lists.codeite.net/src/codeite-auth.js at master · codeite/lists.codeite.net

76 lines (59 loc) · 1.63 KB

const crypto = require('crypto')
const moment = require('moment')
const rejector = res => reason => {
  res.status(401).send({
    status: 401,
module.exports = (name, secret) => (req, res, next) => {
  const cookieHeader = req.headers.cookie
  const reject = rejector(res)
  // req.userId = 'sam'
  // return next()
  if (!cookieHeader) {
    return reject('no_cookies')
  const cookies = cookieHeader
    .split('; ')
    .map(str => {
      const [key, val] = str.split('=')
      return {key, val: decodeURIComponent(val)}
  const cookie = cookies.find(x => x.key === name)
  if (!cookie) {
    return reject('no_list_cookie')
  const cookieValue = cookie.val
  if (!cookieValue) {
    return reject('no_list_cookie_value')
  const [version, userId, created, sig] = cookieValue.split('|')
    if (version !== 'v1') {
      return reject('invalid_version')
    let creationDate, validFrom
    if (created.includes('P')) {
      const [date, duration] = created.split('P')
      creationDate = moment(date)
      const dur = moment.duration('P'+duration)
      validFrom = moment().subtract(dur)
    } else {
      creationDate = moment(created)
      validFrom = moment().subtract(30, 'days')
    const validTo = moment()
    if (!creationDate.isBetween(validFrom, validTo)) {
      return reject('expired_token')
    const token = `v1|${userId}|${created}`
    const hash = crypto
      .createHmac('sha256', secret)
      .update(token)
      .digest('base64')
    if (hash !== sig) {
      return reject(`invalid_signature ${hash} !== ${sig}`)
    req.userId = userId
    return next()

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FilesExpand file tree

codeite-auth.js

Latest commit

History

codeite-auth.js

File metadata and controls