chore: Move to Typescript (#2783)

This PR moves the entire project to Typescript. Due to the ~1000 ignores this will lead to a messy codebase for a while, but the churn is worth it – all of those ignore comments are places that were never type-safe previously. closes #1282
2021-11-29 06:40:55 -08:00
parent 25ccfb5d04
commit 15b1069bcc
1017 changed files with 17410 additions and 54942 deletions
--- a/server/middlewares/authentication.ts
+++ b/server/middlewares/authentication.ts
@@ -0,0 +1,106 @@
+import { User, Team, ApiKey } from "@server/models";
+import { getUserForJWT } from "@server/utils/jwt";
+import { AuthenticationError, UserSuspendedError } from "../errors";
+import { ContextWithState } from "../types";
+
+export default function auth(
+  options: {
+    required?: boolean;
+  } = {}
+) {
+  return async function authMiddleware(
+    ctx: ContextWithState,
+    next: () => Promise<unknown>
+  ) {
+    let token;
+    const authorizationHeader = ctx.request.get("authorization");
+
+    if (authorizationHeader) {
+      const parts = authorizationHeader.split(" ");
+
+      if (parts.length === 2) {
+        const scheme = parts[0];
+        const credentials = parts[1];
+
+        if (/^Bearer$/i.test(scheme)) {
+          token = credentials;
+        }
+      } else {
+        throw AuthenticationError(
+          `Bad Authorization header format. Format is "Authorization: Bearer <token>"`
+        );
+      }
+      // @ts-expect-error ts-migrate(2571) FIXME: Object is of type 'unknown'.
+    } else if (ctx.body && ctx.body.token) {
+      // @ts-expect-error ts-migrate(2571) FIXME: Object is of type 'unknown'.
+      token = ctx.body.token;
+    } else if (ctx.request.query.token) {
+      token = ctx.request.query.token;
+    } else {
+      token = ctx.cookies.get("accessToken");
+    }
+
+    if (!token && options.required !== false) {
+      throw AuthenticationError("Authentication required");
+    }
+
+    let user;
+
+    if (token) {
+      if (String(token).match(/^[\w]{38}$/)) {
+        ctx.state.authType = "api";
+        let apiKey;
+
+        try {
+          apiKey = await ApiKey.findOne({
+            where: {
+              secret: token,
+            },
+          });
+        } catch (err) {
+          throw AuthenticationError("Invalid API key");
+        }
+
+        if (!apiKey) {
+          throw AuthenticationError("Invalid API key");
+        }
+
+        user = await User.findByPk(apiKey.userId, {
+          include: [
+            {
+              model: Team,
+              as: "team",
+              required: true,
+            },
+          ],
+        });
+
+        if (!user) {
+          throw AuthenticationError("Invalid API key");
+        }
+      } else {
+        ctx.state.authType = "app";
+        user = await getUserForJWT(String(token));
+      }
+
+      if (user.isSuspended) {
+        const suspendingAdmin = await User.findOne({
+          where: {
+            id: user.suspendedById,
+          },
+          paranoid: false,
+        });
+        throw UserSuspendedError({
+          adminEmail: suspendingAdmin.email,
+        });
+      }
+
+      // not awaiting the promise here so that the request is not blocked
+      user.updateActiveAt(ctx.request.ip);
+      ctx.state.token = String(token);
+      ctx.state.user = user;
+    }
+
+    return next();
+  };
+}