lib6/auth-token-manager.js
/**
* Copyright (c) "Neo4j"
* Neo4j Sweden AB [https://neo4j.com]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
import auth from './auth';
import { util } from './internal';
/**
* Interface for the piece of software responsible for keeping track of current active {@link AuthToken} across the driver.
* @interface
* @since 5.14
*/
export default class AuthTokenManager {
/**
* Returns a valid token.
*
* **Warning**: This method must only ever return auth information belonging to the same identity.
* Switching identities using the `AuthTokenManager` is undefined behavior.
*
* @returns {Promise<AuthToken>|AuthToken} The valid auth token or a promise for a valid auth token
*/
getToken() {
throw new Error('Not Implemented');
}
/**
* Handles an error notification emitted by the server if a security error happened.
*
* @param {AuthToken} token The expired token.
* @param {`Neo.ClientError.Security.${string}`} securityErrorCode the security error code returned by the server
* @return {boolean} whether the exception was handled by the manager, so the driver knows if it can be retried..
*/
handleSecurityException(token, securityErrorCode) {
throw new Error('Not implemented');
}
}
/**
* Interface which defines an {@link AuthToken} with an expiration data time associated
* @interface
* @since 5.14
*/
export class AuthTokenAndExpiration {
constructor() {
/**
* The {@link AuthToken} used for authenticate connections.
*
* @type {AuthToken}
* @see {auth}
*/
this.token = auth.none();
/**
* The expected expiration date of the auth token.
*
* This information will be used for triggering the auth token refresh
* in managers created with {@link authTokenManagers#bearer}.
*
* If this value is not defined, the {@link AuthToken} will be considered valid
* until a `Neo.ClientError.Security.TokenExpired` error happens.
*
* @type {Date|undefined}
*/
this.expiration = undefined;
}
}
/**
* Defines the object which holds the common {@link AuthTokenManager} used in the Driver
*/
class AuthTokenManagers {
/**
* Creates a {@link AuthTokenManager} for handle {@link AuthToken} which is expires.
*
* **Warning**: `tokenProvider` must only ever return auth information belonging to the same identity.
* Switching identities using the `AuthTokenManager` is undefined behavior.
*
* @param {object} param0 - The params
* @param {function(): Promise<AuthTokenAndExpiration>} param0.tokenProvider - Retrieves a new valid auth token.
* Must only ever return auth information belonging to the same identity.
* @returns {AuthTokenManager} The temporal auth data manager.
*/
bearer({ tokenProvider }) {
if (typeof tokenProvider !== 'function') {
throw new TypeError(`tokenProvider should be function, but got: ${typeof tokenProvider}`);
}
return new ExpirationBasedAuthTokenManager(tokenProvider, [
'Neo.ClientError.Security.Unauthorized',
'Neo.ClientError.Security.TokenExpired'
]);
}
/**
* Creates a {@link AuthTokenManager} for handle {@link AuthToken} and password rotation.
*
* **Warning**: `tokenProvider` must only ever return auth information belonging to the same identity.
* Switching identities using the `AuthTokenManager` is undefined behavior.
*
* @param {object} param0 - The params
* @param {function(): Promise<AuthToken>} param0.tokenProvider - Retrieves a new valid auth token.
* Must only ever return auth information belonging to the same identity.
* @returns {AuthTokenManager} The basic auth data manager.
*/
basic({ tokenProvider }) {
if (typeof tokenProvider !== 'function') {
throw new TypeError(`tokenProvider should be function, but got: ${typeof tokenProvider}`);
}
return new ExpirationBasedAuthTokenManager(() => __awaiter(this, void 0, void 0, function* () {
return { token: yield tokenProvider() };
}), ['Neo.ClientError.Security.Unauthorized']);
}
}
/**
* Holds the common {@link AuthTokenManagers} used in the Driver.
*/
const authTokenManagers = new AuthTokenManagers();
Object.freeze(authTokenManagers);
export { authTokenManagers };
/**
* Create a {@link AuthTokenManager} for handle static {@link AuthToken}
*
* @private
* @param {param} args - The args
* @param {AuthToken} args.authToken - The static auth token which will always used in the driver.
* @returns {AuthTokenManager} The temporal auth data manager.
*/
export function staticAuthTokenManager({ authToken }) {
return new StaticAuthTokenManager(authToken);
}
class TokenRefreshObservable {
constructor(_subscribers = []) {
this._subscribers = _subscribers;
}
subscribe(sub) {
this._subscribers.push(sub);
}
onCompleted(data) {
this._subscribers.forEach(sub => sub.onCompleted(data));
}
onError(error) {
this._subscribers.forEach(sub => sub.onError(error));
}
}
class ExpirationBasedAuthTokenManager {
constructor(_tokenProvider, _handledSecurityCodes, _currentAuthData, _refreshObservable) {
this._tokenProvider = _tokenProvider;
this._handledSecurityCodes = _handledSecurityCodes;
this._currentAuthData = _currentAuthData;
this._refreshObservable = _refreshObservable;
}
getToken() {
var _a;
return __awaiter(this, void 0, void 0, function* () {
if (this._currentAuthData === undefined ||
(this._currentAuthData.expiration !== undefined &&
this._currentAuthData.expiration < new Date())) {
yield this._refreshAuthToken();
}
return (_a = this._currentAuthData) === null || _a === void 0 ? void 0 : _a.token;
});
}
handleSecurityException(token, securityErrorCode) {
var _a;
if (this._handledSecurityCodes.includes(securityErrorCode)) {
if (util.equals(token, (_a = this._currentAuthData) === null || _a === void 0 ? void 0 : _a.token)) {
this._scheduleRefreshAuthToken();
}
return true;
}
return false;
}
_scheduleRefreshAuthToken(observer) {
if (this._refreshObservable === undefined) {
this._currentAuthData = undefined;
this._refreshObservable = new TokenRefreshObservable();
Promise.resolve(this._tokenProvider())
.then(data => {
var _a;
this._currentAuthData = data;
(_a = this._refreshObservable) === null || _a === void 0 ? void 0 : _a.onCompleted(data);
})
.catch(error => {
var _a;
(_a = this._refreshObservable) === null || _a === void 0 ? void 0 : _a.onError(error);
})
.finally(() => {
this._refreshObservable = undefined;
});
}
if (observer !== undefined) {
this._refreshObservable.subscribe(observer);
}
}
_refreshAuthToken() {
return __awaiter(this, void 0, void 0, function* () {
return yield new Promise((resolve, reject) => {
this._scheduleRefreshAuthToken({
onCompleted: resolve,
onError: reject
});
});
});
}
}
class StaticAuthTokenManager {
constructor(_authToken) {
this._authToken = _authToken;
}
getToken() {
return this._authToken;
}
handleSecurityException(_, __) {
return false;
}
}
