenticateEmail.ts View on Github external
throw new ForbiddenError(
                  "This proof was generated for a specific user."
                );
              }

              return true;
            } catch (error) {
              if (error instanceof ForbiddenError) {
                throw error;
              }

              return false;
            }
          })
        ) {
          throw new ForbiddenError("The proof is invalid.");
        }
      }

      // The user needs to be sent a proof.
      else {
        const proofId = v4();

        // Generate a new proof
        const proof = jwt.sign(
          {
            email: args.email
          },
          authority.details.privateKey,
          {
            algorithm: "RS512",
            expiresIn: authority.details.proofValidityDuration,
github the-control-group / authx / packages / strategy-email / src / server / graphql / mutation / createEmailCredentials.ts View on Github external
return args.credentials.map(async input => {
      // Validate `id`.
      if (typeof input.id === "string" && !validateIdFormat(input.id)) {
        throw new ValidationError("The provided `id` is an invalid ID.");
      }

      // Validate `authorityId`.
      if (!validateIdFormat(input.authorityId)) {
        throw new ValidationError(
          "The provided `authorityId` is an invalid ID."
        );
      }

      // Validate `userId`.
      if (!validateIdFormat(input.userId)) {
        throw new ValidationError("The provided `userId` is an invalid ID.");
      }

      // Validate `administration`.
      for (const { roleId, scopes } of input.administration) {
        if (!validateIdFormat(roleId)) {
          throw new ValidationError(
            "The provided `administration` list contains a `roleId` that is an invalid ID."
          );
        }