freeCodeCamp/api-server/server/middlewares/request-authorization.js

import loopback from 'loopback';
import { isEmpty } from 'lodash';
import {
  getAccessTokenFromRequest,
  errorTypes,
  authHeaderNS
} from '../utils/getSetAccessToken';
import { homeLocation } from '../../../config/env';
import { jwtSecret as _jwtSecret } from '../../../config/secrets';

import { wrapHandledError } from '../utils/create-handled-error';

// We need to tunnel through a proxy path set up within
// the gatsby app, at this time, that path is /internal
const apiProxyRE = /^\/internal\/|^\/external\//;
const newsShortLinksRE = /^\/internal\/n\/|^\/internal\/p\?/;
const loopbackAPIPathRE = /^\/internal\/api\//;

const _whiteListREs = [newsShortLinksRE, loopbackAPIPathRE];

export function isWhiteListedPath(path, whiteListREs = _whiteListREs) {
  return whiteListREs.some(re => re.test(path));
}

export default ({ jwtSecret = _jwtSecret, getUserById = _getUserById } = {}) =>
  function requestAuthorisation(req, res, next) {
    const { path } = req;
    if (apiProxyRE.test(path) && !isWhiteListedPath(path)) {
      const { accessToken, error, jwt } = getAccessTokenFromRequest(
        req,
        jwtSecret
      );
      if (!accessToken && error === errorTypes.noTokenFound) {
        throw wrapHandledError(
          new Error('Access token is required for this request'),
          {
            type: 'info',
            redirect: `${homeLocation}/signin`,
            message: 'Access token is required for this request',
            status: 403
          }
        );
      }
      if (!accessToken && error === errorTypes.invalidToken) {
        throw wrapHandledError(new Error('Access token is invalid'), {
          type: 'info',
          redirect: `${homeLocation}/signin`,
          message: 'Your access token is invalid',
          status: 403
        });
      }
      if (!accessToken && error === errorTypes.expiredToken) {
        throw wrapHandledError(new Error('Access token is no longer vaild'), {
          type: 'info',
          redirect: `${homeLocation}/signin`,
          message: 'Access token is no longer vaild',
          status: 403
        });
      }
      res.set(authHeaderNS, jwt);
      if (isEmpty(req.user)) {
        const { userId } = accessToken;
        return getUserById(userId)
          .then(user => {
            if (user) {
              user.points = user.progressTimestamps.length;
              req.user = user;
            }
            return;
          })
          .then(next)
          .catch(next);
      } else {
        return Promise.resolve(next());
      }
    }
    return Promise.resolve(next());
  };

export function _getUserById(id) {
  const User = loopback.getModelByType('User');
  return new Promise((resolve, reject) =>
    User.findById(id, (err, instance) => {
      if (err) {
        return reject(err);
      }
      return resolve(instance);
    })
  );
}
fix(external): Ensure req.user on verified web token (#17225) 2018-05-24 11:19:51 +00:00			`import loopback from 'loopback';`
chore: Add tests for jwt authorization 2019-02-20 18:18:50 +00:00			`import { isEmpty } from 'lodash';`
feat: Use new (tested) accessToken utils to authoize requests 2019-02-20 23:05:31 +00:00			`import {`
			`getAccessTokenFromRequest,`
			`errorTypes,`
			`authHeaderNS`
			`} from '../utils/getSetAccessToken';`
chore(server): Move api-server in to it's own DIR 2018-08-31 15:04:04 +00:00			`import { homeLocation } from '../../../config/env';`
feat: Use new (tested) accessToken utils to authoize requests 2019-02-20 23:05:31 +00:00			`import { jwtSecret as _jwtSecret } from '../../../config/secrets';`
fix(api): Use /internal for API entry 2018-08-29 19:52:41 +00:00
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 20:10:56 +00:00			`import { wrapHandledError } from '../utils/create-handled-error';`

Feat: News in the client app (#34392) 2018-11-29 12:12:15 +00:00			`// We need to tunnel through a proxy path set up within`
			`// the gatsby app, at this time, that path is /internal`
fix: Allow un-authed loopback api calls 2019-02-15 21:02:38 +00:00			`const apiProxyRE = /^\/internal\/\|^\/external\//;`
			`const newsShortLinksRE = /^\/internal\/n\/\|^\/internal\/p\?/;`
			`const loopbackAPIPathRE = /^\/internal\/api\//;`

fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`const _whiteListREs = [newsShortLinksRE, loopbackAPIPathRE];`
fix: Allow un-authed loopback api calls 2019-02-15 21:02:38 +00:00
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`export function isWhiteListedPath(path, whiteListREs = _whiteListREs) {`
			`return whiteListREs.some(re => re.test(path));`
fix: Allow un-authed loopback api calls 2019-02-15 21:02:38 +00:00			`}`
Feat: News in the client app (#34392) 2018-11-29 12:12:15 +00:00
feat: Use new (tested) accessToken utils to authoize requests 2019-02-20 23:05:31 +00:00			`export default ({ jwtSecret = _jwtSecret, getUserById = _getUserById } = {}) =>`
chore: Add tests for jwt authorization 2019-02-20 18:18:50 +00:00			`function requestAuthorisation(req, res, next) {`
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`const { path } = req;`
			`if (apiProxyRE.test(path) && !isWhiteListedPath(path)) {`
feat: Use new (tested) accessToken utils to authoize requests 2019-02-20 23:05:31 +00:00			`const { accessToken, error, jwt } = getAccessTokenFromRequest(`
			`req,`
			`jwtSecret`
			`);`
			`if (!accessToken && error === errorTypes.noTokenFound) {`
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`throw wrapHandledError(`
			`new Error('Access token is required for this request'),`
			`{`
			`type: 'info',`
			redirect: `${homeLocation}/signin`,
			`message: 'Access token is required for this request',`
			`status: 403`
			`}`
			`);`
			`}`
feat: Use new (tested) accessToken utils to authoize requests 2019-02-20 23:05:31 +00:00			`if (!accessToken && error === errorTypes.invalidToken) {`
			`throw wrapHandledError(new Error('Access token is invalid'), {`
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 20:10:56 +00:00			`type: 'info',`
fix(api): Use /internal for API entry 2018-08-29 19:52:41 +00:00			redirect: `${homeLocation}/signin`,
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 20:10:56 +00:00			`message: 'Your access token is invalid',`
			`status: 403`
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`});`
			`}`
feat: Use new (tested) accessToken utils to authoize requests 2019-02-20 23:05:31 +00:00			`if (!accessToken && error === errorTypes.expiredToken) {`
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`throw wrapHandledError(new Error('Access token is no longer vaild'), {`
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 20:10:56 +00:00			`type: 'info',`
fix(api): Use /internal for API entry 2018-08-29 19:52:41 +00:00			redirect: `${homeLocation}/signin`,
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 20:10:56 +00:00			`message: 'Access token is no longer vaild',`
			`status: 403`
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`});`
			`}`
feat: Use new (tested) accessToken utils to authoize requests 2019-02-20 23:05:31 +00:00			`res.set(authHeaderNS, jwt);`
chore: Add tests for jwt authorization 2019-02-20 18:18:50 +00:00			`if (isEmpty(req.user)) {`
feat: Use new (tested) accessToken utils to authoize requests 2019-02-20 23:05:31 +00:00			`const { userId } = accessToken;`
chore: Add tests for jwt authorization 2019-02-20 18:18:50 +00:00			`return getUserById(userId)`
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`.then(user => {`
			`if (user) {`
			`user.points = user.progressTimestamps.length;`
			`req.user = user;`
			`}`
			`return;`
			`})`
			`.then(next)`
			`.catch(next);`
			`} else {`
chore: Add tests for jwt authorization 2019-02-20 18:18:50 +00:00			`return Promise.resolve(next());`
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`}`
fix(external): Ensure req.user on verified web token (#17225) 2018-05-24 11:19:51 +00:00			`}`
chore: Add tests for jwt authorization 2019-02-20 18:18:50 +00:00			`return Promise.resolve(next());`
fix(ci): Fix lint errors thrown in CI 2019-02-16 13:51:46 +00:00			`};`
chore: Add tests for jwt authorization 2019-02-20 18:18:50 +00:00
			`export function _getUserById(id) {`
			`const User = loopback.getModelByType('User');`
			`return new Promise((resolve, reject) =>`
			`User.findById(id, (err, instance) => {`
			`if (err) {`
			`return reject(err);`
			`}`
			`return resolve(instance);`
			`})`
			`);`
			`}`