import * as uuidv4 from 'uuid/v4';import moment = require("moment");export

1. import * as uuidv4 from 'uuid/v4';
2. import moment = require("moment");
3.  
4. export class AuthService {
5.   private userStates: Array<any> = new Array<any>();
6.  
7.   constructor(private config) {
8.    
9.   }
10.  
11.   public createAuthUrl(userId: string) {
12.     this.userStates = new Array<any>();
13.     let state = {
14.       securityToken: uuidv4(),
15.       userId: userId
16.     };
17.  
18.     this.signOut(userId);
19.     this.userStates.push(state);
20.  
21.     return `${this.config.baseUrl}/html/auth-start.html?authorizationUrl=` + encodeURIComponent(`https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=${this.config.bot.appId}&response_type=code&response_mode=query&scope=offline_access%20User.ReadBasic.All%20People.Read&state=${JSON.stringify(state)}&redirect_uri=${this.config.baseUrl}/callback`);
22.   }
23.  
24.   public getUserState(userId: string) {
25.     return this.userStates.find(user => user.userId == userId);
26.   }
27.  
28.   public verifyToken(token: string, userId: string): boolean {
29.     const storedState = this.userStates.find(state => state.securityToken === token);
30.     const tokenVerified = storedState.userId === userId;
31.     if (tokenVerified) {
32.       storedState.verified = true;
33.     }
34.     return tokenVerified;
35.  
36.   }
37.  
38.   public async associateAuthKey(code: any, savedState: any) {
39.     const res = await fetch("https://login.microsoftonline.com/common/oauth2/v2.0/token",
40.       {
41.         method: 'POST',
42.       body: `client_secret=${this.config.bot.appPassword}&grant_type=authorization_code&client_id=${this.config.bot.appId}&scope=offline_access%20User.ReadBasic.All%20People.Read&code=${code}&redirect_uri=${encodeURIComponent(this.config.baseUrl + "/callback")}`,
43.         headers:
44.           {
45.             "Content-Type": "application/x-www-form-urlencoded"
46.           }
47.       });
48.     const json = await res.json();
49.     savedState.accessToken = json.access_token;
50.     savedState.refreshToken = json.refresh_token;
51.     savedState.expiresAt = moment().add(json.expires_in-60, "s");
52.   }
53.  
54.   public async getAuthKey(userId: string): Promise<string> {
55.     const state = this.getUserState(userId);
56.    
57.     if (state && state.verified) {
58.       if (moment().isBefore(state.expiresAt)) {
59.         return state.accessToken;
60.       } else {
61.         const res = await fetch("https://login.microsoftonline.com/common/oauth2/v2.0/token",
62.           {
63.             method: 'POST',
64.             body: `client_secret=${this.config.bot.appPassword}&grant_type=refresh_token&client_id=${this.config.bot.appId}&refresh_token=${state.refreshToken}`,
65.             headers:
66.               {
67.                 "Content-Type": "application/x-www-form-urlencoded"
68.               }
69.           });
70.         const json  = await res.json();
71.         state.accessToken = json.access_token;
72.         state.refreshToken = json.refresh_token;
73.         state.expiresAt = moment().add(json.expires_in-60, "s");
74.         return state.accessToken;
75.       }
76.     }
77.   }
78.  
79.   public signedIn(userId: string): boolean {
80.     return this.userStates.some(state => state.userId == userId && state.verified);
81.   }
82.  
83.   public signOut(userId: string) {
84.     this.userStates = this.userStates.filter(state => state.userId !== userId);
85.   }
86. }