Auth Example

1. /**
2.  * Vuex
3.  */
4.  
5. import {
6.   AUTH_NAMESPACE,
7.   AuthGetterTypes,
8.   AuthActionTypes,
9. } from '@/store/modules/auth';
10.  
11. /**
12.  * Data
13.  */
14.  
15. import PageNames from '@/data/enum/page-names';
16. import Statuses from '@/data/enum/generic-statuses';
17. import Roles from '@/data/enum/roles';
18. import API_CONFIG from '@/data/api-config';
19.  
20. /**
21.  * Utils
22.  */
23.  
24. import axios from 'axios';
25. import { findLast, get } from 'lodash';
26. import { inNavRoutes } from '@/router';
27.  
28.  
29. /**
30.  * @desc Will store an instance of VueRouter after applying the auth-plugin.
31.  *
32.  * @type {WeakMap<Object, any>}
33.  */
34. const routerInstance = new WeakMap();
35.  
36. /**
37.  * @desc Will store an instance of Vuex after applying the auth-plugin.
38.  *
39.  * @type {WeakMap<Object, any>}
40.  */
41. const storeInstance = new WeakMap();
42.  
43. /* eslint-disable dot-notation */
44.  
45. export default {
46.   /**
47.    * @desc Install method to register plugin with VueJS.
48.    *
49.    * @param {Object} Vue
50.    * @param {Object} router
51.    * @param {Object} store
52.    */
53.   install(Vue, {
54.     router,
55.     store,
56.   }) {
57.     /**
58.      * @desc Interceptor to set Auth header.
59.      */
60.     axios.interceptors.request.use((config) => {
61.       const authUrl = `${API_CONFIG.XXX.HOST}${API_CONFIG.XXX.ENDPOINTS.AUTH.CREATE_TOKEN.path}`;
62.  
63.       if (config.url !== authUrl) {
64.         const accessToken = store.getters[`${AUTH_NAMESPACE}/${AuthGetterTypes.accessToken}`];
65.         const hasAuthHeader = !!config['Authorization'];
66.  
67.         if (accessToken && !hasAuthHeader) {
68.           this.$_setAuthHeader(config);
69.         }
70.       }
71.  
72.       return config;
73.     });
74.  
75.     /**
76.      * @desc Interceptor to refresh token if it has been overdue.
77.      *
78.      * @modifies {refreshCounter}
79.      */
80.     axios.interceptors.response.use(
81.       response => response,
82.       async (error) => {
83.         if (this.$_isInvalidToken(error)) {
84.           await this.$_refreshToken(error);
85.  
86.           return this.$_retryRequest(error.config);
87.         }
88.  
89.         throw error;
90.       },
91.     );
92.  
93.     /**
94.      * @desc Guard to check does user granted to see the page.
95.      */
96.     router.beforeEach(async (to, from, next) => {
97.       try {
98.         const hasTokens = store.getters[`${AUTH_NAMESPACE}/${AuthGetterTypes.hasTokens}`];
99.  
100.         if (hasTokens && !this.checkRole()) {
101.           await store.dispatch(`${AUTH_NAMESPACE}/${AuthActionTypes.loadUser}`);
102.  
103.           store.dispatch(`${AUTH_NAMESPACE}/${AuthActionTypes.setAuthFulfilled}`);
104.         }
105.  
106.         if (this.checkRole() && to.name === PageNames.SIGN_IN) {
107.           return next({ name: PageNames.DASHBOARD });
108.         } else if (to.name !== PageNames.SIGN_IN) {
109.           this.$_routeCheckAuth(to, from, next);
110.         }
111.  
112.         return next();
113.       } catch (error) {
114.         next({
115.           name: PageNames.SIGN_IN,
116.         });
117.  
118.         throw error;
119.       }
120.     });
121.  
122.     /**
123.      * @desc Guard to close all notifications and messages before transition to another route.
124.      */
125.     router.beforeEach((to, from, next) => {
126.       document.title = to.name;
127.  
128.       /**
129.        * @desc Close all notifications.
130.        * @type {NodeListOf<Element>}
131.        */
132.  
133.       const notificationCloseButtons = document.querySelectorAll('.el-notification__closeBtn');
134.  
135.       if (notificationCloseButtons.length) {
136.         notificationCloseButtons.forEach((closeButton) => {
137.           closeButton.click();
138.         });
139.       }
140.  
141.       /**
142.        * @desc Close all messages.
143.        * @type {NodeListOf<Element>}
144.        */
145.  
146.       const messageCloseButtons = document.querySelectorAll('.el-message__closeBtn');
147.  
148.       if (messageCloseButtons.length) {
149.         messageCloseButtons.forEach((closeButton) => {
150.           closeButton.click();
151.         });
152.       }
153.  
154.       next();
155.     });
156.  
157.     routerInstance.set(this, router);
158.     storeInstance.set(this, store);
159.  
160.     // eslint-disable-next-line no-param-reassign
161.     Vue.prototype.$auth = this;
162.     // eslint-disable-next-line no-param-reassign
163.     Vue.auth = this;
164.   },
165.  
166.   /**
167.    * @desc Perform sign in.
168.    *
169.    * @param {Object} credentials
170.    * @param {string|Object} redirect
171.    * @returns {Promise}
172.    */
173.   async signIn(credentials, redirect) {
174.     let store = null;
175.     let router = null;
176.  
177.     try {
178.       store = storeInstance.get(this);
179.       router = routerInstance.get(this);
180.  
181.       store.dispatch(`${AUTH_NAMESPACE}/${AuthActionTypes.setAuthPending}`);
182.  
183.       const { username, password } = credentials;
184.  
185.       const response = await this.$_passwordGrant(username, password);
186.  
187.       this.$_storeTokens(response.access_token, response.refresh_token);
188.  
189.       await store.dispatch(`${AUTH_NAMESPACE}/${AuthActionTypes.loadUser}`);
190.  
191.       store.dispatch(`${AUTH_NAMESPACE}/${AuthActionTypes.setAuthFulfilled}`);
192.  
193.       if (!this.checkRole(Roles.EDITOR)) {
194.         this.signOut();
195.  
196.         throw new Error('The user credentials were incorrect.');
197.       }
198.  
199.       router.push(redirect || {
200.         name: PageNames.DASHBOARD,
201.       });
202.  
203.       return true;
204.     } catch (error) {
205.       if (process.env.VUE_APP_CONSOLE_MESSAGES === 'on') {
206.         console.warn('[Auth] An error occurred while signin in.', error || '(no data)');
207.       }
208.  
209.       store.dispatch(`${AUTH_NAMESPACE}/${AuthActionTypes.setAuthRejected}`);
210.  
211.       throw error;
212.     }
213.   },
214.  
215.   /**
216.    * @desc Perform sign out.
217.    *
218.    * @param {string|Object} redirect
219.    */
220.   signOut(redirect) {
221.     const store = storeInstance.get(this);
222.     const router = routerInstance.get(this);
223.  
224.     store.dispatch(`${AUTH_NAMESPACE}/${AuthActionTypes.resetAuthState}`);
225.  
226.     router.push(redirect || `/${PageNames.SIGN_IN}`);
227.   },
228.  
229.   /**
230.    * @desc Get the currently authenticated user.
231.    *
232.    * @returns {Object|null}
233.    */
234.   getUser() {
235.     const store = storeInstance.get(this);
236.  
237.     return store.getters[`${AUTH_NAMESPACE}/${AuthGetterTypes.user}`];
238.   },
239.  
240.   /**
241.    * @desc Check if the currently authenticated user has a specific role.
242.    *
243.    * @param {string} role
244.    * @returns {boolean}
245.    */
246.   checkRole(role) {
247.     const store = storeInstance.get(this);
248.     const user = this.getUser();
249.     const isAuthFulfilled = store.getters[`${AUTH_NAMESPACE}/${AuthGetterTypes.authStatus}`] === Statuses.FULFILLED;
250.  
251.     if (user === null || isAuthFulfilled === false) {
252.       return false;
253.     }
254.  
255.     if (typeof role === 'string') {
256.       const { granted } = user;
257.  
258.       if (granted) {
259.         return granted.findIndex(role_ => role_ === role) !== -1;
260.       }
261.  
262.       return false;
263.     }
264.  
265.     return true;
266.   },
267.  
268.   /**
269.    * @desc Refresh the current token.
270.    *
271.    * @param {*} error
272.    * @modifies {refreshCounter}
273.    * @returns {Promise}
274.    */
275.   async $_refreshToken(error) {
276.     let store = null;
277.  
278.     try {
279.       store = storeInstance.get(this);
280.       const hasTokens = store.getters[`${AUTH_NAMESPACE}/${AuthGetterTypes.hasTokens}`];
281.  
282.       if (!hasTokens) {
283.         throw error;
284.       }
285.  
286.       const response = await this.$_refreshTokenGrant(store.getters[`${AUTH_NAMESPACE}/${AuthGetterTypes.refreshToken}`]);
287.  
288.       if (response) {
289.         this.$_storeTokens(response.access_token, response.refresh_token);
290.  
291.         return true;
292.       }
293.  
294.       return false;
295.     } catch (error_) {
296.       if (process.env.VUE_APP_CONSOLE_MESSAGES === 'on') {
297.         console.warn('[Auth] An error occurred while refreshing token.', error_ || '(no data)');
298.       }
299.  
300.       this.signOut();
301.  
302.       throw error_;
303.     }
304.   },
305.  
306.   /**
307.    * @desc Retry a request.
308.    *
309.    * @param {Object} config
310.    * @returns {AxiosPromise}
311.    */
312.   async $_retryRequest(config) {
313.     try {
314.       const authUrl = `${API_CONFIG.XXX.HOST}${API_CONFIG.XXX.ENDPOINTS.AUTH.CREATE_TOKEN.path}`;
315.  
316.       if (config.url !== authUrl) {
317.         this.$_setAuthHeader(config);
318.       }
319.  
320.       return await axios(config);
321.     } catch (error) {
322.       if (process.env.VUE_APP_CONSOLE_MESSAGES === 'on') {
323.         console.warn('[Auth] An error occurred while retrying request.', error || '(no data)');
324.       }
325.  
326.       throw error;
327.     }
328.   },
329.  
330.   /**
331.    * @desc Set the Authorization header on an outgoing request.
332.    *
333.    * @param {Object} config
334.    */
335.   $_setAuthHeader(config) {
336.     const store = storeInstance.get(this);
337.     const accessToken = store.getters[`${AUTH_NAMESPACE}/${AuthGetterTypes.accessToken}`];
338.  
339.     // eslint-disable-next-line no-param-reassign
340.     config.headers['Authorization'] = `Bearer ${accessToken}`;
341.   },
342.  
343.   /**
344.    * @desc Store access and refresh tokens in the store.
345.    *
346.    * @param {string} accessToken
347.    * @param {string} refreshToken
348.    */
349.   $_storeTokens(accessToken, refreshToken) {
350.     const store = storeInstance.get(this);
351.  
352.     store.dispatch(`${AUTH_NAMESPACE}/${AuthActionTypes.storeTokens}`, {
353.       accessToken,
354.       refreshToken,
355.     });
356.   },
357.  
358.   /**
359.    * @desc Check if the response is caused by an invalid i.e., outdated token.
360.    *
361.    * @param {Object} error
362.    * @returns {boolean}
363.    */
364.   $_isInvalidToken(error) {
365.     const { response } = error;
366.  
367.     const authUrl = `${API_CONFIG.XXX.HOST}${API_CONFIG.XXX.ENDPOINTS.AUTH.CREATE_TOKEN.path}`;
368.  
369.     const STATUS_CODE_UNAUTHORIZED = 401;
370.  
371.     return get(response, 'config.url') !== authUrl && get(response, 'status') === STATUS_CODE_UNAUTHORIZED;
372.   },
373.  
374.   /**
375.    * @desc Route guard.
376.    *
377.    * @param {Object} to
378.    * @param {Object} from
379.    * @param {Function} next
380.    */
381.   $_routeCheckAuth(to, from, next) {
382.     const route = findLast(to.matched, route_ => route_.meta.requiresAuth);
383.     const requiredRole = get(route, 'meta.requiresAuth');
384.  
385.     if (!this.checkRole() && requiredRole) {
386.       return next({ name: PageNames.SIGN_IN });
387.     }
388.  
389.     if (!this.checkRole(requiredRole)) {
390.       // eslint-disable-next-line arrow-body-style
391.       const firstEligibleRoute = inNavRoutes.find((nextRoute) => {
392.         return !nextRoute.meta.requiresAuth || this.checkRole(nextRoute.meta.requiresAuth);
393.       });
394.  
395.       if (!firstEligibleRoute) {
396.         return this.signOut();
397.       }
398.  
399.       if (from.name !== firstEligibleRoute.name) {
400.         return next({ name: firstEligibleRoute.name });
401.       }
402.     } else {
403.       return next();
404.     }
405.  
406.     return false;
407.   },
408.  
409.   /**
410.    * @desc Method for authentication with password.
411.    *
412.    * @param {string} username
413.    * @param {string} password
414.    * @returns {Promise}
415.    */
416.   $_passwordGrant(username, password) {
417.     if (!(typeof username === 'string' && !!username.trim()) && !(typeof password === 'string' && !!password.trim())) {
418.       throw new TypeError('Username and password must be non-empty strings.');
419.     }
420.  
421.     return this.$_createToken('password', { username: username.trim(), password: password.trim() });
422.   },
423.  
424.   /**
425.    * @desc Method for refreshing expired access tokens.
426.    *
427.    * @param {string} refreshToken
428.    * @returns {Promise}
429.    */
430.   $_refreshTokenGrant(refreshToken) {
431.     if (!(typeof refreshToken === 'string' && !!refreshToken.trim())) {
432.       throw new TypeError('Refresh token must be non-empty string.');
433.     }
434.  
435.     return this.$_createToken('refresh_token', { refresh_token: refreshToken.trim() });
436.   },
437.  
438.   /**
439.    * @desc Method for creating access token.
440.    *
441.    * @param {string} grantType
442.    * @param {Object} payload
443.    * @returns {Promise}
444.    */
445.   async $_createToken(grantType, payload) {
446.     try {
447.       if (!(typeof grantType === 'string' && !!grantType.trim())) {
448.         throw new TypeError('Grant type must be non-empty string.');
449.       }
450.  
451.       const { method, path } = API_CONFIG.XXX.ENDPOINTS.AUTH.CREATE_TOKEN;
452.       const { HOST: host, OPTIONS: options } = API_CONFIG.XXX;
453.  
454.       const response = await axios[method](
455.         `${host}${path}`,
456.         { grant_type: grantType, ...payload },
457.         options,
458.       );
459.  
460.       return response.data.data;
461.     } catch (error) {
462.       if (process.env.VUE_APP_CONSOLE_MESSAGES === 'on') {
463.         console.warn(`[Auth] An error occurred while creating token with ${grantType} grant.`, error || '(no data)');
464.       }
465.  
466.       throw error;
467.     }
468.   },
469. };