lesgo 0.7.8 → 1.0.0

package/src/middlewares/__tests__/httpNoOutputMiddleware.spec.js

@@ -15,7 +15,7 @@ describe('MiddlewareGroup: test successHttpNoOutputResponseAfterHandler', () =>
       response: 'Some message',
     });
     expect(handler.response).toHaveProperty('statusCode', 200);
-    expect(handler.response).toHaveProperty('body', null);
+    expect(handler.response).toHaveProperty('body', '');
   });
 
   it('should return the body when debug is enabled via query string parameters', async () => {
@@ -43,7 +43,7 @@ describe('MiddlewareGroup: test successHttpNoOutputResponseAfterHandler', () =>
     );
   });
 
-  it('should have null body even when enabled when configuration has is disabled', async () => {
+  it('should have empty body even when enabled when configuration has is disabled', async () => {
     app.debug = false;
 
     const handler = {
@@ -60,36 +60,43 @@ describe('MiddlewareGroup: test successHttpNoOutputResponseAfterHandler', () =>
       response: 'Some message',
     });
     expect(handler.response).toHaveProperty('statusCode', 200);
-    expect(handler.response).toHaveProperty('body', null);
+    expect(handler.response).toHaveProperty('body', '');
     app.debug = true;
   });
 
-  it('should return a response when allowResponse override is passed via options', async () => {
-    app.debug = false;
-
-    const handler = {
-      response: {},
-      event: {
-        someEventKey: 'someEventValue',
-      },
-    };
-
-    await successHttpNoOutputResponseAfterHandler(handler, () => {}, {
-      response: 'Some message',
-      allowResponse: () => true,
-    });
-    expect(handler.response).toHaveProperty('statusCode', 200);
-    expect(handler.response).toHaveProperty(
-      'body',
-      JSON.stringify({
-        status: 'success',
-        data: 'Some message',
-        _meta: {},
-      })
-    );
-
-    app.debug = true;
-  });
+  it.each`
+    debug    | allowResponse  | body
+    ${false} | ${() => true}  | ${JSON.stringify({ status: 'success', data: 'Some message', _meta: {} })}
+    ${true}  | ${() => true}  | ${JSON.stringify({ status: 'success', data: 'Some message', _meta: {} })}
+    ${false} | ${() => false} | ${''}
+    ${true}  | ${() => false} | ${''}
+    ${true}  | ${undefined}   | ${JSON.stringify({ status: 'success', data: 'Some message', _meta: {} })}
+    ${false} | ${undefined}   | ${''}
+  `(
+    'should return a specific response when allowResponse is $allowResponse and debug is $debug passed via options',
+    async ({ debug, allowResponse, body }) => {
+      app.debug = debug;
+
+      const handler = {
+        response: {},
+        event: {
+          someEventKey: 'someEventValue',
+          queryStringParameters: {
+            debug: 1,
+          },
+        },
+      };
+
+      await successHttpNoOutputResponseAfterHandler(handler, () => {}, {
+        response: 'Some message',
+        allowResponse,
+      });
+      expect(handler.response).toHaveProperty('statusCode', 200);
+      expect(handler.response).toHaveProperty('body', body);
+
+      app.debug = true;
+    }
+  );
 });
 
 describe('MiddlewareGroup: test errorHttpNoOutputResponseAfterHandler', () => {
@@ -103,7 +110,7 @@ describe('MiddlewareGroup: test errorHttpNoOutputResponseAfterHandler', () => {
       error: new Error('Test validation error'),
     });
     expect(handler.response).toHaveProperty('statusCode', 200);
-    expect(handler.response).toHaveProperty('body', null);
+    expect(handler.response).toHaveProperty('body', '');
   });
 
   it('should return the body when debug is enabled via query string parameters', async () => {
@@ -141,7 +148,7 @@ describe('MiddlewareGroup: test errorHttpNoOutputResponseAfterHandler', () => {
     );
   });
 
-  it('should have null body even when enabled when configuration has is disabled', async () => {
+  it('should have empty body even when enabled when configuration has is disabled', async () => {
     app.debug = false;
 
     const handler = {
@@ -158,11 +165,11 @@ describe('MiddlewareGroup: test errorHttpNoOutputResponseAfterHandler', () => {
       error: new Error('Test validation error'),
     });
     expect(handler.response).toHaveProperty('statusCode', 200);
-    expect(handler.response).toHaveProperty('body', null);
+    expect(handler.response).toHaveProperty('body', '');
     app.debug = true;
   });
 
-  it('should return a response when allowResponse override is passed via options', async () => {
+  it('should have a response when allowResponse override is passed via options', async () => {
     app.debug = false;
 
     const handler = {
@@ -180,20 +187,15 @@ describe('MiddlewareGroup: test errorHttpNoOutputResponseAfterHandler', () => {
       allowResponse: () => true,
     });
     expect(handler.response).toHaveProperty('statusCode', 500);
-    expect(handler.response).toHaveProperty(
-      'body',
-      JSON.stringify({
-        status: 'error',
-        data: null,
-        error: {
-          code: 'UNHANDLED_ERROR',
-          message: 'Error: Test validation error',
-          details: '',
-        },
-        _meta: {},
-      })
-    );
-
-    app.debug = false;
+    expect(JSON.parse(handler.response.body)).toStrictEqual({
+      status: 'error',
+      data: null,
+      error: {
+        code: 'UNHANDLED_ERROR',
+        message: 'Error: Test validation error',
+        details: '',
+      },
+      _meta: expect.anything(),
+    });
   });
 });

package/src/middlewares/__tests__/successHttpResponseMiddleware.spec.js

@@ -73,6 +73,19 @@ describe('MiddlewareGroup: test successHttpResponseHandler middleware', () => {
     });
   });
 
+  it('test with formatSuccess argument', async () => {
+    const data = await successHttpResponseHandler({
+      response: 'Some message',
+      formatSuccess: options => {
+        return options.response;
+      },
+    });
+
+    expect(data.statusCode).toBe(200);
+
+    expect(data.body).toBe('Some message');
+  });
+
   it('test with configurable header', async () => {
     const data = await successHttpResponseHandler({
       response: 'Some message',

package/src/middlewares/__tests__/verifyJwtMiddleware.spec.js

@@ -2,7 +2,6 @@ import config from 'Config/jwt'; // eslint-disable-line import/no-unresolved
 import verifyJwtMiddleware, {
   verifyJwtMiddlewareBeforeHandler,
 } from '../verifyJwtMiddleware';
-import LesgoException from '../../exceptions/LesgoException';
 
 describe('MiddlewareGroup: test verifyJwtMiddleware middleware', () => {
   const handler = {
@@ -28,17 +27,20 @@ describe('MiddlewareGroup: test verifyJwtMiddleware middleware', () => {
     expect(result).toHaveProperty('before');
   });
 
-  it('test without authorization header', () => {
-    expect(() => verifyJwtMiddlewareBeforeHandler(handler, () => {})).toThrow(
-      new LesgoException(
-        'Authorization Header is required!',
-        'JWT_MISSING_AUTHORIZATION_HEADER',
-        403
-      )
-    );
+  it('test without authorization header', async () => {
+    try {
+      expect(
+        await verifyJwtMiddlewareBeforeHandler(handler, () => {})
+      ).toThrow();
+    } catch (e) {
+      expect(e.name).toEqual('LesgoException');
+      expect(e.message).toEqual('Authorization Header is required!');
+      expect(e.code).toEqual('JWT_MISSING_AUTHORIZATION_HEADER');
+      expect(e.statusCode).toEqual(403);
+    }
   });
 
-  it('test with missing bearer token', () => {
+  it('test with missing bearer token', async () => {
     const newHandler = {
       event: {
         ...handler.event,
@@ -48,18 +50,19 @@ describe('MiddlewareGroup: test verifyJwtMiddleware middleware', () => {
       },
     };
 
-    expect(() =>
-      verifyJwtMiddlewareBeforeHandler(newHandler, () => {})
-    ).toThrow(
-      new LesgoException(
-        'Authorization Header is required!',
-        'JWT_MISSING_AUTHORIZATION_HEADER',
-        403
-      )
-    );
+    try {
+      expect(
+        await verifyJwtMiddlewareBeforeHandler(newHandler, () => {})
+      ).toThrow();
+    } catch (e) {
+      expect(e.name).toEqual('LesgoException');
+      expect(e.message).toEqual('Authorization Header is required!');
+      expect(e.code).toEqual('JWT_MISSING_AUTHORIZATION_HEADER');
+      expect(e.statusCode).toEqual(403);
+    }
   });
 
-  it('test with invalid token', () => {
+  it('test with invalid token', async () => {
     const newHandler = {
       event: {
         ...handler.event,
@@ -69,18 +72,19 @@ describe('MiddlewareGroup: test verifyJwtMiddleware middleware', () => {
       },
     };
 
-    expect(() =>
-      verifyJwtMiddlewareBeforeHandler(newHandler, () => {})
-    ).toThrow(
-      new LesgoException(
-        'Missing Bearer token!',
-        'JWT_MISSING_BEARER_TOKEN',
-        403
-      )
-    );
+    try {
+      expect(
+        await verifyJwtMiddlewareBeforeHandler(newHandler, () => {})
+      ).toThrow();
+    } catch (e) {
+      expect(e.name).toEqual('LesgoException');
+      expect(e.message).toEqual('Missing Bearer token!');
+      expect(e.code).toEqual('JWT_MISSING_BEARER_TOKEN');
+      expect(e.statusCode).toEqual(403);
+    }
   });
 
-  it('test with malformed token', () => {
+  it('test with malformed token', async () => {
     const newHandler = {
       event: {
         ...handler.event,
@@ -90,12 +94,19 @@ describe('MiddlewareGroup: test verifyJwtMiddleware middleware', () => {
       },
     };
 
-    expect(() =>
-      verifyJwtMiddlewareBeforeHandler(newHandler, () => {})
-    ).toThrow(new LesgoException('jwt malformed', 'JWT_ERROR', 403));
+    try {
+      expect(
+        await verifyJwtMiddlewareBeforeHandler(newHandler, () => {})
+      ).toThrow();
+    } catch (e) {
+      expect(e.name).toEqual('LesgoException');
+      expect(e.message).toEqual('jwt malformed');
+      expect(e.code).toEqual('JWT_ERROR');
+      expect(e.statusCode).toEqual(403);
+    }
   });
 
-  it('test with incorrect secret key', () => {
+  it('test with incorrect secret key', async () => {
     const newHandler = {
       event: {
         ...handler.event,
@@ -106,12 +117,19 @@ describe('MiddlewareGroup: test verifyJwtMiddleware middleware', () => {
       },
     };
 
-    expect(() =>
-      verifyJwtMiddlewareBeforeHandler(newHandler, () => {})
-    ).toThrow(new LesgoException('invalid signature', 'JWT_ERROR', 403));
+    try {
+      expect(
+        await verifyJwtMiddlewareBeforeHandler(newHandler, () => {})
+      ).toThrow();
+    } catch (e) {
+      expect(e.name).toEqual('LesgoException');
+      expect(e.message).toEqual('invalid signature');
+      expect(e.code).toEqual('JWT_ERROR');
+      expect(e.statusCode).toEqual(403);
+    }
   });
 
-  it('test with invalid ISS', () => {
+  it('test with invalid ISS', async () => {
     const newHandler = {
       event: {
         ...handler.event,
@@ -122,18 +140,19 @@ describe('MiddlewareGroup: test verifyJwtMiddleware middleware', () => {
       },
     };
 
-    expect(() =>
-      verifyJwtMiddlewareBeforeHandler(newHandler, () => {})
-    ).toThrow(
-      new LesgoException(
-        "Token's [iss] is not valid!",
-        'JWT_ISS_NOT_VALID',
-        403
-      )
-    );
+    try {
+      expect(
+        await verifyJwtMiddlewareBeforeHandler(newHandler, () => {})
+      ).toThrow();
+    } catch (e) {
+      expect(e.name).toEqual('LesgoException');
+      expect(e.message).toEqual("Token's [iss] is not valid!");
+      expect(e.code).toEqual('JWT_ISS_NOT_VALID');
+      expect(e.statusCode).toEqual(403);
+    }
   });
 
-  it('test with missing custom claim', () => {
+  it('test with missing custom claim', async () => {
     const newHandler = {
       event: {
         ...handler.event,
@@ -144,18 +163,21 @@ describe('MiddlewareGroup: test verifyJwtMiddleware middleware', () => {
       },
     };
 
-    expect(() =>
-      verifyJwtMiddlewareBeforeHandler(newHandler, () => {})
-    ).toThrow(
-      new LesgoException(
-        `Token's custom claim [${config.customClaims.data[0]}] not found!`,
-        'JWT_CUSTOM_CLAIM_NOT_FOUND',
-        403
-      )
-    );
+    try {
+      expect(
+        await verifyJwtMiddlewareBeforeHandler(newHandler, () => {})
+      ).toThrow();
+    } catch (e) {
+      expect(e.name).toEqual('LesgoException');
+      expect(e.message).toEqual(
+        `Token's custom claim [${config.customClaims.data[0]}] not found!`
+      );
+      expect(e.code).toEqual('JWT_CUSTOM_CLAIM_NOT_FOUND');
+      expect(e.statusCode).toEqual(403);
+    }
   });
 
-  it('test with expired token', () => {
+  it('test with expired token', async () => {
     const newHandler = {
       event: {
         ...handler.event,
@@ -166,12 +188,19 @@ describe('MiddlewareGroup: test verifyJwtMiddleware middleware', () => {
       },
     };
 
-    expect(() =>
-      verifyJwtMiddlewareBeforeHandler(newHandler, () => {})
-    ).toThrow(new LesgoException('jwt expired', 'JWT_EXPIRED', 403));
+    try {
+      expect(
+        await verifyJwtMiddlewareBeforeHandler(newHandler, () => {})
+      ).toThrow();
+    } catch (e) {
+      expect(e.name).toEqual('LesgoException');
+      expect(e.message).toEqual('jwt expired');
+      expect(e.code).toEqual('JWT_EXPIRED');
+      expect(e.statusCode).toEqual(403);
+    }
   });
 
-  it('test with valid token', () => {
+  it('test with valid token', async () => {
     const newHandler = {
       event: {
         ...handler.event,
@@ -182,14 +211,60 @@ describe('MiddlewareGroup: test verifyJwtMiddleware middleware', () => {
       },
     };
 
-    verifyJwtMiddlewareBeforeHandler(newHandler, () => {});
+    await verifyJwtMiddlewareBeforeHandler(newHandler, () => {});
     expect(newHandler.event.decodedJwt).toMatchObject({
       sub: '1234567890',
       iss: config.iss.data[0],
     });
   });
 
-  it('test with custom config', () => {
+  it('test with secret as a function argument', async () => {
+    const { secret } = config;
+    config.secret = secretHandler => {
+      return `111${secretHandler.key}`;
+    };
+    const newHandler = {
+      key: '1',
+      event: {
+        ...handler.event,
+        headers: {
+          Authorization:
+            'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJpc3MiOiJkb21haW4uY29tIiwiZGVwYXJ0bWVudF9pZCI6MX0.7RdbXJhzrn_yV7CPqkuX0Yvtms0xaIw1q4LPe8O0BDY',
+        },
+      },
+    };
+
+    await verifyJwtMiddlewareBeforeHandler(newHandler, () => {});
+    expect(newHandler.event.decodedJwt).toMatchObject({
+      sub: '1234567890',
+      iss: config.iss.data[0],
+    });
+
+    config.secret = secret;
+  });
+
+  it('test with callback argument', async () => {
+    const callback = jest.fn();
+    config.callback = callback;
+    const newHandler = {
+      event: {
+        ...handler.event,
+        headers: {
+          Authorization:
+            'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJpc3MiOiJkb21haW4uY29tIiwiZGVwYXJ0bWVudF9pZCI6MX0.pa2TBRqdVSFUhmiglB8SD8ImthqhqZBn0stAdNRcJ3w',
+        },
+      },
+    };
+
+    await verifyJwtMiddlewareBeforeHandler(newHandler, () => {});
+    expect(newHandler.event.decodedJwt).toMatchObject({
+      sub: '1234567890',
+      iss: config.iss.data[0],
+    });
+    expect(callback).toHaveBeenCalledWith(newHandler);
+  });
+
+  it('test with custom config', async () => {
     const newHandler = {
       event: {
         ...handler.event,
@@ -200,7 +275,7 @@ describe('MiddlewareGroup: test verifyJwtMiddleware middleware', () => {
       },
     };
 
-    verifyJwtMiddlewareBeforeHandler(newHandler, () => {}, {
+    await verifyJwtMiddlewareBeforeHandler(newHandler, () => {}, {
       jwtConfig: {
         secret:
           'c4156b94c80b7f163feabd4ff268c99eb11ce8995df370a4fd872afb4377b273',

package/src/middlewares/basicAuthMiddleware.js

@@ -1,50 +1,19 @@
 import client from 'Config/client'; // eslint-disable-line import/no-unresolved
-import crypto from 'crypto';
 import LesgoException from '../exceptions/LesgoException';
-import { errorHttpResponseAfterHandler } from './errorHttpResponseMiddleware';
 
 const FILE = 'Middlewares/basicAuthMiddleware';
 
-const blacklistMode = opts => {
-  if (opts && typeof opts.blacklistMode !== 'undefined') {
-    return !!opts.blacklistMode;
-  }
-
-  return true;
-};
-
-export const generateBasicAuthorizationHash = (key, secret) => {
-  return crypto
-    .createHash('sha1')
-    .update(`${key}:${secret}`)
-    .digest('hex');
-};
-
-const getSiteId = event => {
-  let siteId;
-
-  if (event.site && event.site.id) {
-    siteId = event.site.id;
-  } else if (
-    event.requestContext &&
-    event.requestContext.site &&
-    event.requestContext.site.id
-  ) {
-    siteId = event.requestContext.site.id;
-  } else if (event.platform) {
-    siteId = event.platform;
-  }
-
-  if (typeof siteId === 'undefined') {
-    throw new LesgoException(
-      'Site ID could not be found',
-      `${FILE}::SITE_ID_NOT_FOUND`,
-      403,
-      'Ensure that clientAuthMiddleware() is called before this Middleware'
-    );
-  }
+export const generateBasicAuthorizationHash = (key, secret, opts = {}) => {
+  const { getPreHashString } = {
+    ...client,
+    ...opts,
+  };
+  const preHashString =
+    typeof getPreHashString === 'function'
+      ? getPreHashString(key, secret)
+      : `${key}:${secret}`;
 
-  return siteId;
+  return Buffer.from(preHashString).toString('base64');
 };
 
 const getClient = opts => {
@@ -52,22 +21,13 @@ const getClient = opts => {
     return opts.client;
   }
 
-  return client;
+  return client.clients;
 };
 
-const getHashFromHeaders = (headers, opts) => {
+const getHashFromHeaders = headers => {
   const basicAuth = headers.Authorization || headers.authorization;
 
   if (typeof basicAuth === 'undefined') {
-    if (blacklistMode(opts)) {
-      throw new LesgoException(
-        'Authorization header not found',
-        `${FILE}::AUTHORIZATION_HEADER_NOT_FOUND`,
-        403,
-        'Ensure you are have provided the basic authentication code using Authorization header'
-      );
-    }
-
     return '';
   }
 
@@ -97,23 +57,22 @@ const getHashFromHeaders = (headers, opts) => {
     );
   }
 
-  const buff = Buffer.from(authEncoded, 'base64');
-
-  return buff.toString('utf-8');
+  return authEncoded;
 };
 
-const validateBasicAuth = (hash, siteId, clientObject, opts) => {
+const validateBasicAuth = (hash, clientObject, opts, siteId = undefined) => {
   const site = Object.keys(clientObject).find(clientCode => {
     const hashIsEquals =
       generateBasicAuthorizationHash(
         clientObject[clientCode].key,
-        clientObject[clientCode].secret
+        clientObject[clientCode].secret,
+        opts
       ) === hash;
 
-    return siteId === clientCode && hashIsEquals;
+    return siteId ? siteId === clientCode && hashIsEquals : hashIsEquals;
   });
 
-  if (!site && (hash.length > 0 || (hash.length <= 0 && blacklistMode(opts)))) {
+  if (!site) {
     throw new LesgoException(
       'Invalid client key or secret provided',
       `${FILE}::AUTH_INVALID_CLIENT_OR_SECRET_KEY`,
@@ -123,12 +82,34 @@ const validateBasicAuth = (hash, siteId, clientObject, opts) => {
   }
 };
 
-export const verifyBasicAuthBeforeHandler = (handler, next, opts) => {
-  const siteId = getSiteId(handler.event);
+export const verifyBasicAuthBeforeHandler = async (handler, next, opts) => {
+  const { headers, platform } = handler.event;
   const finalClient = getClient(opts);
-  const hashFromHeader = getHashFromHeaders(handler.event.headers, opts);
+  const hashFromHeader = getHashFromHeaders(headers);
+  let isAuthOptional = platform ? platform.isAuthOptional : false;
+  if (isAuthOptional && typeof isAuthOptional.then === 'function') {
+    isAuthOptional = await isAuthOptional;
+  }
 
-  validateBasicAuth(hashFromHeader, siteId, finalClient, opts);
+  if (hashFromHeader) {
+    validateBasicAuth(
+      hashFromHeader,
+      finalClient,
+      opts,
+      platform ? platform.id : undefined
+    );
+  } else if (!platform || !isAuthOptional) {
+    /**
+     * An error will occur only when either the platform could not be determined, assuming a basic auth is needed.
+     * Or whenever the platform could be determined, but `isAuthOptional` is not true for that platform
+     */
+    throw new LesgoException(
+      'Authorization header not found',
+      `${FILE}::AUTHORIZATION_HEADER_NOT_FOUND`,
+      403,
+      'Ensure you are have provided the basic authentication code using Authorization header'
+    );
+  }
 
   next();
 };
@@ -138,7 +119,6 @@ const basicAuthMiddleware = opts => {
   return {
     before: (handler, next) =>
       verifyBasicAuthBeforeHandler(handler, next, opts),
-    onError: (handler, next) => errorHttpResponseAfterHandler(handler, next),
   };
 };