Constructs an instance of the authentication service and sets up the cookie generation and challenge generation routines.
Contains the authentication secret as set in config.security.ts.
It defines a symmetric secret key and is used for signing access
tokens.
Contains the challenge size as set in config.security.ts.
Note that by modifying the default challenge size, you may
affect the operations processor and thereby the data that is
returned by the backend.
Contains the generated cookie payload. This property is
filled using configuration fields in the config/security.ts
configuration file.
This method fetches recent transactions using the network
service (promises are delegated), and interprets the content
of messages in transfer transactions.
A TransferTransaction instance will only be returned given
that the challenge can be found in a transaction, otherwise
it returns undefined.
The authentication registry address to search for in recent transactions.
The authentication challenge to search for in recent transactions.
A transfer transaction instance given a validated authentication challenge, or undefined.
This method accepts a AuthenticationPayload object
of which the address field is used to find the related
account-sessions document by address.
We read the access/refresh token(s) from the account-sessions
document if possible, otherwise we generate them and
sign them using the authentication secret as provided
in the configuration file config/security.ts.
Note that the expiration of access tokens automatically
happens after one hour of lifetime.
The authentication payload of validated log-in operation.
An access token for the authenticated user and possibly a refresh token (first time).
This method extract an access token from the AuthService class and use it to query the owner account from the database.
An express Request object.
The name of the cookie to perform access token extraction from.
The account that has the provided cookie.
This method returns an account sessions query for the mongo collection
named account-sessions, and is used to query an account by the address
attached inside the AuthenticationPayload payload.
This method generates a random authentication challenge.
The size of the generated authentication challenges can be changed
in the configuration file config/security.ts.
Note that by modifying the default challenge size, you may
affect the operations processor and thereby the data that is
returned by the backend.
An authentication challenge that can be attached on-chain.
This method returns the configured cookie payload. Note that we do not permit the secret to be shared by destructuring it out of the returned payload, i.e. the secret is never returned with this method.
A cookie payload without the secret field.
This method returns a transactions query that is compatible
with dHealth Network Node's REST gateway.
To change the registry, you can modify the auth.registries
configuration field in config/security.ts. Please, note that
changing this configuration field may affect ongoing log-in
operations of end-users.
A list of REST-gateway compatible transaction search queries.
This method accepts an end-user address (string) and a
refresh token which must be valid as a pair.
This method will generate a new access token,
sign it using the authentication secret as provided
in the configuration file config/security.ts and
returns it in a AccessTokenDTO object.
Note that the expiration of access tokens automatically
happens after one hour of lifetime.
The address of the end-user for which a new access token must be generated ("Refresh").
An access token for the authenticated user.
This method validates the presence of an authentication challenge
on-chain, in transfer transaction messages. When we can't find a recent
transaction (confirmed/unconfirmed) that contains the challenge value
this method will throw a HttpException with status code 401.
In case of a successful validation attempts, i.e. when the challenge
parameter has been found in a recent transfer transaction's message,
a document will be insert in the collection authChallenges.
An authentication challenge, as created with getChallenge.
A boolean flag that determine whether the challenge should be marked as used.
An authenticated account session described with AuthenticationPayload.
This method extracts a JWT Token from different parts of the request object with following order:
A express Request object.
Generated using TypeDoc
COMMON
This class serves as an authentication handler for users. This can be used to authenticate the access to [a subset] of your dApp routes and modules.
You can use this service to generate authentication challenges, or to validate the presence of authentication challenges on-chain, or to get access tokens and refresh tokens for authenticated users.
v0.2.0