freeCodeCamp/api-server/server/middlewares/request-authorization.js

import { isEmpty } from 'lodash';

import { getUserById as _getUserById } from '../utils/user-stats';
import {
  getAccessTokenFromRequest,
  errorTypes,
  authHeaderNS
} from '../utils/getSetAccessToken';
import { homeLocation } from '../../../config/env';
import { jwtSecret as _jwtSecret } from '../../../config/secrets';

import { wrapHandledError } from '../utils/create-handled-error';

// We need to tunnel through a proxy path set up within
// the gatsby app, at this time, that path is /internal
const apiProxyRE = /^\/internal\/|^\/external\//;
const newsShortLinksRE = /^\/internal\/n\/|^\/internal\/p\?/;
const loopbackAPIPathRE = /^\/internal\/api\//;

const _whiteListREs = [newsShortLinksRE, loopbackAPIPathRE];

export function isWhiteListedPath(path, whiteListREs = _whiteListREs) {
  return whiteListREs.some(re => re.test(path));
}

export default ({ jwtSecret = _jwtSecret, getUserById = _getUserById } = {}) =>
  function requestAuthorisation(req, res, next) {
    const { path } = req;
    if (apiProxyRE.test(path) && !isWhiteListedPath(path)) {
      const { accessToken, error, jwt } = getAccessTokenFromRequest(
        req,
        jwtSecret
      );
      if (!accessToken && error === errorTypes.noTokenFound) {
        throw wrapHandledError(
          new Error('Access token is required for this request'),
          {
            type: 'info',
            redirect: `${homeLocation}/signin`,
            message: 'Access token is required for this request',
            status: 403
          }
        );
      }
      if (!accessToken && error === errorTypes.invalidToken) {
        throw wrapHandledError(new Error('Access token is invalid'), {
          type: 'info',
          redirect: `${homeLocation}/signin`,
          message: 'Your access token is invalid',
          status: 403
        });
      }
      if (!accessToken && error === errorTypes.expiredToken) {
        throw wrapHandledError(new Error('Access token is no longer valid'), {
          type: 'info',
          redirect: `${homeLocation}/signin`,
          message: 'Access token is no longer valid',
          status: 403
        });
      }
      res.set(authHeaderNS, jwt);
      if (isEmpty(req.user)) {
        const { userId } = accessToken;
        return getUserById(userId)
          .then(user => {
            if (user) {
              req.user = user;
            }
            return;
          })
          .then(next)
          .catch(next);
      } else {
        return Promise.resolve(next());
      }
    }
    return Promise.resolve(next());
  };
chore: Add tests for jwt authorization 2019-02-20 18:18:50 +00:00			`import { isEmpty } from 'lodash';`
fix: Centralise user deserialization 2019-03-04 21:10:12 +00:00
			`import { getUserById as _getUserById } from '../utils/user-stats';`
feat: Use new (tested) accessToken utils to authoize requests 2019-02-20 23:05:31 +00:00			`import {`
			`getAccessTokenFromRequest,`
			`errorTypes,`
			`authHeaderNS`
			`} from '../utils/getSetAccessToken';`
chore(server): Move api-server in to it's own DIR 2018-08-31 16:04:04 +01:00			`import { homeLocation } from '../../../config/env';`
feat: Use new (tested) accessToken utils to authoize requests 2019-02-20 23:05:31 +00:00			`import { jwtSecret as _jwtSecret } from '../../../config/secrets';`
fix(api): Use /internal for API entry 2018-08-29 20:52:41 +01:00
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`import { wrapHandledError } from '../utils/create-handled-error';`

Feat: News in the client app (#34392) 2018-11-29 12:12:15 +00:00			`// We need to tunnel through a proxy path set up within`
			`// the gatsby app, at this time, that path is /internal`
fix: Allow un-authed loopback api calls 2019-02-15 21:02:38 +00:00			`const apiProxyRE = /^\/internal\/\|^\/external\//;`
			`const newsShortLinksRE = /^\/internal\/n\/\|^\/internal\/p\?/;`
			`const loopbackAPIPathRE = /^\/internal\/api\//;`

fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`const _whiteListREs = [newsShortLinksRE, loopbackAPIPathRE];`
fix: Allow un-authed loopback api calls 2019-02-15 21:02:38 +00:00
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`export function isWhiteListedPath(path, whiteListREs = _whiteListREs) {`
			`return whiteListREs.some(re => re.test(path));`
fix: Allow un-authed loopback api calls 2019-02-15 21:02:38 +00:00			`}`
Feat: News in the client app (#34392) 2018-11-29 12:12:15 +00:00
feat: Use new (tested) accessToken utils to authoize requests 2019-02-20 23:05:31 +00:00			`export default ({ jwtSecret = _jwtSecret, getUserById = _getUserById } = {}) =>`
chore: Add tests for jwt authorization 2019-02-20 18:18:50 +00:00			`function requestAuthorisation(req, res, next) {`
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`const { path } = req;`
			`if (apiProxyRE.test(path) && !isWhiteListedPath(path)) {`
feat: Use new (tested) accessToken utils to authoize requests 2019-02-20 23:05:31 +00:00			`const { accessToken, error, jwt } = getAccessTokenFromRequest(`
			`req,`
			`jwtSecret`
			`);`
			`if (!accessToken && error === errorTypes.noTokenFound) {`
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`throw wrapHandledError(`
			`new Error('Access token is required for this request'),`
			`{`
			`type: 'info',`
			redirect: `${homeLocation}/signin`,
			`message: 'Access token is required for this request',`
			`status: 403`
			`}`
			`);`
			`}`
feat: Use new (tested) accessToken utils to authoize requests 2019-02-20 23:05:31 +00:00			`if (!accessToken && error === errorTypes.invalidToken) {`
			`throw wrapHandledError(new Error('Access token is invalid'), {`
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`type: 'info',`
fix(api): Use /internal for API entry 2018-08-29 20:52:41 +01:00			redirect: `${homeLocation}/signin`,
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`message: 'Your access token is invalid',`
			`status: 403`
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`});`
			`}`
feat: Use new (tested) accessToken utils to authoize requests 2019-02-20 23:05:31 +00:00			`if (!accessToken && error === errorTypes.expiredToken) {`
cleanup: typos and remove commented out code (#36573) 2019-08-09 21:27:26 +03:00			`throw wrapHandledError(new Error('Access token is no longer valid'), {`
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`type: 'info',`
fix(api): Use /internal for API entry 2018-08-29 20:52:41 +01:00			redirect: `${homeLocation}/signin`,
cleanup: typos and remove commented out code (#36573) 2019-08-09 21:27:26 +03:00			`message: 'Access token is no longer valid',`
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`status: 403`
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`});`
			`}`
feat: Use new (tested) accessToken utils to authoize requests 2019-02-20 23:05:31 +00:00			`res.set(authHeaderNS, jwt);`
chore: Add tests for jwt authorization 2019-02-20 18:18:50 +00:00			`if (isEmpty(req.user)) {`
feat: Use new (tested) accessToken utils to authoize requests 2019-02-20 23:05:31 +00:00			`const { userId } = accessToken;`
chore: Add tests for jwt authorization 2019-02-20 18:18:50 +00:00			`return getUserById(userId)`
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`.then(user => {`
			`if (user) {`
			`req.user = user;`
			`}`
			`return;`
			`})`
			`.then(next)`
			`.catch(next);`
			`} else {`
chore: Add tests for jwt authorization 2019-02-20 18:18:50 +00:00			`return Promise.resolve(next());`
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`}`
fix(external): Ensure req.user on verified web token (#17225) 2018-05-24 12:19:51 +01:00			`}`
chore: Add tests for jwt authorization 2019-02-20 18:18:50 +00:00			`return Promise.resolve(next());`
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`};`