response-standardizer 1.0.0 → 1.0.1

package/dist/index.d.ts

@@ -1,3 +1,4 @@
+import { Request, Response } from "express";
 import { RestResponseFunctions, RestMiddlewareFunctions } from "./types.js";
 declare global {
     namespace Express {
@@ -11,5 +12,7 @@ declare global {
         }
     }
 }
+export declare const protect: (req: Request, res: Response, next: any) => void;
+export declare const role: (allowedRoles: string[]) => (req: any, res: any, next: any) => void;
 export declare const RestResponse: RestResponseFunctions;
 export declare const RestMiddleware: RestMiddlewareFunctions;

package/dist/index.js

@@ -1,4 +1,51 @@
 import { generateRequestId, getTimestamp } from "./utils.js";
+import axios from "axios";
+import jwt from "jsonwebtoken";
+async function getKeycloakPublicKey() {
+    const realmUrl = `http://${process.env.KEYCLOAK_SERVICE ?? "localhost"}/realms/${process.env.KEYCLOAK_REALM ?? "master"}`;
+    console.log(`Keycloak PublicKey Url: ${realmUrl}`);
+    const resp = await axios.get(realmUrl);
+    const key = resp.data.public_key;
+    const pem = `-----BEGIN PUBLIC KEY-----\n${key.match(/.{1,64}/g)?.join("\n")}\n-----END PUBLIC KEY-----`;
+    return pem;
+}
+const KEYCLOAK_PUBLIC_KEY = await getKeycloakPublicKey();
+export const protect = (req, res, next) => {
+    const authHeader = req.headers["authorization"];
+    if (!authHeader)
+        return RestResponse.unauthorized(req, res);
+    const token = authHeader.split(" ")[1];
+    if (!token)
+        return RestResponse.unauthorized(req, res, "Token malformed");
+    try {
+        const decoded = jwt.verify(token, KEYCLOAK_PUBLIC_KEY, { algorithms: ["RS256"] });
+        req.user = decoded;
+        next();
+    }
+    catch (err) {
+        console.error(err);
+        return RestResponse.unauthorized(req, res, "Token is not valid");
+    }
+};
+export const role = (allowedRoles) => {
+    return (req, res, next) => {
+        const user = req.user;
+        if (!user) {
+            return RestResponse.unauthorized(req, res);
+        }
+        const realmRoles = (user?.realm_access?.roles ?? []).map((r) => r.toUpperCase());
+        const clientRoles = Object.values(user?.resource_access ?? {})
+            .flatMap((r) => r.roles ?? [])
+            .map((r) => r.toUpperCase());
+        const allowedUpper = allowedRoles.map(r => r.toUpperCase());
+        const allRoles = [...realmRoles, ...clientRoles];
+        const hasAccess = allowedUpper.some((role) => allRoles.includes(role));
+        if (!hasAccess) {
+            return RestResponse.accessDenied(req, res);
+        }
+        next();
+    };
+};
 const success = (req, res, data, message = null) => {
     res.status(200).json({ data, message });
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "response-standardizer",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "Express middleware to standardize API responses",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -18,17 +18,17 @@
     "url": "https://gitlab.com/dezhnevesht-archive-software/response-standardizer/issues"
   },
   "homepage": "https://gitlab.com/dezhnevesht-archive-software/response-standardizer#readme",
-  
   "peerDependencies": {
     "express": "^4 || ^5"
   },
-
   "dependencies": {
+    "axios": "^1.13.2",
+    "jsonwebtoken": "^9.0.2",
     "uuid": "^9.0.1"
   },
-
   "devDependencies": {
     "@types/express": "^5.0.5",
+    "@types/jsonwebtoken": "^9.0.10",
     "@types/uuid": "^10.0.0",
     "ts-node-dev": "^2.0.0",
     "typescript": "^5.9.3"

package/src/index.ts

@@ -1,6 +1,8 @@
 import { Request, Response, NextFunction } from "express";
 import { ErrorFields, PaginationMeta, StandardResponse, RestResponseFunctions, RestMiddlewareFunctions } from "./types.js";
 import { generateRequestId, getTimestamp } from "./utils.js";
+import axios from "axios";
+import jwt from "jsonwebtoken";
 declare global {
   namespace Express {
     interface Response {
@@ -14,6 +16,58 @@ declare global {
   }
 }
 
+async function getKeycloakPublicKey(): Promise<string> {
+  const realmUrl = `http://${process.env.KEYCLOAK_SERVICE??"localhost"}/realms/${process.env.KEYCLOAK_REALM??"master"}`;
+  console.log(`Keycloak PublicKey Url: ${realmUrl}`);
+  const resp = await axios.get(realmUrl);
+  const key = resp.data.public_key;
+  const pem = `-----BEGIN PUBLIC KEY-----\n${key.match(/.{1,64}/g)?.join("\n")}\n-----END PUBLIC KEY-----`;
+  return pem;
+}
+
+const KEYCLOAK_PUBLIC_KEY: any = await getKeycloakPublicKey();
+
+export const protect = (req: Request, res: Response, next: any) => {
+  const authHeader = req.headers["authorization"];
+  if (!authHeader)
+      return RestResponse.unauthorized(req, res)
+
+  const token = authHeader.split(" ")[1];
+  if (!token) 
+    return RestResponse.unauthorized(req, res, "Token malformed")
+
+  try {
+    const decoded = jwt.verify(token, KEYCLOAK_PUBLIC_KEY, { algorithms: ["RS256"] });
+    (req as any).user = decoded;
+    next();
+  } catch (err) {
+    console.error(err)
+    return RestResponse.unauthorized(req, res, "Token is not valid")
+  }
+}
+export const role = (allowedRoles: string[]) => {
+  return (req: any, res: any, next: any) => {
+    const user = req.user;
+    if (!user) {
+      return RestResponse.unauthorized(req, res);
+    }
+    const realmRoles: string[] = (user?.realm_access?.roles ?? []).map((r: string) => r.toUpperCase());
+    const clientRoles: string[] = Object.values(user?.resource_access ?? {})
+      .flatMap((r: any) => r.roles ?? [])
+      .map((r: string) => r.toUpperCase());
+    const allowedUpper = allowedRoles.map(r => r.toUpperCase());
+    const allRoles = [...realmRoles, ...clientRoles];
+    const hasAccess: boolean = allowedUpper.some((role: string) =>
+      allRoles.includes(role)
+    );
+    if (!hasAccess) {
+      return RestResponse.accessDenied(req, res)
+    }
+    next()
+  }
+  
+}
+
 const success = <T>(req: Request, res: Response, data: T, message: string | null = null) => {
     res.status(200).json({ data, message });
 };