@node-c/api-http 1.0.0-alpha9 → 1.0.0-beta0

package/src/interceptors/http.interceptors.authorization.ts

@@ -1,82 +0,0 @@
-import {
-  CallHandler,
-  ExecutionContext,
-  HttpException,
-  HttpStatus,
-  Inject,
-  Injectable,
-  NestInterceptor
-} from '@nestjs/common';
-
-import { ConfigProviderService, EndpointSecurityMode } from '@node-c/core';
-import { AuthorizationPoint, IAMAuthorizationService, UserWithPermissionsData } from '@node-c/domain-iam';
-
-import { setNested } from '@ramster/general-tools';
-import { Observable } from 'rxjs';
-
-import { Constants, RequestWithLocals } from '../common/definitions';
-
-@Injectable()
-export class HTTPAuthorizationInterceptor<User extends UserWithPermissionsData<unknown, unknown>>
-  implements NestInterceptor
-{
-  constructor(
-    @Inject(Constants.API_MODULE_AUTHORIZATION_SERVICE)
-    // eslint-disable-next-line no-unused-vars
-    protected authorizationService: IAMAuthorizationService<AuthorizationPoint<unknown>>,
-    // eslint-disable-next-line no-unused-vars
-    protected configProvider: ConfigProviderService,
-    @Inject(Constants.API_MODULE_NAME)
-    // eslint-disable-next-line no-unused-vars
-    protected moduleName: string
-  ) {}
-
-  async intercept(context: ExecutionContext, next: CallHandler): Promise<Observable<unknown>> {
-    const [req]: [RequestWithLocals<User>, unknown] = context.getArgs();
-    const locals = req.locals!;
-    if (!locals) {
-      throw new HttpException('Forbidden', HttpStatus.FORBIDDEN);
-    } else if (locals.isAnonymous) {
-      return next.handle();
-    }
-    const { moduleName } = this;
-    const controllerName = context.getClass().name;
-    const handlerName = context.getHandler().name;
-    // TODO: cache this in-memory
-    const authorizationData = await this.authorizationService.mapAuthorizationPoints(moduleName);
-    let controllerData = authorizationData![controllerName];
-    if (!controllerData) {
-      controllerData = authorizationData.__all;
-    }
-    const user = locals.user!; // we'll always have this, otherwise the system has not been configured properly
-    let handlerData = controllerData[handlerName];
-    if (!handlerData) {
-      handlerData = controllerData.__all;
-      if (!Object.keys(handlerData).length) {
-        const { endpointSecurityMode } = this.configProvider.config.api[moduleName];
-        if (!endpointSecurityMode || endpointSecurityMode === EndpointSecurityMode.Strict) {
-          console.info(
-            `[${moduleName}][HTTPAuthorizationInterceptor]: No authorization point data for handler ${controllerName}.${handlerName}.`
-          );
-          throw new HttpException('Forbidden', HttpStatus.FORBIDDEN);
-        }
-        return next.handle();
-      }
-    }
-    const { hasAccess, inputDataToBeMutated } = IAMAuthorizationService.checkAccess(
-      handlerData,
-      { body: req.body, headers: req.headers, params: req.params, query: req.query },
-      user
-    );
-    if (!hasAccess) {
-      console.info(
-        `[${moduleName}][HTTPAuthorizationInterceptor]: No user access to handler ${controllerName}.${handlerName}.`
-      );
-      throw new HttpException('Forbidden', HttpStatus.FORBIDDEN);
-    }
-    for (const key in inputDataToBeMutated) {
-      setNested(req, key, inputDataToBeMutated[key]);
-    }
-    return next.handle();
-  }
-}

package/src/middlewares/http.middlewares.authentication.ts

@@ -1,111 +0,0 @@
-import { HttpException, HttpStatus, Inject, Injectable, NestMiddleware } from '@nestjs/common';
-
-import { AppConfigAPIHTTP, ConfigProviderService } from '@node-c/core';
-import { DecodedTokenContent, IAMTokenManagerService, IAMUsersService, UserTokenEnityFields } from '@node-c/domain-iam';
-
-import { checkRoutes } from '@ramster/general-tools';
-
-import { NextFunction, Response } from 'express';
-
-import { Constants, RequestWithLocals } from '../common/definitions';
-
-@Injectable()
-export class HTTPAuthenticationMiddleware<User extends object> implements NestMiddleware {
-  constructor(
-    // eslint-disable-next-line no-unused-vars
-    protected configProvider: ConfigProviderService,
-    @Inject(Constants.API_MODULE_NAME)
-    // eslint-disable-next-line no-unused-vars
-    protected moduleName: string,
-    @Inject(Constants.AUTHENTICATION_MIDDLEWARE_TOKEN_MANAGER_SERVICE)
-    // eslint-disable-next-line no-unused-vars
-    protected tokenManager: IAMTokenManagerService<UserTokenEnityFields>,
-    @Inject(Constants.AUTHENTICATION_MIDDLEWARE_USERS_SERVICE)
-    // eslint-disable-next-line no-unused-vars
-    protected usersService: IAMUsersService<User>
-  ) {}
-
-  use(req: RequestWithLocals<unknown>, res: Response, next: NextFunction): void {
-    (async () => {
-      const { anonymousAccessRoutes } = this.configProvider.config.api![this.moduleName] as AppConfigAPIHTTP;
-      if (!req.locals) {
-        req.locals = {};
-      }
-      if (anonymousAccessRoutes && Object.keys(anonymousAccessRoutes).length) {
-        const originalUrl = req.originalUrl.split('?')[0];
-        let isAnonymous = false;
-        for (const route in anonymousAccessRoutes) {
-          if (
-            checkRoutes(originalUrl, [route]) &&
-            anonymousAccessRoutes[route].find(method => method === req.method.toLowerCase())
-          ) {
-            isAnonymous = true;
-            break;
-          }
-        }
-        if (isAnonymous) {
-          req.locals.isAnonymous = true;
-          next();
-          return;
-        }
-      }
-      const { tokenManager, usersService } = this;
-      let tokens: string[] = [];
-      let authToken = req.headers.authorization;
-      let authTokenIsNew = false;
-      let refreshToken: string | undefined;
-      let tokenContent: DecodedTokenContent<UserTokenEnityFields> | undefined;
-      let useCookie = false;
-      if (typeof authToken === 'string' && authToken.length && authToken.match(/^Bearer\s/)) {
-        tokens = authToken.split(' ');
-        if (tokens.length) {
-          authToken = tokens[1];
-          refreshToken = tokens[2];
-        }
-      } else {
-        authToken = req.cookies['sid'];
-        useCookie = true;
-      }
-      if (!authToken) {
-        console.error('Missing auth token.');
-        throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
-      }
-      try {
-        const tokenRes = await tokenManager.verifyAccessToken(authToken, {
-          deleteFromStoreIfExpired: true,
-          identifierDataField: 'userId',
-          persistNewToken: true,
-          purgeStoreOnRenew: true,
-          refreshToken,
-          refreshTokenAccessTokenIdentifierDataField: 'accessToken'
-        });
-        tokenContent = tokenRes.content!;
-        if (tokenRes.newToken) {
-          authTokenIsNew = true;
-        }
-      } catch (e) {
-        console.error('Failed to parse the access or refresh token:', e);
-        throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
-      }
-      if (authTokenIsNew) {
-        res.setHeader('Authorization', `Bearer ${authToken}${refreshToken ? ` ${refreshToken}` : ''}`);
-        if (useCookie) {
-          res.cookie('sid', authToken);
-        }
-      }
-      const userId = tokenContent?.data?.userId;
-      if (!userId) {
-        console.error('Missing userId in the tokenContent data.');
-        throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
-      }
-      req.locals!.user = await usersService.getUserWithPermissionsData({ filters: { id: userId } });
-      next();
-    })().then(
-      () => true,
-      err => {
-        console.error(err);
-        res.status((err && err.status) || HttpStatus.INTERNAL_SERVER_ERROR).end();
-      }
-    );
-  }
-}