freeCodeCamp/api-server/server/middlewares/jwt-authorization.js

import loopback from 'loopback';
import jwt from 'jsonwebtoken';
import { isBefore } from 'date-fns';

import { homeLocation } from '../../../config/env';

import { wrapHandledError } from '../utils/create-handled-error';

// We need to tunnel through a proxy path set up within
// the gatsby app, at this time, that path is /internal
const whiteListRE = new RegExp([
  '^/internal/n/',
  '^/internal/p\??'
].join('|'));


export default () => function authorizeByJWT(req, res, next) {
  const path = req.path.split('/')[1];
  if (/^external$|^internal$/.test(path) && !whiteListRE.test(req.path)) {
    const cookie = req.signedCookies && req.signedCookies['jwt_access_token'] ||
      req.cookie && req.cookie['jwt_access_token'];
    if (!cookie) {
      throw wrapHandledError(
        new Error('Access token is required for this request'),
        {
          type: 'info',
          redirect: `${homeLocation}/signin`,
          message: 'Access token is required for this request',
          status: 403
        }
      );
    }
    let token;
    try {
      token = jwt.verify(cookie, process.env.JWT_SECRET);
    } catch (err) {
      throw wrapHandledError(
        new Error(err.message),
        {
          type: 'info',
          redirect: `${homeLocation}/signin`,
          message: 'Your access token is invalid',
          status: 403
        }
      );
    }
    const { accessToken: {created, ttl, userId }} = token;
    const valid = isBefore(Date.now(), Date.parse(created) + ttl);
    if (!valid) {
      throw wrapHandledError(
        new Error('Access token is no longer vaild'),
        {
          type: 'info',
          redirect: `${homeLocation}/signin`,
          message: 'Access token is no longer vaild',
          status: 403
        }
      );
    }
    if (!req.user) {
      const User = loopback.getModelByType('User');
      return User.findById(userId)
      .then(user => {
        if (user) {
          user.points = user.progressTimestamps.length;
          req.user = user;
        }
        return;
      })
      .then(next)
      .catch(next);
    } else {
      return next();
    }
  }
  return next();
};
fix(external): Ensure req.user on verified web token (#17225) 2018-05-24 12:19:51 +01:00			`import loopback from 'loopback';`
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`import jwt from 'jsonwebtoken';`
			`import { isBefore } from 'date-fns';`
fix(external): Ensure req.user on verified web token (#17225) 2018-05-24 12:19:51 +01:00
chore(server): Move api-server in to it's own DIR 2018-08-31 16:04:04 +01:00			`import { homeLocation } from '../../../config/env';`
fix(api): Use /internal for API entry 2018-08-29 20:52:41 +01:00
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`import { wrapHandledError } from '../utils/create-handled-error';`

Feat: News in the client app (#34392) 2018-11-29 12:12:15 +00:00			`// We need to tunnel through a proxy path set up within`
			`// the gatsby app, at this time, that path is /internal`
			`const whiteListRE = new RegExp([`
			`'^/internal/n/',`
			`'^/internal/p\??'`
			`].join('\|'));`


feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`export default () => function authorizeByJWT(req, res, next) {`
			`const path = req.path.split('/')[1];`
Feat: News in the client app (#34392) 2018-11-29 12:12:15 +00:00			`if (/^external$\|^internal$/.test(path) && !whiteListRE.test(req.path)) {`
fix(external): Ensure req.user on verified web token (#17225) 2018-05-24 12:19:51 +01:00			`const cookie = req.signedCookies && req.signedCookies['jwt_access_token'] \|\|`
			`req.cookie && req.cookie['jwt_access_token'];`
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`if (!cookie) {`
			`throw wrapHandledError(`
			`new Error('Access token is required for this request'),`
			`{`
			`type: 'info',`
fix(api): Use /internal for API entry 2018-08-29 20:52:41 +01:00			redirect: `${homeLocation}/signin`,
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`message: 'Access token is required for this request',`
			`status: 403`
			`}`
			`);`
			`}`
			`let token;`
			`try {`
			`token = jwt.verify(cookie, process.env.JWT_SECRET);`
			`} catch (err) {`
			`throw wrapHandledError(`
			`new Error(err.message),`
			`{`
			`type: 'info',`
fix(api): Use /internal for API entry 2018-08-29 20:52:41 +01:00			redirect: `${homeLocation}/signin`,
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`message: 'Your access token is invalid',`
			`status: 403`
			`}`
			`);`
			`}`
fix(external): Ensure req.user on verified web token (#17225) 2018-05-24 12:19:51 +01:00			`const { accessToken: {created, ttl, userId }} = token;`
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`const valid = isBefore(Date.now(), Date.parse(created) + ttl);`
			`if (!valid) {`
			`throw wrapHandledError(`
			`new Error('Access token is no longer vaild'),`
			`{`
			`type: 'info',`
fix(api): Use /internal for API entry 2018-08-29 20:52:41 +01:00			redirect: `${homeLocation}/signin`,
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`message: 'Access token is no longer vaild',`
			`status: 403`
			`}`
			`);`
			`}`
fix(external): Ensure req.user on verified web token (#17225) 2018-05-24 12:19:51 +01:00			`if (!req.user) {`
			`const User = loopback.getModelByType('User');`
			`return User.findById(userId)`
			`.then(user => {`
			`if (user) {`
fix(points): Assign external user points when validated (#17228) Trying to emulate ` component-passport`. There has to be a reason why we don't do this in the user service. 2018-05-24 16:58:00 +01:00			`user.points = user.progressTimestamps.length;`
fix(external): Ensure req.user on verified web token (#17225) 2018-05-24 12:19:51 +01:00			`req.user = user;`
			`}`
			`return;`
			`})`
			`.then(next)`
			`.catch(next);`
			`} else {`
			`return next();`
			`}`
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`}`
			`return next();`
			`};`