freeCodeCamp/api-server/server/middlewares/request-authorization.js

import loopback from 'loopback';
import jwt from 'jsonwebtoken';
import { isBefore } from 'date-fns';
import { isEmpty } from 'lodash';

import { homeLocation } from '../../../config/env';

import { wrapHandledError } from '../utils/create-handled-error';

// We need to tunnel through a proxy path set up within
// the gatsby app, at this time, that path is /internal
const apiProxyRE = /^\/internal\/|^\/external\//;
const newsShortLinksRE = /^\/internal\/n\/|^\/internal\/p\?/;
const loopbackAPIPathRE = /^\/internal\/api\//;

const _whiteListREs = [newsShortLinksRE, loopbackAPIPathRE];

export function isWhiteListedPath(path, whiteListREs = _whiteListREs) {
  return whiteListREs.some(re => re.test(path));
}

export default ({
  _jwtSecret = process.env.JWT_SECRET,
  getUserById = _getUserById
} = {}) =>
  function requestAuthorisation(req, res, next) {
    const { path } = req;
    if (apiProxyRE.test(path) && !isWhiteListedPath(path)) {
      const cookie =
        (req.signedCookies && req.signedCookies['jwt_access_token']) ||
        (req.cookie && req.cookie['jwt_access_token']);

      if (!cookie) {
        throw wrapHandledError(
          new Error('Access token is required for this request'),
          {
            type: 'info',
            redirect: `${homeLocation}/signin`,
            message: 'Access token is required for this request',
            status: 403
          }
        );
      }
      let token;
      try {
        token = jwt.verify(cookie, _jwtSecret);
      } catch (err) {
        throw wrapHandledError(new Error(err.message), {
          type: 'info',
          redirect: `${homeLocation}/signin`,
          message: 'Your access token is invalid',
          status: 403
        });
      }
      const {
        accessToken: { created, ttl, userId }
      } = token;
      const valid = isBefore(Date.now(), Date.parse(created) + ttl);
      if (!valid) {
        throw wrapHandledError(new Error('Access token is no longer vaild'), {
          type: 'info',
          redirect: `${homeLocation}/signin`,
          message: 'Access token is no longer vaild',
          status: 403
        });
      }

      if (isEmpty(req.user)) {
        return getUserById(userId)
          .then(user => {
            if (user) {
              user.points = user.progressTimestamps.length;
              req.user = user;
            }
            return;
          })
          .then(next)
          .catch(next);
      } else {
        return Promise.resolve(next());
      }
    }
    return Promise.resolve(next());
  };

export function _getUserById(id) {
  const User = loopback.getModelByType('User');
  return new Promise((resolve, reject) =>
    User.findById(id, (err, instance) => {
      if (err) {
        return reject(err);
      }
      return resolve(instance);
    })
  );
}
fix(external): Ensure req.user on verified web token (#17225) 2018-05-24 12:19:51 +01:00			`import loopback from 'loopback';`
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`import jwt from 'jsonwebtoken';`
			`import { isBefore } from 'date-fns';`
chore: Add tests for jwt authorization 2019-02-20 18:18:50 +00:00			`import { isEmpty } from 'lodash';`
fix(external): Ensure req.user on verified web token (#17225) 2018-05-24 12:19:51 +01:00
chore(server): Move api-server in to it's own DIR 2018-08-31 16:04:04 +01:00			`import { homeLocation } from '../../../config/env';`
fix(api): Use /internal for API entry 2018-08-29 20:52:41 +01:00
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`import { wrapHandledError } from '../utils/create-handled-error';`

Feat: News in the client app (#34392) 2018-11-29 12:12:15 +00:00			`// We need to tunnel through a proxy path set up within`
			`// the gatsby app, at this time, that path is /internal`
fix: Allow un-authed loopback api calls 2019-02-15 21:02:38 +00:00			`const apiProxyRE = /^\/internal\/\|^\/external\//;`
			`const newsShortLinksRE = /^\/internal\/n\/\|^\/internal\/p\?/;`
			`const loopbackAPIPathRE = /^\/internal\/api\//;`

fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`const _whiteListREs = [newsShortLinksRE, loopbackAPIPathRE];`
fix: Allow un-authed loopback api calls 2019-02-15 21:02:38 +00:00
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`export function isWhiteListedPath(path, whiteListREs = _whiteListREs) {`
			`return whiteListREs.some(re => re.test(path));`
fix: Allow un-authed loopback api calls 2019-02-15 21:02:38 +00:00			`}`
Feat: News in the client app (#34392) 2018-11-29 12:12:15 +00:00
chore: Add tests for jwt authorization 2019-02-20 18:18:50 +00:00			`export default ({`
			`_jwtSecret = process.env.JWT_SECRET,`
			`getUserById = _getUserById`
			`} = {}) =>`
			`function requestAuthorisation(req, res, next) {`
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`const { path } = req;`
			`if (apiProxyRE.test(path) && !isWhiteListedPath(path)) {`
			`const cookie =`
			`(req.signedCookies && req.signedCookies['jwt_access_token']) \|\|`
			`(req.cookie && req.cookie['jwt_access_token']);`
Feat: News in the client app (#34392) 2018-11-29 12:12:15 +00:00
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`if (!cookie) {`
			`throw wrapHandledError(`
			`new Error('Access token is required for this request'),`
			`{`
			`type: 'info',`
			redirect: `${homeLocation}/signin`,
			`message: 'Access token is required for this request',`
			`status: 403`
			`}`
			`);`
			`}`
			`let token;`
			`try {`
chore: Add tests for jwt authorization 2019-02-20 18:18:50 +00:00			`token = jwt.verify(cookie, _jwtSecret);`
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`} catch (err) {`
			`throw wrapHandledError(new Error(err.message), {`
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`type: 'info',`
fix(api): Use /internal for API entry 2018-08-29 20:52:41 +01:00			redirect: `${homeLocation}/signin`,
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`message: 'Your access token is invalid',`
			`status: 403`
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`});`
			`}`
			`const {`
			`accessToken: { created, ttl, userId }`
			`} = token;`
			`const valid = isBefore(Date.now(), Date.parse(created) + ttl);`
			`if (!valid) {`
			`throw wrapHandledError(new Error('Access token is no longer vaild'), {`
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`type: 'info',`
fix(api): Use /internal for API entry 2018-08-29 20:52:41 +01:00			redirect: `${homeLocation}/signin`,
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`message: 'Access token is no longer vaild',`
			`status: 403`
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`});`
			`}`
chore: Add tests for jwt authorization 2019-02-20 18:18:50 +00:00
			`if (isEmpty(req.user)) {`
			`return getUserById(userId)`
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`.then(user => {`
			`if (user) {`
			`user.points = user.progressTimestamps.length;`
			`req.user = user;`
			`}`
			`return;`
			`})`
			`.then(next)`
			`.catch(next);`
			`} else {`
chore: Add tests for jwt authorization 2019-02-20 18:18:50 +00:00			`return Promise.resolve(next());`
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`}`
fix(external): Ensure req.user on verified web token (#17225) 2018-05-24 12:19:51 +01:00			`}`
chore: Add tests for jwt authorization 2019-02-20 18:18:50 +00:00			`return Promise.resolve(next());`
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`};`
chore: Add tests for jwt authorization 2019-02-20 18:18:50 +00:00
			`export function _getUserById(id) {`
			`const User = loopback.getModelByType('User');`
			`return new Promise((resolve, reject) =>`
			`User.findById(id, (err, instance) => {`
			`if (err) {`
			`return reject(err);`
			`}`
			`return resolve(instance);`
			`})`
			`);`
			`}`