-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauth0mqtt.ts
119 lines (105 loc) · 4.25 KB
/
auth0mqtt.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
/**
* Based on the Auth0 post: https://auth0.com/docs/integrations/authenticating-devices-using-mqtt
* Based on code deloped by @eugenioip in Github: https://github.com/eugeniop/auth0mosca
*/
import { post } from "request";
import { verify } from "jsonwebtoken";
import rp from "request-promise";
class Auth0Mosca {
auth0Namespace: string;
connection: any;
clientId: string;
clientSecret: string;
clientAudience: string;
clientIssuer: string;
constructor(auth0Namespace, clientId, clientSecret, connection, clientAudience, clientIssuer) {
this.auth0Namespace = auth0Namespace
this.connection = connection
this.clientId = clientId
this.clientSecret = clientSecret
this.clientAudience = clientAudience
this.clientIssuer = clientIssuer
}
authenticateWithJWT() {
return function (client, username: string, password: string, callback) {
if (username !== 'JWT') {
return callback("Invalid Credentials", false)
}
verify(
password.toString(),
this.clientSecret, {
audience: this.clientAudience,
issuer: this.clientIssuer,
algorithms: ['HS256']
},
function (err, profile) {
if (err) {
console.log(err)
return callback("Error getting UserInfo", false)
}
console.log("Authenticated client " + profile.user_id)
console.log(profile.topics)
client.deviceProfile = profile
return callback(null, true)
})
}
}
authenticateWithCredentials() {
return function (client, username, password, callback) {
var data = {
client_id: this.clientId, // {client-name}
username: username.toString(),
password: password.toString(),
connection: this.connection,
grant_type: "password",
scope: 'openid name email' //Details: https:///scopes
}
post({
headers: {
"Content-type": "application/json"
},
url: this.auth0Namespace + '/oauth/ro',
body: JSON.stringify(data)
}, function (e, r, b) {
if (e) {
console.log('Error in Authentication')
return callback(e, false)
}
var r = JSON.parse(b)
if (r.error) {
return callback(r, false)
}
verify(r.id_token, this.clientSecret, function (err, profile) {
if (err) {
return callback("Error getting UserInfo", false)
}
client.deviceProfile = profile
return callback(null, true)
})
})
}
}
authorizePublish() {
return function (client, topic: string, payload, callback) {
// Checks if client has a deviceProfile property
if (client.deviceProfile.topics !== undefined) {
callback(null, client.deviceProfile && client.deviceProfile.topics && client.deviceProfile.topics.indexOf(topic) > -1)
} else {
// Check to see if client id is in the topic name
callback(null, topic.toString().indexOf(client.id.toString()) > -1)
}
}
}
authorizeSubscribe() {
return function (client, topic: string, callback) {
// Checks if client has a deviceProfile property
if (client.deviceProfile.topics !== undefined) {
callback(null, client.deviceProfile && client.deviceProfile.topics && client.deviceProfile.topics.indexOf(topic) > -1)
} else {
// Check to see if client id is in the topic name
callback(null, topic.toString().indexOf(client.id.toString()) > -1)
}
}
}
}
export default Auth0Mosca;