· 7 years ago · Mar 16, 2018, 05:00 AM
1const AWS = require('aws-sdk');
2const CognitoUserPool = require('amazon-cognito-identity-js').CognitoUserPool;
3const CognitoUserSession = require('amazon-cognito-identity-js')
4 .CognitoUserSession;
5const CognitoUser = require('amazon-cognito-identity-js').CognitoUser;
6const CognitoIdToken = require('amazon-cognito-identity-js').CognitoIdToken;
7const CognitoAccessToken = require('amazon-cognito-identity-js')
8 .CognitoAccessToken;
9const CognitoRefreshToken = require('amazon-cognito-identity-js')
10 .CognitoRefreshToken;
11
12// const cfg = require('config').config;
13const COGNITO_IDENTITY_POOL_ID =
14 'us-east-1:63eff7aa-a95c-46cb-a30a-19f0e028a622';
15const COGNITO_USER_POOL_ID = 'us-east-1_wyh3IWxvT';
16const COGNITO_CLIENT_ID = '3ce42aphh8medg8j58lnn9a2rb';
17// const AWS_API_GATEWAY_HOSTNAME = cfg.AWS_API_GATEWAY_HOSTNAME;
18const AWS_REGION = 'us-east-1';
19
20// Redirect to "/login" if a user is not logged-in.
21// exports.authorize = require('connect-ensure-login').ensureLoggedIn('/login');
22
23export function authorizeUser(req, res, next) {
24 AWS.config.region = AWS_REGION;
25 const tokens = req.user.tokens;
26 AWS.config.credentials = getCognitoIdentityCredentials(tokens);
27 AWS.config.credentials.get(function(err) {
28 if (err) {
29 throw err;
30 }
31 req.session.identityId = AWS.config.credentials.identityId;
32 const credentials = AWS.config.credentials.data.Credentials;
33 req.session.AWSCredentials = getAWSCredentials(credentials);
34 next();
35 });
36}
37
38export function checkTokenExpiration(req, res, next) {
39 const AccessToken = new CognitoAccessToken({
40 AccessToken: req.user.tokens.accessToken,
41 });
42 const IdToken = new CognitoIdToken({ IdToken: req.user.tokens.idToken });
43 const RefreshToken = new CognitoRefreshToken({
44 RefreshToken: req.user.tokens.refreshToken,
45 });
46 const sessionData = {
47 IdToken: IdToken,
48 AccessToken: AccessToken,
49 RefreshToken: RefreshToken,
50 };
51 const cachedSession = new CognitoUserSession(sessionData);
52
53 if (cachedSession.isValid()) {
54 next();
55 } else {
56 var cognitoUser = getCognitoUser(req);
57 cognitoUser.refreshSession(RefreshToken, (err, session) => {
58 if (err) {
59 throw err;
60 }
61 const tokens = getTokens(session);
62 AWS.config.credentials = getCognitoIdentityCredentials(tokens);
63 AWS.config.credentials.get(function() {
64 const credentials = AWS.config.credentials.data.Credentials;
65 req.session.AWSCredentials = getAWSCredentials(credentials);
66 next();
67 });
68 });
69 }
70}
71
72export function getCognitoUser(req) {
73 const poolData = {
74 UserPoolId: COGNITO_USER_POOL_ID,
75 ClientId: COGNITO_CLIENT_ID,
76 };
77 const userPool = new CognitoUserPool(poolData);
78 const userData = {
79 Username: req.user.email,
80 Pool: userPool,
81 };
82 return new CognitoUser(userData);
83}
84
85export function getTokens(session) {
86 return {
87 accessToken: session.getAccessToken().getJwtToken(),
88 idToken: session.getIdToken().getJwtToken(),
89 refreshToken: session.getRefreshToken().getToken(),
90 };
91}
92
93export function getCognitoIdentityCredentials(tokens) {
94 const loginInfo = {};
95 loginInfo[`cognito-idp.${AWS_REGION}.amazonaws.com/${COGNITO_USER_POOL_ID}`] = tokens.idToken;
96 const params = {
97 IdentityPoolId: COGNITO_IDENTITY_POOL_ID,
98 Logins: loginInfo,
99 };
100 return new AWS.CognitoIdentityCredentials(params);
101}
102
103export function getAWSCredentials(credentials) {
104 /* return {
105 accessKey: credentials.AccessKeyId,
106 secretKey: credentials.SecretKey,
107 sessionToken: credentials.SessionToken,
108 region: AWS_REGION,
109 invokeUrl: 'https://' + AWS_API_GATEWAY_HOSTNAME,
110 }; */
111 return {};
112}