@alanszp/express 6.0.3 → 7.0.0

package/src/middlewares/authenticateUser.ts

@@ -0,0 +1,170 @@
+import { JWTUser, verifyJWT, VerifyOptions } from "@alanszp/jwt";
+import { UnauthorizedError } from "@alanszp/errors";
+import { errorView } from "../views/errorView";
+import { NextFunction, Response } from "express";
+import { getRequestLogger } from "../helpers/getRequestLogger";
+import { GenericRequest } from "../types/GenericRequest";
+import { ILogger } from "@alanszp/logger";
+import { compact, isEmpty, omit } from "lodash";
+
+function parseAuthorizationHeader(
+  authorization: string | undefined
+): string | undefined {
+  if (!authorization) return undefined;
+  const [bearer, jwt, ...other] = authorization.split(" ");
+
+  if (bearer !== "Bearer" || other.length > 0) return undefined;
+
+  return jwt;
+}
+
+export enum AuthMethods {
+  JWT = "JWT",
+  API_KEY = "API_KEY",
+}
+
+export interface JWTVerifyOptions extends VerifyOptions {
+  publicKey: string;
+}
+
+export interface JWTOptions {
+  jwtVerifyOptions: JWTVerifyOptions;
+  types: [AuthMethods.JWT];
+}
+
+export interface ApiKeyOptions {
+  validApiKeys: string[];
+  types: [AuthMethods.API_KEY];
+}
+
+export interface BothMethodsOptions {
+  jwtVerifyOptions: JWTVerifyOptions;
+  validApiKeys: string[];
+  types:
+    | [AuthMethods.JWT, AuthMethods.API_KEY]
+    | [AuthMethods.API_KEY, AuthMethods.JWT];
+}
+
+export type AuthOptions = JWTOptions | ApiKeyOptions | BothMethodsOptions;
+
+const middlewareGetterByAuthType: Record<
+  AuthMethods,
+  (
+    tokenOrJwt: string | null | undefined,
+    options: AuthOptions,
+    logger: ILogger
+  ) => Promise<JWTUser | null | undefined>
+> = {
+  [AuthMethods.JWT]: async (
+    jwt: string | null | undefined,
+    options: Exclude<AuthOptions, ApiKeyOptions>,
+    logger: ILogger
+  ) => {
+    try {
+      if (!jwt) return undefined;
+      const jwtUser = await verifyJWT(
+        options.jwtVerifyOptions.publicKey,
+        jwt,
+        omit(options.jwtVerifyOptions, "publicKey")
+      );
+      logger.debug("auth.authWithJwt.authed", {
+        user: jwtUser.id,
+        org: jwtUser.organizationReference,
+      });
+      return jwtUser;
+    } catch (error: unknown) {
+      logger.info("auth.authWithJwt.invalidJwt", { jwt, error });
+      return null;
+    }
+  },
+  [AuthMethods.API_KEY]: async (
+    token: string | null | undefined,
+    options: Exclude<AuthOptions, JWTOptions>,
+    logger: ILogger
+  ): Promise<JWTUser | null | undefined> => {
+    try {
+      if (!token) return undefined;
+      if (options.validApiKeys.includes(token)) {
+        logger.debug("auth.authWithApiKey.authed", {
+          user: "0",
+          org: "lara",
+        });
+        return Promise.resolve({
+          id: "0",
+          employeeReference: "0",
+          organizationReference: "lara",
+          roles: [],
+          permissions: [],
+        });
+      } else {
+        return null;
+      }
+    } catch (error: unknown) {
+      logger.info("auth.authWithApiKey.invalidApiKey", { token, error });
+      return null;
+    }
+  },
+};
+
+export function createAuthContext<Options extends AuthOptions>(
+  options: Options
+) {
+  return function getMiddlewareForMethods(
+    authMethods: Options["types"][number][]
+  ) {
+    return async function authWithGivenMethods(
+      req: GenericRequest,
+      res: Response,
+      next: NextFunction
+    ): Promise<void> {
+      const logger = getRequestLogger(req);
+      const cookies = (req.cookies as Record<string, string | undefined>) || {};
+      const jwt =
+        cookies.jwt || parseAuthorizationHeader(req.headers.authorization);
+
+      try {
+        const authAttempts = await Promise.all(
+          authMethods.map((method) =>
+            middlewareGetterByAuthType[method](
+              method === AuthMethods.JWT ? jwt : req.headers.authorization,
+              options,
+              logger
+            )
+          )
+        );
+
+        const successfulAuthAttempts = compact(authAttempts);
+
+        if (isEmpty(successfulAuthAttempts)) {
+          res
+            .status(401)
+            .json(
+              errorView(
+                new UnauthorizedError([
+                  authAttempts.includes(null)
+                    ? `Token invalid for methods ${authMethods}`
+                    : `Token not set for methods ${authMethods}`,
+                ])
+              )
+            );
+          return;
+        }
+
+        const jwtUser: JWTUser = successfulAuthAttempts[0];
+        req.context.jwtUser = jwtUser;
+        req.context.authenticated.push(
+          jwtUser.employeeReference !== "0" ? "jwt" : "api_key"
+        );
+        next();
+      } catch (error: unknown) {
+        logger.info("auth.authenticateUser.error", {
+          jwt,
+          token: req.headers.authorization,
+          methods: AuthMethods,
+          error,
+        });
+        res.status(401).json(errorView(new UnauthorizedError(authMethods)));
+      }
+    };
+  };
+}

package/src/middlewares/createContext.ts

@@ -22,19 +22,23 @@ export function createContext(
 
     const contextId = cuid();
 
-    sharedContext.run(() => next(), {
-      logger: baseLogger,
-      audit: audit.withState(),
-      lifecycleId,
-      lifecycleChain,
-      contextId,
-    });
-
-    req.context.authenticated = [];
-    req.context.lifecycleId = lifecycleId;
-    req.context.lifecycleChain = lifecycleChain;
-    req.context.contextId = contextId;
-    req.context.log = sharedContext.getLogger() || baseLogger;
-    req.context.audit = sharedContext.getAudit() || audit.withState();
+    sharedContext.run(
+      (context) => {
+        req.context.authenticated = [];
+        req.context.lifecycleId = context.lifecycleId;
+        req.context.lifecycleChain = context.lifecycleChain;
+        req.context.contextId = context.contextId;
+        req.context.log = context.logger;
+        req.context.audit = context.audit;
+        next();
+      },
+      {
+        logger: baseLogger,
+        audit: audit.withState(),
+        lifecycleId,
+        lifecycleChain,
+        contextId,
+      }
+    );
   };
 }

package/src/test/mocks/authOptionsMocks.ts

@@ -0,0 +1,35 @@
+import {
+  ApiKeyOptions,
+  AuthMethods,
+  BothMethodsOptions,
+  JWTOptions,
+} from "../../middlewares/authenticateUser";
+
+export const jwtAuthOptions = {
+  jwtVerifyOptions: {
+    publicKey: "publicKey",
+    issuer: "issuer",
+    audience: "audience",
+  },
+  types: [AuthMethods.JWT],
+} as any as JWTOptions;
+
+export const verifyOptions = {
+  issuer: "issuer",
+  audience: "audience",
+};
+
+export const apiKeyAuthOptions: ApiKeyOptions = {
+  validApiKeys: ["token", "tooooken"],
+  types: [AuthMethods.API_KEY],
+};
+
+export const bothMethodsAuthOptions: BothMethodsOptions = {
+  jwtVerifyOptions: {
+    publicKey: "publicKey",
+    issuer: "issuer",
+    audience: "audience",
+  },
+  validApiKeys: ["token", "tooooken"],
+  types: [AuthMethods.API_KEY, AuthMethods.JWT],
+};

package/src/test/mocks/expressMocks.ts

@@ -0,0 +1,17 @@
+import { GenericRequest } from "../../types/GenericRequest";
+
+export const mockRequest = (authorization: string): GenericRequest => {
+  return {
+    headers: { authorization },
+    context: { jwtUser: undefined, authenticated: [] },
+  } as any as GenericRequest;
+};
+
+export const mockResponse = () => {
+  const res = {} as any;
+  res.status = jest.fn().mockReturnValue(res);
+  res.json = jest.fn().mockReturnValue(res);
+  return res;
+};
+
+export const mockNext = () => jest.fn();

package/src/test/mocks/jwtUserMocks.ts

@@ -0,0 +1,17 @@
+import { JWTUser } from "@alanszp/jwt";
+
+export const userJwtUserMock: JWTUser = {
+  id: "1",
+  employeeReference: "1",
+  organizationReference: "test",
+  roles: [],
+  permissions: [],
+};
+
+export const laraJwtUserMock: JWTUser = {
+  id: "0",
+  employeeReference: "0",
+  organizationReference: "lara",
+  roles: [],
+  permissions: [],
+};

package/src/test/setup.test.ts

@@ -0,0 +1,15 @@
+import { now } from "../helpers/now";
+
+jest.mock("@/helpers/now");
+
+describe("Timezones", () => {
+  it("should always be UTC", () => {
+    expect(new Date().getTimezoneOffset()).toBe(0);
+  });
+
+  it("now() is mocked", () => {
+    (now as jest.Mock).mockReturnValue(new Date("2021-01-01T12:30:43"));
+
+    expect(now()).toEqual(new Date("2021-01-01T12:30:43"));
+  });
+});

package/src/test/setup.ts

@@ -0,0 +1,3 @@
+import { config } from "dotenv";
+
+config({ path: ".env.test" });

package/src/types/AuthMethod.ts

@@ -21,4 +21,7 @@ type OverridableStringUnion<
 // eslint-disable-next-line @typescript-eslint/no-empty-interface
 export interface AuthMethodsOverride {}
 
-export type AuthMethod = OverridableStringUnion<"jwt", AuthMethodsOverride>;
+export type AuthMethod = OverridableStringUnion<
+  "jwt" | "api_key",
+  AuthMethodsOverride
+>;

package/tsconfig.json

@@ -4,12 +4,15 @@
     "outDir": "dist",
     "module": "commonjs",
     "target": "es6",
-    "types": ["node"],
+    "types": ["jest", "node"],
     "esModuleInterop": true,
     "sourceMap": true,
 
     "alwaysStrict": true,
     "strictNullChecks": true
   },
-  "exclude": ["node_modules"]
+  "exclude": ["node_modules"],
+  "paths": {
+    "@/*": ["src/*"]
+  }
 }

package/dist/middlewares/authWithJWT.d.ts

@@ -1,4 +0,0 @@
-import { VerifyOptions } from "@alanszp/jwt";
-import { NextFunction, Response } from "express";
-import { GenericRequest } from "../types/GenericRequest";
-export declare function createAuthWithJWT(publicKey: string, options?: VerifyOptions): (req: GenericRequest, res: Response, next: NextFunction) => Promise<void>;

package/dist/middlewares/authWithJWT.js

@@ -1,56 +0,0 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createAuthWithJWT = void 0;
-const jwt_1 = require("@alanszp/jwt");
-const errors_1 = require("@alanszp/errors");
-const errorView_1 = require("../views/errorView");
-const getRequestLogger_1 = require("../helpers/getRequestLogger");
-function parseAuthorizationHeader(authorization) {
-    if (!authorization)
-        return undefined;
-    const [bearer, jwt, ...other] = authorization.split(" ");
-    if (bearer !== "Bearer" || other.length > 0)
-        return undefined;
-    return jwt;
-}
-function createAuthWithJWT(publicKey, options) {
-    return function authWithJwt(req, res, next) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const logger = (0, getRequestLogger_1.getRequestLogger)(req);
-            const cookies = req.cookies || {};
-            const jwt = cookies.jwt || parseAuthorizationHeader(req.headers.authorization);
-            if (!jwt) {
-                logger.debug("auth.authWithJwt.error.notPresent", {
-                    headers: req.headers,
-                });
-                res.status(401).json((0, errorView_1.errorView)(new errors_1.UnauthorizedError(["jwt"])));
-                return;
-            }
-            try {
-                const jwtUser = yield (0, jwt_1.verifyJWT)(publicKey, jwt, options);
-                logger.debug("auth.authWithJwt.authed", {
-                    user: jwtUser.id,
-                    org: jwtUser.organizationReference,
-                });
-                req.context.jwtUser = jwtUser;
-                req.context.authenticated.push("jwt");
-                next();
-            }
-            catch (error) {
-                logger.info("auth.authWithJwt.invalidJwt", { jwt, error });
-                res.status(401).json((0, errorView_1.errorView)(new errors_1.UnauthorizedError(["jwt"])));
-            }
-        });
-    };
-}
-exports.createAuthWithJWT = createAuthWithJWT;
-//# sourceMappingURL=authWithJWT.js.map

package/dist/middlewares/authWithJWT.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"authWithJWT.js","sourceRoot":"","sources":["../../src/middlewares/authWithJWT.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,sCAAwD;AACxD,4CAAoD;AACpD,kDAA+C;AAE/C,kEAA+D;AAG/D,SAAS,wBAAwB,CAC/B,aAAiC;IAEjC,IAAI,CAAC,aAAa;QAAE,OAAO,SAAS,CAAC;IACrC,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEzD,IAAI,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,SAAS,CAAC;IAE9D,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAgB,iBAAiB,CAAC,SAAiB,EAAE,OAAuB;IAC1E,OAAO,SAAe,WAAW,CAC/B,GAAmB,EACnB,GAAa,EACb,IAAkB;;YAElB,MAAM,MAAM,GAAG,IAAA,mCAAgB,EAAC,GAAG,CAAC,CAAC;YACrC,MAAM,OAAO,GAAI,GAAG,CAAC,OAA8C,IAAI,EAAE,CAAC;YAC1E,MAAM,GAAG,GACP,OAAO,CAAC,GAAG,IAAI,wBAAwB,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;YAErE,IAAI,CAAC,GAAG,EAAE;gBACR,MAAM,CAAC,KAAK,CAAC,mCAAmC,EAAE;oBAChD,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAA,qBAAS,EAAC,IAAI,0BAAiB,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBAChE,OAAO;aACR;YAED,IAAI;gBACF,MAAM,OAAO,GAAG,MAAM,IAAA,eAAS,EAAC,SAAS,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;gBACzD,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;oBACtC,IAAI,EAAE,OAAO,CAAC,EAAE;oBAChB,GAAG,EAAE,OAAO,CAAC,qBAAqB;iBACnC,CAAC,CAAC;gBAEH,GAAG,CAAC,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;gBAC9B,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAEtC,IAAI,EAAE,CAAC;aACR;YAAC,OAAO,KAAc,EAAE;gBACvB,MAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAA,qBAAS,EAAC,IAAI,0BAAiB,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;aACjE;QACH,CAAC;KAAA,CAAC;AACJ,CAAC;AAnCD,8CAmCC"}

package/src/middlewares/authWithJWT.ts

@@ -1,54 +0,0 @@
-import { verifyJWT, VerifyOptions } from "@alanszp/jwt";
-import { UnauthorizedError } from "@alanszp/errors";
-import { errorView } from "../views/errorView";
-import { NextFunction, Response } from "express";
-import { getRequestLogger } from "../helpers/getRequestLogger";
-import { GenericRequest } from "../types/GenericRequest";
-
-function parseAuthorizationHeader(
-  authorization: string | undefined
-): string | undefined {
-  if (!authorization) return undefined;
-  const [bearer, jwt, ...other] = authorization.split(" ");
-
-  if (bearer !== "Bearer" || other.length > 0) return undefined;
-
-  return jwt;
-}
-
-export function createAuthWithJWT(publicKey: string, options?: VerifyOptions) {
-  return async function authWithJwt(
-    req: GenericRequest,
-    res: Response,
-    next: NextFunction
-  ): Promise<void> {
-    const logger = getRequestLogger(req);
-    const cookies = (req.cookies as Record<string, string | undefined>) || {};
-    const jwt =
-      cookies.jwt || parseAuthorizationHeader(req.headers.authorization);
-
-    if (!jwt) {
-      logger.debug("auth.authWithJwt.error.notPresent", {
-        headers: req.headers,
-      });
-      res.status(401).json(errorView(new UnauthorizedError(["jwt"])));
-      return;
-    }
-
-    try {
-      const jwtUser = await verifyJWT(publicKey, jwt, options);
-      logger.debug("auth.authWithJwt.authed", {
-        user: jwtUser.id,
-        org: jwtUser.organizationReference,
-      });
-
-      req.context.jwtUser = jwtUser;
-      req.context.authenticated.push("jwt");
-
-      next();
-    } catch (error: unknown) {
-      logger.info("auth.authWithJwt.invalidJwt", { jwt, error });
-      res.status(401).json(errorView(new UnauthorizedError(["jwt"])));
-    }
-  };
-}