@alanszp/express 12.0.2 → 13.0.0

package/src/middlewares/authedForOrg.ts

@@ -1,50 +0,0 @@
-import { NextFunction, Response } from "express";
-import { getRequestLogger } from "../helpers/getRequestLogger";
-import { GenericRequest } from "../types/GenericRequest";
-import { render401Error, render404Error } from "../helpers/renderErrorJson";
-
-function response401(res: Response): void {
-  res.status(401).json(render401Error(["jwt"]));
-}
-
-export function authForOrg(
-  req: GenericRequest,
-  res: Response,
-  next: NextFunction
-): void {
-  const { orgReference } = req.params;
-  const logger = getRequestLogger(req).child({ org: orgReference });
-  try {
-    if (!orgReference) {
-      logger.error("middleware.authForOrg.error.noOrgReferenceInPath");
-      return response401(res);
-    }
-
-    if (!req.context?.jwtUser?.organizationReference) {
-      logger.info("middleware.authForOrg.error.noOrgInJwt", {
-        jwtUser: req.context?.jwtUser || null,
-      });
-      return response401(res);
-    }
-
-    const jwtOrg = req.context.jwtUser.organizationReference;
-    if (jwtOrg !== orgReference) {
-      if (jwtOrg === "lara") {
-        req.context.jwtUser.organizationReference = orgReference;
-        return next();
-      }
-
-      logger.info("middleware.authForOrg.error.nonMatch", {
-        jwtOrg,
-      });
-      return response401(res);
-    }
-
-    return next();
-  } catch (error: unknown) {
-    logger.info("middleware.authForOrg.error.noOrganization", {
-      error,
-    });
-    res.status(404).json(render404Error());
-  }
-}

package/src/middlewares/authenticateUser.test.ts

@@ -1,403 +0,0 @@
-import { AuthMethods, createAuthContext } from "./authenticateUser";
-import { verifyJWT } from "@alanszp/jwt";
-import {
-  mockNext,
-  mockRequest,
-  mockResponse,
-} from "../test/mocks/expressMocks";
-import { laraJwtUserMock, userJwtUserMock } from "../test/mocks/jwtUserMocks";
-import {
-  apiKeyAuthOptions,
-  bothMethodsAuthOptions,
-  jwtAuthOptions,
-  verifyOptions,
-} from "../test/mocks/authOptionsMocks";
-
-jest.mock("@alanszp/jwt");
-
-describe("AuthenticateUser", () => {
-  describe("authentication with only JWT", () => {
-    describe("when jwt verifies correctly", () => {
-      it("should authenticate correctly and call next", async () => {
-        (verifyJWT as jest.Mock).mockResolvedValueOnce(userJwtUserMock);
-
-        const req = mockRequest("Bearer token");
-        const res = mockResponse();
-        const next = mockNext();
-
-        await createAuthContext(jwtAuthOptions)([AuthMethods.JWT])(
-          req,
-          res,
-          next
-        );
-
-        expect(verifyJWT).toBeCalledWith("publicKey", "token", verifyOptions);
-        expect(res.status).toHaveBeenCalledTimes(0);
-        expect(res.json).toHaveBeenCalledTimes(0);
-        expect(req.context.jwtUser).toMatchObject(userJwtUserMock);
-        expect(req.context.authenticated).toStrictEqual(["jwt"]);
-        expect(next).toBeCalledWith();
-      });
-    });
-
-    describe("when jwt verifies incorrectly", () => {
-      it("should not authenticate, should not call next, and it should return 401", async () => {
-        (verifyJWT as jest.Mock).mockResolvedValueOnce(undefined);
-
-        const req = mockRequest("Bearer token");
-        const res = mockResponse();
-        const next = mockNext();
-
-        await createAuthContext(jwtAuthOptions)([AuthMethods.JWT])(
-          req,
-          res,
-          next
-        );
-
-        expect(verifyJWT).toBeCalledWith("publicKey", "token", verifyOptions);
-        expect(res.status).toHaveBeenCalledWith(401);
-        expect(res.json).toHaveBeenCalledTimes(1);
-        expect(req.context.jwtUser).toBe(undefined);
-        expect(req.context.authenticated).toEqual([]);
-        expect(next).toHaveBeenCalledTimes(0);
-      });
-    });
-
-    describe("when jwt doesn't exist", () => {
-      it("should not verify JWT, should not authenticate, should not call next, and it should return 401", async () => {
-        const req = mockRequest("aa");
-        const res = mockResponse();
-        const next = mockNext();
-
-        await createAuthContext(jwtAuthOptions)([AuthMethods.JWT])(
-          req,
-          res,
-          next
-        );
-
-        expect(verifyJWT).toHaveBeenCalledTimes(0);
-        expect(res.status).toHaveBeenCalledWith(401);
-        expect(res.json).toHaveBeenCalledTimes(1);
-        expect(req.context.jwtUser).toBe(undefined);
-        expect(req.context.authenticated).toEqual([]);
-        expect(next).toHaveBeenCalledTimes(0);
-      });
-    });
-  });
-
-  describe("authentication with only API KEY", () => {
-    describe("when api key verifies correctly", () => {
-      it("should authenticate correctly and call next", async () => {
-        const req = mockRequest("token");
-        const res = mockResponse();
-        const next = mockNext();
-
-        await createAuthContext(apiKeyAuthOptions)([AuthMethods.API_KEY])(
-          req,
-          res,
-          next
-        );
-
-        expect(verifyJWT).toHaveBeenCalledTimes(0);
-        expect(res.status).toHaveBeenCalledTimes(0);
-        expect(res.json).toHaveBeenCalledTimes(0);
-        expect(req.context.jwtUser).toMatchObject(laraJwtUserMock);
-        expect(req.context.authenticated).toStrictEqual(["api_key"]);
-        expect(next).toBeCalledWith();
-      });
-    });
-
-    describe("when api key verifies incorrectly", () => {
-      it("should not authenticate, should not call next, and it should return 401", async () => {
-        const req = mockRequest("invalidToken");
-        const res = mockResponse();
-        const next = mockNext();
-
-        await createAuthContext(apiKeyAuthOptions)([AuthMethods.API_KEY])(
-          req,
-          res,
-          next
-        );
-
-        expect(verifyJWT).toHaveBeenCalledTimes(0);
-        expect(res.status).toHaveBeenCalledWith(401);
-        expect(res.json).toHaveBeenCalledTimes(1);
-        expect(req.context.jwtUser).toBe(undefined);
-        expect(req.context.authenticated).toEqual([]);
-        expect(next).toHaveBeenCalledTimes(0);
-      });
-    });
-
-    describe("when api key doesn't exist", () => {
-      it("should not verify api key, should not authenticate, should not call next, and it should return 401", async () => {
-        const req = mockRequest(undefined as any);
-        const res = mockResponse();
-        const next = mockNext();
-
-        await createAuthContext(apiKeyAuthOptions)([AuthMethods.API_KEY])(
-          req,
-          res,
-          next
-        );
-
-        expect(verifyJWT).toHaveBeenCalledTimes(0);
-        expect(res.status).toHaveBeenCalledWith(401);
-        expect(res.json).toHaveBeenCalledTimes(1);
-        expect(req.context.jwtUser).toBe(undefined);
-        expect(req.context.authenticated).toEqual([]);
-        expect(next).toHaveBeenCalledTimes(0);
-      });
-    });
-  });
-
-  describe("authentication with JWT and API KEY", () => {
-    describe("using both methods", () => {
-      describe("when api key verifies correctly", () => {
-        it("should authenticate correctly and call next", async () => {
-          const req = mockRequest("token");
-          const res = mockResponse();
-          const next = mockNext();
-
-          await createAuthContext(bothMethodsAuthOptions)([
-            AuthMethods.API_KEY,
-            AuthMethods.JWT,
-          ])(req, res, next);
-
-          expect(verifyJWT).toHaveBeenCalledTimes(0);
-          expect(res.status).toHaveBeenCalledTimes(0);
-          expect(res.json).toHaveBeenCalledTimes(0);
-          expect(req.context.jwtUser).toMatchObject(laraJwtUserMock);
-          expect(req.context.authenticated).toStrictEqual(["api_key"]);
-          expect(next).toHaveBeenCalledWith();
-        });
-      });
-
-      describe("when api key verifies incorrectly", () => {
-        it("should not authenticate, should not call next, and it should return 401", async () => {
-          const req = mockRequest("invalidToken");
-          const res = mockResponse();
-          const next = mockNext();
-
-          await createAuthContext(bothMethodsAuthOptions)([
-            AuthMethods.API_KEY,
-            AuthMethods.JWT,
-          ])(req, res, next);
-
-          expect(verifyJWT).toHaveBeenCalledTimes(0);
-          expect(res.status).toHaveBeenCalledWith(401);
-          expect(res.json).toHaveBeenCalledTimes(1);
-          expect(req.context.jwtUser).toBe(undefined);
-          expect(req.context.authenticated).toEqual([]);
-          expect(next).toHaveBeenCalledTimes(0);
-        });
-      });
-
-      describe("when jwt verifies correctly", () => {
-        it("should authenticate correctly and call next", async () => {
-          (verifyJWT as jest.Mock).mockResolvedValueOnce(userJwtUserMock);
-
-          const req = mockRequest("Bearer token");
-          const res = mockResponse();
-          const next = mockNext();
-
-          await createAuthContext(bothMethodsAuthOptions)([
-            AuthMethods.API_KEY,
-            AuthMethods.JWT,
-          ])(req, res, next);
-
-          expect(verifyJWT).toBeCalledWith("publicKey", "token", {
-            issuer: "issuer",
-            audience: "audience",
-          });
-          expect(res.status).toHaveBeenCalledTimes(0);
-          expect(res.json).toHaveBeenCalledTimes(0);
-
-          expect(req.context.jwtUser).toMatchObject(userJwtUserMock);
-
-          expect(req.context.authenticated).toStrictEqual(["jwt"]);
-
-          expect(next).toHaveBeenCalledWith();
-        });
-      });
-
-      describe("when jwt verifies incorrectly", () => {
-        it("should not authenticate, should not call next, and it should return 401", async () => {
-          (verifyJWT as jest.Mock).mockResolvedValueOnce(undefined);
-
-          const req = mockRequest("Bearer token");
-          const res = mockResponse();
-          const next = mockNext();
-
-          await createAuthContext(bothMethodsAuthOptions)([
-            AuthMethods.API_KEY,
-            AuthMethods.JWT,
-          ])(req, res, next);
-
-          expect(verifyJWT).toBeCalledWith("publicKey", "token", {
-            issuer: "issuer",
-            audience: "audience",
-          });
-          expect(res.status).toHaveBeenCalledWith(401);
-          expect(res.json).toHaveBeenCalledTimes(1);
-          expect(req.context.jwtUser).toBe(undefined);
-          expect(req.context.authenticated).toEqual([]);
-          expect(next).toHaveBeenCalledTimes(0);
-        });
-      });
-
-      describe("when jwt doesnt exist", () => {
-        it("should not authenticate, should not call next, and it should return 401", async () => {
-          const req = mockRequest(undefined as any);
-          const res = mockResponse();
-          const next = mockNext();
-
-          await createAuthContext(bothMethodsAuthOptions)([
-            AuthMethods.API_KEY,
-            AuthMethods.JWT,
-          ])(req, res, next);
-
-          expect(verifyJWT).toHaveBeenCalledTimes(0);
-          expect(res.status).toHaveBeenCalledWith(401);
-          expect(res.json).toHaveBeenCalledTimes(1);
-          expect(req.context.jwtUser).toBe(undefined);
-          expect(req.context.authenticated).toEqual([]);
-          expect(next).toHaveBeenCalledTimes(0);
-        });
-      });
-    });
-
-    describe("using jwt method", () => {
-      describe("when jwt verifies correctly", () => {
-        it("should authenticate correctly and call next", async () => {
-          (verifyJWT as jest.Mock).mockResolvedValueOnce(userJwtUserMock);
-
-          const req = mockRequest("Bearer token");
-          const res = mockResponse();
-          const next = mockNext();
-
-          await createAuthContext(bothMethodsAuthOptions)([AuthMethods.JWT])(
-            req,
-            res,
-            next
-          );
-
-          expect(verifyJWT).toBeCalledWith("publicKey", "token", {
-            issuer: "issuer",
-            audience: "audience",
-          });
-          expect(res.status).toHaveBeenCalledTimes(0);
-          expect(res.json).toHaveBeenCalledTimes(0);
-          expect(req.context.jwtUser).toMatchObject(userJwtUserMock);
-          expect(req.context.authenticated).toStrictEqual(["jwt"]);
-          expect(next).toHaveBeenCalledWith();
-        });
-      });
-
-      describe("when jwt verifies incorrectly", () => {
-        it("should not authenticate, should not call next, and it should return 401", async () => {
-          (verifyJWT as jest.Mock).mockResolvedValueOnce(undefined);
-
-          const req = mockRequest("Bearer invalidToken");
-          const res = mockResponse();
-          const next = mockNext();
-
-          await createAuthContext(bothMethodsAuthOptions)([AuthMethods.JWT])(
-            req,
-            res,
-            next
-          );
-
-          expect(verifyJWT).toBeCalledWith("publicKey", "invalidToken", {
-            issuer: "issuer",
-            audience: "audience",
-          });
-          expect(res.status).toHaveBeenCalledWith(401);
-          expect(res.json).toHaveBeenCalledTimes(1);
-          expect(req.context.jwtUser).toBe(undefined);
-          expect(req.context.authenticated).toEqual([]);
-          expect(next).toHaveBeenCalledTimes(0);
-        });
-      });
-
-      describe("when api key verifies correctly", () => {
-        it("should authenticate correctly and call next", async () => {
-          const req = mockRequest("token");
-          const res = mockResponse();
-          const next = mockNext();
-
-          await createAuthContext(bothMethodsAuthOptions)([
-            AuthMethods.API_KEY,
-          ])(req, res, next);
-
-          expect(verifyJWT).toHaveBeenCalledTimes(0);
-          expect(res.status).toHaveBeenCalledTimes(0);
-          expect(res.json).toHaveBeenCalledTimes(0);
-
-          expect(req.context.jwtUser).toMatchObject(laraJwtUserMock);
-          expect(req.context.authenticated).toStrictEqual(["api_key"]);
-          expect(next).toHaveBeenCalledWith();
-        });
-      });
-
-      describe("when api key verifies incorrectly", () => {
-        it("should not authenticate, should not call next, and it should return 401", async () => {
-          const req = mockRequest("invalidToken");
-          const res = mockResponse();
-          const next = mockNext();
-
-          await createAuthContext(bothMethodsAuthOptions)([
-            AuthMethods.API_KEY,
-            AuthMethods.JWT,
-          ])(req, res, next);
-
-          expect(verifyJWT).toHaveBeenCalledTimes(0);
-          expect(res.status).toHaveBeenCalledWith(401);
-          expect(res.json).toHaveBeenCalledTimes(1);
-          expect(req.context.jwtUser).toBe(undefined);
-          expect(req.context.authenticated).toEqual([]);
-          expect(next).toHaveBeenCalledTimes(0);
-        });
-      });
-
-      describe("when jwt doesnt exist", () => {
-        it("should not authenticate, should not call next, and it should return 401", async () => {
-          const req = mockRequest("aaa");
-          const res = mockResponse();
-          const next = mockNext();
-
-          await createAuthContext(bothMethodsAuthOptions)([AuthMethods.JWT])(
-            req,
-            res,
-            next
-          );
-
-          expect(verifyJWT).toHaveBeenCalledTimes(0);
-          expect(res.status).toHaveBeenCalledWith(401);
-          expect(res.json).toHaveBeenCalledTimes(1);
-          expect(req.context.jwtUser).toBe(undefined);
-          expect(req.context.authenticated).toEqual([]);
-          expect(next).toHaveBeenCalledTimes(0);
-        });
-      });
-
-      describe("when api key doesnt exist", () => {
-        it("should not authenticate, should not call next, and it should return 401", async () => {
-          const req = mockRequest(undefined as any);
-          const res = mockResponse();
-          const next = mockNext();
-
-          await createAuthContext(bothMethodsAuthOptions)([
-            AuthMethods.API_KEY,
-          ])(req, res, next);
-
-          expect(verifyJWT).toHaveBeenCalledTimes(0);
-          expect(res.status).toHaveBeenCalledWith(401);
-          expect(res.json).toHaveBeenCalledTimes(1);
-          expect(req.context.jwtUser).toBe(undefined);
-          expect(req.context.authenticated).toEqual([]);
-          expect(next).toHaveBeenCalledTimes(0);
-        });
-      });
-    });
-  });
-});

package/src/middlewares/authenticateUser.ts

@@ -1,171 +0,0 @@
-import { JWTUser, verifyJWT, VerifyOptions } from "@alanszp/jwt";
-import { NextFunction, Response } from "express";
-import { getRequestLogger } from "../helpers/getRequestLogger";
-import { GenericRequest } from "../types/GenericRequest";
-import { ILogger } from "@alanszp/logger";
-import { compact, isEmpty, omit } from "lodash";
-import { render401Error } from "../helpers/renderErrorJson";
-
-function parseAuthorizationHeader(
-  authorization: string | undefined
-): string | undefined {
-  if (!authorization) return undefined;
-  const [bearer, jwt, ...other] = authorization.split(" ");
-
-  if (bearer !== "Bearer" || other.length > 0) return undefined;
-
-  return jwt;
-}
-
-export enum AuthMethods {
-  JWT = "JWT",
-  API_KEY = "API_KEY",
-}
-
-export interface JWTVerifyOptions extends Partial<VerifyOptions> {
-  publicKey: string;
-}
-
-export interface JWTOptions {
-  jwtVerifyOptions: JWTVerifyOptions;
-  types: [AuthMethods.JWT];
-}
-
-export interface ApiKeyOptions {
-  validApiKeys: string[];
-  types: [AuthMethods.API_KEY];
-}
-
-export interface BothMethodsOptions {
-  jwtVerifyOptions: JWTVerifyOptions;
-  validApiKeys: string[];
-  types:
-    | [AuthMethods.JWT, AuthMethods.API_KEY]
-    | [AuthMethods.API_KEY, AuthMethods.JWT];
-}
-
-export type AuthOptions = JWTOptions | ApiKeyOptions | BothMethodsOptions;
-
-const middlewareGetterByAuthType: Record<
-  AuthMethods,
-  (
-    tokenOrJwt: string | null | undefined,
-    options: AuthOptions,
-    logger: ILogger
-  ) => Promise<JWTUser | null | undefined>
-> = {
-  [AuthMethods.JWT]: async (
-    jwt: string | null | undefined,
-    options: Exclude<AuthOptions, ApiKeyOptions>,
-    logger: ILogger
-  ) => {
-    try {
-      if (!jwt) return undefined;
-      const jwtUser = await verifyJWT(
-        options.jwtVerifyOptions.publicKey,
-        jwt,
-        omit(options.jwtVerifyOptions, "publicKey")
-      );
-      logger.debug("auth.authWithJwt.authed", {
-        user: jwtUser.id,
-        org: jwtUser.organizationReference,
-      });
-      return jwtUser;
-    } catch (error: unknown) {
-      logger.info("auth.authWithJwt.invalidJwt", { jwt, error });
-      return null;
-    }
-  },
-  [AuthMethods.API_KEY]: async (
-    token: string | null | undefined,
-    options: Exclude<AuthOptions, JWTOptions>,
-    logger: ILogger
-  ): Promise<JWTUser | null | undefined> => {
-    try {
-      if (!token) return undefined;
-      if (options.validApiKeys.includes(token)) {
-        logger.debug("auth.authWithApiKey.authed", {
-          user: "0",
-          org: "lara",
-        });
-        return Promise.resolve(
-          new JWTUser({
-            id: "0",
-            employeeReference: "0",
-            organizationReference: "lara",
-            roles: [],
-            segmentReference: null,
-            // This will be changed in the near future to grab all permissions.
-            permissions: "MA==", // 0 in base64
-          })
-        );
-      } else {
-        return null;
-      }
-    } catch (error: unknown) {
-      logger.info("auth.authWithApiKey.invalidApiKey", { token, error });
-      return null;
-    }
-  },
-};
-
-export function createAuthContext<Options extends AuthOptions>(
-  options: Options
-) {
-  return function getMiddlewareForMethods(
-    authMethods: Options["types"][number][]
-  ) {
-    return async function authWithGivenMethods(
-      req: GenericRequest,
-      res: Response,
-      next: NextFunction
-    ): Promise<void> {
-      const logger = getRequestLogger(req);
-      const cookies = (req.cookies as Record<string, string | undefined>) || {};
-      const jwt =
-        cookies.jwt || parseAuthorizationHeader(req.headers.authorization);
-
-      try {
-        const authAttempts = await Promise.all(
-          authMethods.map((method) =>
-            middlewareGetterByAuthType[method](
-              method === AuthMethods.JWT ? jwt : req.headers.authorization,
-              options,
-              logger
-            )
-          )
-        );
-
-        const successfulAuthAttempts = compact(authAttempts);
-
-        if (isEmpty(successfulAuthAttempts)) {
-          res
-            .status(401)
-            .json(
-              render401Error([
-                authAttempts.includes(null)
-                  ? `Token invalid for methods ${authMethods}`
-                  : `Token not set for methods ${authMethods}`,
-              ])
-            );
-          return;
-        }
-
-        const jwtUser: JWTUser = successfulAuthAttempts[0];
-        req.context.jwtUser = jwtUser;
-        req.context.authenticated.push(
-          jwtUser.employeeReference !== "0" ? "jwt" : "api_key"
-        );
-        next();
-      } catch (error: unknown) {
-        logger.info("auth.authenticateUser.error", {
-          jwt,
-          token: req.headers.authorization,
-          methods: AuthMethods,
-          error,
-        });
-        res.status(401).json(render401Error(authMethods));
-      }
-    };
-  };
-}

package/src/middlewares/createContext.test.ts

@@ -1,85 +0,0 @@
-import { createContext } from "./createContext";
-import { SharedContext } from "@alanszp/shared-context";
-import { createMockLogger } from "@alanszp/logger";
-import { createAuditLogger } from "@alanszp/audit";
-import {
-  mockNext,
-  mockRequest,
-  mockRequestWithBody,
-  mockResponse,
-} from "../test/mocks/expressMocks";
-import { appIdentifier } from "@alanszp/core";
-jest.mock("@alanszp/shared-context");
-
-const logger = createMockLogger({});
-const sharedContext = new SharedContext();
-const lifecycleId = "123";
-const lifecycleChain = "node:test";
-
-describe("CreateContext", () => {
-  describe("when has lifecycle headers", () => {
-    beforeAll(() => {
-      (SharedContext as jest.Mock).mockClear();
-    });
-    it("should get lifecycle identifiers from there", () => {
-      const middleware = createContext(
-        sharedContext,
-        logger,
-        createAuditLogger(logger)
-      );
-
-      middleware(
-        mockRequest("authToken", {
-          "x-lifecycle-chain": lifecycleChain,
-          "x-lifecycle-id": lifecycleId,
-        }),
-        mockResponse(),
-        mockNext()
-      );
-
-      expect(sharedContext.run).toHaveBeenCalledWith(
-        expect.anything(),
-        expect.objectContaining({
-          lifecycleId,
-          lifecycleChain: `${lifecycleChain},${appIdentifier()}`,
-        })
-      );
-    });
-  });
-
-  describe("when doesn't have lifecycle headers", () => {
-    beforeAll(() => {
-      (SharedContext as jest.Mock).mockClear();
-    });
-    it("should get lifecycle identifiers from body.detail", () => {
-      const middleware = createContext(
-        sharedContext,
-        logger,
-        createAuditLogger(logger)
-      );
-
-      middleware(
-        mockRequestWithBody(
-          "authToken",
-          {},
-          {
-            detail: {
-              lch: lifecycleChain,
-              lid: lifecycleId,
-            },
-          }
-        ),
-        mockResponse(),
-        mockNext()
-      );
-
-      expect(sharedContext.run).toHaveBeenCalledWith(
-        expect.anything(),
-        expect.objectContaining({
-          lifecycleId,
-          lifecycleChain: `${lifecycleChain},${appIdentifier()}`,
-        })
-      );
-    });
-  });
-});