freeCodeCamp/server/middlewares/jwt-authorization.js

import loopback from 'loopback';
import jwt from 'jsonwebtoken';
import { isBefore } from 'date-fns';

import { wrapHandledError } from '../utils/create-handled-error';

export default () => function authorizeByJWT(req, res, next) {
  const path = req.path.split('/')[1];
  if (/external/.test(path)) {
    const cookie = req.signedCookies && req.signedCookies['jwt_access_token'] ||
      req.cookie && req.cookie['jwt_access_token'];
    if (!cookie) {
      throw wrapHandledError(
        new Error('Access token is required for this request'),
        {
          type: 'info',
          redirect: '/signin',
          message: 'Access token is required for this request',
          status: 403
        }
      );
    }
    let token;
    try {
      token = jwt.verify(cookie, process.env.JWT_SECRET);
    } catch (err) {
      throw wrapHandledError(
        new Error(err.message),
        {
          type: 'info',
          redirct: '/signin',
          message: 'Your access token is invalid',
          status: 403
        }
      );
    }
    const { accessToken: {created, ttl, userId }} = token;
    const valid = isBefore(Date.now(), Date.parse(created) + ttl);
    if (!valid) {
      throw wrapHandledError(
        new Error('Access token is no longer vaild'),
        {
          type: 'info',
          redirect: '/signin',
          message: 'Access token is no longer vaild',
          status: 403
        }
      );
    }
    if (!req.user) {
      const User = loopback.getModelByType('User');
      return User.findById(userId)
      .then(user => {
        if (user) {
          user.points = user.progressTimestamps.length;
          req.user = user;
        }
        return;
      })
      .then(next)
      .catch(next);
    } else {
      return next();
    }
  }
  return next();
};
fix(external): Ensure req.user on verified web token (#17225) 2018-05-24 11:19:51 +00:00			`import loopback from 'loopback';`
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 20:10:56 +00:00			`import jwt from 'jsonwebtoken';`
			`import { isBefore } from 'date-fns';`
fix(external): Ensure req.user on verified web token (#17225) 2018-05-24 11:19:51 +00:00
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 20:10:56 +00:00			`import { wrapHandledError } from '../utils/create-handled-error';`

			`export default () => function authorizeByJWT(req, res, next) {`
			`const path = req.path.split('/')[1];`
			`if (/external/.test(path)) {`
fix(external): Ensure req.user on verified web token (#17225) 2018-05-24 11:19:51 +00:00			`const cookie = req.signedCookies && req.signedCookies['jwt_access_token'] \|\|`
			`req.cookie && req.cookie['jwt_access_token'];`
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 20:10:56 +00:00			`if (!cookie) {`
			`throw wrapHandledError(`
			`new Error('Access token is required for this request'),`
			`{`
			`type: 'info',`
			`redirect: '/signin',`
			`message: 'Access token is required for this request',`
			`status: 403`
			`}`
			`);`
			`}`
			`let token;`
			`try {`
			`token = jwt.verify(cookie, process.env.JWT_SECRET);`
			`} catch (err) {`
			`throw wrapHandledError(`
			`new Error(err.message),`
			`{`
			`type: 'info',`
			`redirct: '/signin',`
			`message: 'Your access token is invalid',`
			`status: 403`
			`}`
			`);`
			`}`
fix(external): Ensure req.user on verified web token (#17225) 2018-05-24 11:19:51 +00:00			`const { accessToken: {created, ttl, userId }} = token;`
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 20:10:56 +00:00			`const valid = isBefore(Date.now(), Date.parse(created) + ttl);`
			`if (!valid) {`
			`throw wrapHandledError(`
			`new Error('Access token is no longer vaild'),`
			`{`
			`type: 'info',`
			`redirect: '/signin',`
			`message: 'Access token is no longer vaild',`
			`status: 403`
			`}`
			`);`
			`}`
fix(external): Ensure req.user on verified web token (#17225) 2018-05-24 11:19:51 +00:00			`if (!req.user) {`
			`const User = loopback.getModelByType('User');`
			`return User.findById(userId)`
			`.then(user => {`
			`if (user) {`
fix(points): Assign external user points when validated (#17228) Trying to emulate ` component-passport`. There has to be a reason why we don't do this in the user service. 2018-05-24 15:58:00 +00:00			`user.points = user.progressTimestamps.length;`
fix(external): Ensure req.user on verified web token (#17225) 2018-05-24 11:19:51 +00:00			`req.user = user;`
			`}`
			`return;`
			`})`
			`.then(next)`
			`.catch(next);`
			`} else {`
			`return next();`
			`}`
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 20:10:56 +00:00			`}`
			`return next();`
			`};`