Options
All
  • Public
  • Public/Protected
  • All
Menu

Class AuthController

label

COMMON

description

The auth controller of the app. Handles requests about authentication, access tokens and basic profile information requests.

This controller defines the following routes:

URI HTTP method Class method Description
/auth/challenge GET AuthController.getAuthCode Responds with an authentication challenge that MUST be attached on-chain for a successful authentication.
/auth/token POST AuthController.getAccessToken Accepts a challenge in the request body and validates it using AuthService
/auth/refresh GET AuthController.refreshTokens Uses the RefreshGuard to validate the required refresh token (Bearer authorization header) and creates a new access token, extending a session's lifetime.
/auth/logout GET AuthController.logout Uses the AuthGuard to validate the required access token (Server cookie or Bearer authorization header). Revokes a user's access token (invalidate). The access token cannot be used anymore, a new access token must be requested instead.


since

v0.2.0

Hierarchy

  • AuthController

Index

Constructors

Properties

Methods

Constructors

constructor

Properties

Protected challenge

challenge: string

This property stores authentication challenge generated when created in getAuthCode()

Methods

Protected getAccessToken

  • Creates a JSON Web Token given a valid challenge is presented on dHealth Network in a transfer transaction.

    Note that a token will only be returned given that a challenge is present in the request body and given that this authentication challenge was attached as a message in a [possibly encrypted] transfer transaction on dHealth Network.

    The passthrough flag in NestResponse() operator permits to instruct nest to pass on the response cookie onto the express Response object.

    For details about the options passed to the response.cookie call, please refer to the cookie documentation.

    method

    POST

    access

    protected

    async
    throws

    {HttpException} Given an invalid authentication challenge which could not be found in recent transactions on dHealth Network.

    Parameters

    • body: AccessTokenRequest

      A request that contains an authentication challenge.

    • response: Response<any, Record<string, any>>

      An express response object that will be used to attach signed cookies.

    Returns Promise<AccessTokenDTO>

    Promise An access/refresh token pair or an access token, or HTTP401-Unauthorized.

Protected getAuthCode

  • getAuthCode(response: Response<any, Record<string, any>>): Promise<AuthChallengeDTO>

  • This method generates an authentication cookie depending on the runtime configuration (dApp), i.e. the cookie will include a [sub-]domain name and a name that are used to secure the cookie content.

    A cookie is attached to the response which is signed using the authentication secret from the runtime and which is restricted to the dApp's domain name. Also, the cookie is a HTTP-only cookie to prevent cross-site scripting exploits. Note that reading the cookie using frontends requires an additional parameter, often named withCredentials that will permit to decipher the secure cookie.

    The passthrough flag in NestResponse() operator permits to instruct nest to pass on the response cookie onto the express Response object.

    method

    GET

    access

    protected

    async

    Parameters

    • response: Response<any, Record<string, any>>

    Returns Promise<AuthChallengeDTO>

    Promise A freshly-created authentication challenge.

Protected logout

  • logout(response: Response<any, Record<string, any>>): Promise<StatusDTO>

  • Revokes an end-user's access token and refresh token. This request should be executed to sign-out users in a frontend.

    The request is secured using the AuthGuard guard which attaches a payload to the request object.

    The passthrough flag in NestResponse() operator permits to instruct nest to pass on the response cookie onto the express Response object.

    For details about the options passed to the response.cookie call, please refer to the cookie documentation.

    todo

    should invalidate accessToken+refreshToken also in database

    method

    POST

    access

    protected

    async

    Parameters

    • response: Response<any, Record<string, any>>

      An express response object that will be used to attach signed cookies.

    Returns Promise<StatusDTO>

    Promise An execution status DTO. Contains a HTTP status code and a status boolean property.

Protected refreshTokens

  • refreshTokens(request: Request<ParamsDictionary, any, any, ParsedQs, Record<string, any>>, response: Response<any, Record<string, any>>): Promise<AccessTokenDTO>

  • Creates a JSON Web Token given a valid refreshToken is attached to the request headers in the Authorization header as a Bearer token.

    Note that a token will only be returned given that a refreshToken matches the refresh token hash (SHA3-256) of the given account address as attached to the request in the RefreshGuard middleware/guard.

    The passthrough flag in NestResponse() operator permits to instruct nest to pass on the response cookie onto the express Response object.

    method

    POST

    access

    protected

    async
    throws

    {HttpException} Given an invalid refresh token or address or an invalid combination of both.

    Parameters

    • request: Request<ParamsDictionary, any, any, ParsedQs, Record<string, any>>

      An express request that contains an authenticated user's authentication payload.

    • response: Response<any, Record<string, any>>

      An express response object that will be used to attach signed cookies.

    Returns Promise<AccessTokenDTO>

    Promise An access token, or HTTP401-Unauthorized.

Generated using TypeDoc